← Back to Bloom

Privacy Policy

Last Updated: February 21, 2026 · Effective Date: February 21, 2026

Summary (TL;DR)
  • Your data stays on your phone (local-first storage)
  • We're based in Korea (outside US jurisdiction)
  • End-to-end encrypted (we can't read your data)
  • Medical exports auto-delete (24 hours)
  • You control sharing (companion mode is opt-in)
  • No data selling (ever)
  • Minimal analytics (anonymous, optional)
  • No ads (clean, distraction-free experience)
  • You can delete everything (instantly, permanently)

Your health data, protected by design.

Regional Privacy Policies

We provide region-specific privacy policies that comply with local data protection laws:

Our Commitment to Your Privacy

Bloom is built on four core principles:

  1. Your data stays on your device – All health information is stored locally on your iPhone
  2. No server storage – We don't store your menstrual cycle or pregnancy data on our servers
  3. No accounts required – Use Bloom without creating an account or providing personal information
  4. No data selling, ever – We will never sell your health data to anyone
Privacy by design:

Bloom is built to protect your personal health data from unauthorized access. Your cycle data is yours alone.

Who We Are

Bloom is developed and operated by Ariadne Studio Works, based in Seoul, South Korea.

Why this matters for your privacy:

  • South Korea has strong personal data protection laws (PIPA - Personal Information Protection Act)
  • International data requests face higher legal barriers
  • We prioritize user privacy in all legal matters
  • Your health data benefits from Korea's robust privacy framework

Contact

Information We Collect

1. Health Data (Stored Locally Only)

Menstrual Cycle Data:

  • Period start and end dates
  • Flow intensity (light, moderate, heavy)
  • Cycle length and patterns
  • Ovulation tracking (BBT, LH tests, cervical mucus)

Pregnancy Data:

  • Estimated due date
  • Pregnancy symptoms and milestones
  • Prenatal appointments
  • Baby movement tracking

Symptoms and Moods:

  • Physical symptoms (cramps, headaches, bloating, etc.)
  • Mood patterns (anxiety, irritability, energy levels)
  • Notes and custom observations

Basal Body Temperature (BBT):

  • Daily temperature readings for fertility tracking
  • Ovulation confirmation
ALL of this data is stored ONLY on your iPhone using Apple's encrypted SwiftData framework.
We do NOT:
  • Upload your health data to our servers
  • Have access to read your cycle or pregnancy information
  • Store backups of your health data
  • Use your data for any purpose other than displaying it to you

2. Apple Health Integration (Optional)

What Bloom can access (only if you grant permission):

  • Read menstrual cycle data from Apple Health
  • Write period data to Apple Health for sync with other apps

Important:

  • This integration is optional - Bloom works without Apple Health
  • Data syncs directly on your device - no external servers involved
  • You control permissions in Settings → Privacy → Health
  • We do not have access to other Health data (steps, heart rate, etc.) unless you explicitly grant it

3. iCloud Backup (Optional)

If you enable iCloud backup:

  • Your Bloom data is encrypted before being sent to iCloud
  • Uses Apple's end-to-end encryption (we don't have the decryption key)
  • Only accessible via your Apple ID
  • Backup includes: cycle data, settings, notes

If you disable iCloud backup:

  • All data stays only on your iPhone
  • No cloud copy exists
  • Data will be lost if you lose your device (unless you export manually)

To disable: Settings → [Your Name] → iCloud → Bloom → Toggle OFF

4. Medical Export Data (Temporary Cloud Storage)

When you generate a QR code for your doctor:

Bloom temporarily uploads encrypted data to Apple CloudKit Public Database for 24 hours:

What gets uploaded:

  • Encrypted cycle/pregnancy data (AES-256 encryption)
  • Export format (FHIR, PDF, or CSV)
  • Expiration timestamp (24 hours)
  • Random unique token (no connection to your identity)

What does NOT get uploaded:

  • Your name (unless you manually added it to export)
  • Your Apple ID
  • Your location
  • Any unencrypted data
Encryption key:
  • The decryption key is ONLY in the QR code URL
  • We do NOT store the decryption key
  • Even we cannot decrypt your medical export data

Automatic deletion:

  • All medical export data is automatically deleted after 24 hours
  • No manual action required
  • Cannot be recovered after deletion

