Privacy Policy (European Union)

Effective Date: February 24, 2026 · Last Updated: February 24, 2026

GDPR Compliance

This Privacy Policy applies to users in the European Union and complies with the General Data Protection Regulation (GDPR) (EU) 2016/679.

Regional Privacy Policies

Data Controller Information

  • Company Name: Ariadne Studio Works
  • Contact Email: [email protected]
  • Privacy Inquiries: Subject line "Privacy - EU"

About This Policy

This Privacy Policy explains how Bloom collects, uses, processes, and protects your personal data. We are committed to protecting your privacy and complying with all applicable data protection laws.

1. What Personal Data We Collect (Article 13/14 GDPR)

Bloom is a local-first menstrual cycle tracking application. All your health data is stored locally on your device by default.

1.1 Health Data You Provide

  • Menstrual cycle information (period start/end dates, cycle length, flow intensity)
  • Physical symptoms (cramps, headaches, fatigue, etc.)
  • Emotional states and moods
  • Basal body temperature (BBT) readings
  • Sexual activity tracking
  • Pregnancy tracking (if applicable)
  • Custom notes and observations
  • App settings and preferences

Legal Basis: Consent (Article 6(1)(a) GDPR) - You explicitly provide this information for cycle tracking purposes.

1.2 Technical Data (Stored Locally)

  • Device identifier (stored in iOS Keychain for audit logging)
  • App version and operating system
  • App usage timestamps for audit trail
  • Crash reports (anonymous, opt-in only)

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR) - Necessary for app functionality and security.

1.3 Data We Do NOT Collect

  • We do not collect your name, email, phone number, or contact information
  • We do not collect your location data
  • We do not collect payment information (handled by Apple)
  • We do not collect browsing history or cookies
  • We do not use tracking pixels or analytics by default

2. How We Use Your Personal Data (Purpose Limitation)

We process your personal data only for the following specific, explicit, and legitimate purposes:

2.1 Core App Functionality (Consent)

  • Display your cycle calendar and history
  • Generate cycle predictions based on your data
  • Create insights and pattern analysis
  • Provide phase-based health recommendations
  • Send notifications (if you enable them)

2.2 Health Data Export (Consent - Per Export)

  • Generate medical reports in FHIR R4, PDF, or CSV format
  • Each export requires explicit biometric consent
  • Data is prepared for your healthcare provider

2.3 Companion Sharing (Consent - Per Companion)

  • Share specific health data with invited companions via CloudKit
  • Requires explicit biometric consent per companion
  • You control which data categories are shared
  • You can revoke access at any time

2.4 Apple HealthKit Sync (Consent - Optional)

  • Sync cycle data with Apple HealthKit (if you enable it)
  • Read menstrual health data from HealthKit
  • Write cycle predictions to HealthKit
  • Controlled via iOS HealthKit permissions

2.5 Security and Accountability (Legitimate Interest)

  • Audit logging of data access events
  • Security monitoring for unauthorized access attempts
  • Compliance with legal obligations

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Data Type Legal Basis GDPR Article
Cycle health data Consent Article 6(1)(a)
Companion sharing Consent Article 6(1)(a)
Medical exports Consent Article 6(1)(a)
Audit logs Legitimate interest Article 6(1)(f)
Security measures Legitimate interest Article 6(1)(f)
Legal compliance Legal obligation Article 6(1)(c)
Special Category Data (Article 9 GDPR)

Your menstrual health data is considered "special category" sensitive data. We process this data based on your explicit consent (Article 9(2)(a) GDPR).

4. Your Rights Under GDPR

You have the following rights regarding your personal data:

4.1 Right of Access (Article 15)

You can request confirmation that we are processing your data and obtain a copy of your personal data. Bloom provides instant export in multiple formats:

  • FHIR R4 (healthcare interoperability standard)
  • PDF medical reports
  • CSV spreadsheets for analysis
  • JSON structured data

How to Exercise: Settings → Medical Export → Select Format

4.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data at any time within the app.

How to Exercise: Edit any entry in the app (Calendar, Symptoms, Moods, etc.)

4.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data. In Bloom, this is immediate and permanent.

How to Exercise: Settings → Data & Privacy → Delete All Data

Note: We retain audit logs for 2 years for accountability purposes (legitimate interest), but these do not contain your health data.

4.4 Right to Restriction of Processing (Article 18)

You can request limitation of processing while verifying accuracy or assessing lawfulness.

How to Exercise: Disable specific features in Settings (HealthKit sync, notifications, companion sharing)

4.5 Right to Data Portability (Article 20)

You can receive your data in a structured, commonly used, machine-readable format (FHIR R4, JSON, CSV) and transmit it to another service.

How to Exercise: Settings → Medical Export → FHIR R4 or JSON

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests. For Bloom, most processing is based on your consent, which you can withdraw.

How to Exercise: Settings → Data & Privacy → Manage Consent

4.7 Right to Withdraw Consent

You can withdraw consent at any time without affecting prior lawful processing.

How to Exercise:

  • Companion sharing: Settings → Companion Access → Revoke Access
  • HealthKit sync: iOS Settings → Health → Data Access & Devices → Bloom → Turn Off
  • Notifications: Settings → Notifications → Disable
  • Analytics: Settings → Privacy → Analytics → Opt Out

4.8 Right Not to Be Subject to Automated Decision-Making (Article 22)

Bloom's cycle predictions are estimates only and do not constitute automated decision-making with legal or significant effects. You remain in full control of all decisions.

4.9 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you can file a complaint with your national Data Protection Authority (DPA).