Where data is stored:

  • Apple CloudKit servers (US-based infrastructure)
  • Subject to Apple's privacy policy and encryption standards
  • See: apple.com/legal/privacy

5. Companion Mode Data Sharing (Optional)

If you invite a companion (partner, doula, family member):

What you can share:

  • Pregnancy updates (week-by-week symptoms, appointments)
  • Baby movement tracking
  • Prenatal visit notes
  • (You choose exactly what to share)

How sharing works:

  • Data syncs via Apple CloudKit Private Database (your iCloud account)
  • End-to-end encrypted between your device and companion's device
  • Companion must accept invitation
  • You can revoke access anytime

What Bloom does NOT see:

  • We cannot read the shared data (end-to-end encrypted)
  • We don't track who you share with
  • We don't store companion relationships

6. Analytics (Anonymous, Optional)

We collect anonymous analytics to improve Bloom:

What we collect:

  • App crashes and errors (no health data)
  • Feature usage (e.g., "user generated medical export")
  • Device type (iPhone 15, iOS 18.2)
  • Country/region (for localization)

What we do NOT collect:

  • Your health data (periods, symptoms, pregnancy info)
  • Personally identifiable information
  • IP addresses (anonymized)
  • Location data beyond country-level

Analytics tool: Apple App Analytics (built into App Store Connect)

Opt-out: Settings → Privacy → Analytics & Improvements → Share iPhone Analytics → Toggle OFF

How We Use Your Information

Data Usage Summary

Data Type Stored Where Used For Shared With
Cycle/Pregnancy Data Your iPhone only Display, predictions, insights No one (unless you export)
Apple Health Data Your iPhone (Apple Health) Sync with Bloom No one
iCloud Backup Apple iCloud (encrypted) Backup/restore No one (encrypted)
Medical Exports CloudKit (24 hours, encrypted) Doctor sharing Person who scans QR code
Companion Data CloudKit (encrypted) Partner sharing Your invited companion
Analytics Apple (anonymized) App improvements Apple only

What We Do With Your Data

WE DO:
  • Display your cycle history and predictions
  • Generate personalized insights (e.g., average cycle length)
  • Send on-device notifications (period reminders, no external servers)
  • Create medical reports (FHIR, PDF, CSV) for your doctor
  • Sync with Apple Health (if you enable it)
  • Allow you to share with companions (if you invite them)
WE DO NOT:
  • Sell your data to anyone (EVER)
  • Show ads or create advertising profiles
  • Train AI/ML models with your data
  • Share with insurance companies
  • Share with employers
  • Share with third-party apps
  • Use your data to make decisions about you
  • Access your data without your explicit action (like generating export)

Data Storage and Security

Local Storage (Primary)

All health data is stored using:

  • SwiftData with encrypted local database
  • Apple Keychain for sensitive settings (app lock PIN)
  • On-device encryption (iOS file-level encryption)

Security features:

  • Biometric authentication (Face ID / Touch ID) app lock
  • Encrypted database (cannot be read even if phone is jailbroken)
  • No network transmission (unless you export data)

Cloud Storage (Optional)

iCloud Backup:

CloudKit (Medical Exports & Companion Mode):

  • Encrypted before transmission (AES-256-GCM)
  • Decryption key never stored on servers
  • Automatic deletion (medical exports: 24 hours)
  • Subject to Apple CloudKit security standards

Security Measures

To protect your data, we implement:

  • End-to-end encryption for all cloud data
  • Local-first architecture (minimize cloud dependency)
  • Automatic data expiration (medical exports)
  • Biometric app lock
  • Secure coding practices (no plaintext storage)
  • Regular security audits (planned)
  • Open source roadmap (2026 - for community security review)
What to do if your phone is lost/stolen:
  1. Use Find My iPhone to remotely wipe device
  2. Your iCloud backup remains safe (encrypted)
  3. Medical exports auto-delete after 24 hours
  4. Companion access can be revoked via iCloud.com

Third-Party Services

1. Apple Services

We integrate with Apple-provided services:

  • Apple Health (optional) - Sync menstrual data
  • iCloud (optional) - Encrypted backup
  • CloudKit (for medical exports & companion mode)
  • Push Notifications (on-device, no external server)