Find Your Data Protection Authority

5. Data Security Measures (Article 32 GDPR)

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

5.1 Technical Measures

  • Encryption at Rest: iOS File Protection encrypts all app data using device keys
  • Keychain Security: Sensitive identifiers stored in iOS Keychain (AES-256)
  • Biometric Authentication: Face ID / Touch ID for data sharing and exports
  • End-to-End Encryption: CloudKit sharing uses Apple's E2EE (AES-256)
  • No Server Storage: All data stored locally on your device in the EU

5.2 Organizational Measures

  • Privacy by Design: Local-first architecture, no cloud uploads
  • Access Controls: App lock, discreet mode, companion permissions
  • Audit Logging: All data access events logged for accountability
  • Incident Response: Security event monitoring and breach notification procedures
  • Data Minimization: We collect only data necessary for app functionality

5.3 Third-Party Processors

We do not use third-party data processors. Your data remains exclusively:

  1. On your device (local SQLite database)
  2. In your private iCloud account (if you use companion sharing - Apple is the processor)

6. Data Retention (Article 5(1)(e) GDPR)

We retain personal data only for as long as necessary for the purposes for which it was collected:

6.1 Your Health Data

Retention Period: Indefinitely, until you choose to delete it

Justification: Your cycle data is ongoing health information that you control. Longer history improves prediction accuracy.

Your Control: Delete all data at any time in Settings

6.2 Audit Logs

Retention Period: 2 years from the date of the logged event

Justification: Accountability, security monitoring, GDPR compliance (Article 5(2))

Legal Basis: Legitimate interest

Content: Access events, consent records, sharing activities (no health data details)

6.3 After Deletion

When you delete all data from Bloom:

  • All health information is immediately and permanently erased
  • Audit logs are deleted
  • App preferences are reset
  • Action is irreversible

7. Data Sharing and Disclosure

7.1 No Third-Party Sharing

We do not sell, rent, or share your personal data with third parties for marketing, advertising, or commercial purposes.

7.2 Sharing You Control

Companion Sharing (CloudKit):

  • You invite companions via secure share codes
  • You choose which data categories to share
  • Data stored in your private iCloud account (Apple as processor)
  • You can revoke access at any time

Medical Exports:

  • You generate reports to share with healthcare providers
  • Each export requires biometric consent
  • You control the format and recipient

7.3 Apple as Processor

If you use CloudKit sharing or HealthKit, Apple acts as a data processor under GDPR. Apple's Data Processing Addendum and privacy policies apply.

7.4 Legal Obligations

We may disclose personal data if required by EU or member state law, such as:

  • Court orders or legal proceedings
  • Requests from competent supervisory authorities
  • Protection of vital interests (life-threatening emergencies)

We will notify you of such requests unless prohibited by law.

8. International Data Transfers (Article 44-50 GDPR)

Your health data remains on your device within the European Union. We do not transfer personal data outside the EU/EEA.

CloudKit Sharing: If you share with a companion in a non-EU country, data is stored in your private iCloud account. Apple ensures adequate safeguards for international transfers.

No US Servers: Unlike many health apps, Bloom does not upload your data to US-based servers.

9. Children's Privacy

Bloom is designed for menstruating individuals of all ages. We do not knowingly process personal data of children under 16 without parental consent, as required by GDPR Article 8.

If you are under 16, please use Bloom with a parent or guardian's knowledge and consent.

10. Automated Decision-Making and Profiling

Bloom does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you (Article 22 GDPR).

Cycle Predictions: Algorithm-based predictions are estimates for informational purposes only. They do not make decisions about contraception, fertility, or medical treatment. You remain in full control.

11. Data Protection Impact Assessment (DPIA)

Under Article 35 GDPR, we have assessed the privacy risks of Bloom:

DPIA Summary
  • High Risk Processing: Menstrual health data is special category data (Article 9)
  • Mitigation: Local-first architecture, no cloud uploads, encryption, consent-based sharing
  • Residual Risk: Low - Data remains on user's device under their control

Conclusion: Bloom's privacy-preserving design minimizes risks to data subjects.

12. Data Controller Contact

Data Controller:
Ariadne Studio Works
[email protected]

For all privacy inquiries, data subject rights requests, or complaints:

  • Email: [email protected]
  • Subject Line: "GDPR Rights - [Your Request]"
  • Response Time: Within 30 days (Article 12(3) GDPR)

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes through the app.

Your Rights: Continued use after changes constitutes acceptance. You can withdraw consent at any time.

14. Your Consent

By using Bloom in the European Union, you provide explicit consent (Article 9(2)(a) GDPR) for the processing of your special category health data as described in this Privacy Policy.

You can withdraw your consent at any time by:

  • Revoking specific permissions in Settings
  • Deleting your data
  • Uninstalling the app

Withdrawal does not affect the lawfulness of processing before withdrawal.

15. Legal Basis Summary

For transparency under GDPR Article 13, here is a summary of our data processing:

Processing Activity Legal Basis GDPR Article Retention
Cycle tracking Explicit consent 9(2)(a) Until deletion
Companion sharing Explicit consent 9(2)(a) Until revoked
Medical exports Explicit consent 9(2)(a) Per export
HealthKit sync Explicit consent 9(2)(a) Until disabled
Audit logging Legitimate interest 6(1)(f) 2 years
Security measures Legitimate interest 6(1)(f) Until deletion

16. Compliance Statement

Bloom is designed to comply with:

  • GDPR (EU) 2016/679 - General Data Protection Regulation
  • ePrivacy Directive 2002/58/EC (as amended)
  • National data protection laws of EU member states

Medical Device Regulation: Bloom is not a medical device under MDR (EU) 2017/745. It is a wellness app for personal use only.

Bloom is developed by Ariadne Studio Works
Local-first, privacy-preserving menstrual health tracking
For personal use only - not a medical device
Your data, your device, your control