Apple's Privacy Policy: apple.com/legal/privacy

2. No Other Third Parties

We do NOT use:
  • Facebook SDK / Meta Pixel
  • Google Analytics (except Apple's built-in App Analytics)
  • Data brokers
  • Marketing platforms
  • Any other third-party SDKs

Your Rights and Choices

Access Your Data

View all your data in-app:

  • Calendar view (all logged cycles/pregnancy data)
  • Settings → Data Export

Export your data:

  • FHIR JSON (medical standard format)
  • PDF (printable report)
  • CSV (spreadsheet format)

Delete Your Data

To delete all data:

  1. Settings → Advanced → Delete All Data
  2. Confirm deletion
  3. All local data immediately deleted
  4. iCloud backup deleted within 24 hours
  5. Active medical exports remain until 24-hour expiration
  6. Companion shares are revoked
Important:
  • Deletion is permanent and irreversible
  • We cannot recover deleted data
  • If you have iCloud backup enabled, delete from iCloud manually: iCloud.com → Account Settings → Manage Storage → Bloom → Delete

Control iCloud Backup

To disable iCloud backup: Settings → [Your Name] → iCloud → Bloom → Toggle OFF

To delete iCloud backup: iCloud.com → Account Settings → Manage Storage → Bloom → Delete

Control Apple Health Sync

To disable Health sync: Settings → Privacy → Health → Bloom → Toggle OFF permissions

To delete Health data written by Bloom: Health app → Browse → Cycle Tracking → Data Sources → Bloom → Delete All Data

Control Companion Access

To revoke companion access:

  1. Settings → Companion Mode → Manage Companions
  2. Select companion
  3. Tap "Revoke Access"
  4. Confirm

Effect: Companion immediately loses access to your data. Previously synced data on their device is deleted. They receive notification access was revoked.

Opt-Out of Analytics

To disable analytics: Settings → Privacy → Analytics & Improvements → Share iPhone Analytics → Toggle OFF

Children's Privacy

Age requirement: Bloom is intended for users 13 years and older.

Why:

  • Menstrual cycle tracking typically begins in teenage years
  • Pregnancy tracking requires maturity to understand
  • Apple App Store age rating: 12+ (reproductive health content)

We do not knowingly collect data from children under 13.

If you are under 13, please do not use Bloom. If we discover a user is under 13, we will delete their data immediately.

For parents:

  • Use Screen Time to restrict app access for children under 13
  • Review Apple's Family Sharing controls

International Users

Data Residency

Where your data is stored:

Data Type Location Reason
Local health data Your iPhone (wherever you are) Local-first design
iCloud backup Apple's servers (varies by region) Apple manages location
Medical exports (24h) Apple CloudKit (US servers) Apple CloudKit infrastructure
Companion data Apple CloudKit (US servers) Apple CloudKit infrastructure

Important for international users:

  • Your local data never leaves your device (regardless of location)
  • If you use iCloud, Apple determines storage location based on your Apple ID country
  • Medical exports and companion data use Apple CloudKit US servers (24-hour retention only)

Legal Jurisdiction

Bloom is operated from South Korea.

What this means:

  • We are subject to Korean law (PIPA - Personal Information Protection Act)
  • We are NOT directly subject to US law (HIPAA, CLOUD Act, etc.)
  • US law enforcement requests require MLAT (Mutual Legal Assistance Treaty)
  • MLAT requests require: serious crime designation, Korean court approval, treaty compliance
For US users in restrictive states:
  • Your local data is protected by Korean jurisdiction (we cannot be compelled by US subpoenas)
  • However: Apple iCloud and CloudKit ARE subject to US law (Apple is US company)
  • For maximum privacy: Disable iCloud backup, use medical exports sparingly

For EU users:

  • PIPA (Korean law) provides similar protections to GDPR
  • You have rights: access, deletion, portability, rectification
  • Contact us to exercise GDPR-equivalent rights

California Residents (CCPA)

If you are a California resident, you have additional rights:

Right to Know

You can request what personal information we collect, how we use it, and who we share it with.

Our answer:

  • Health data: Stored locally, not collected by us
  • Analytics: Anonymous usage data (cannot identify you)
  • Ad data: Device type, app ID (no health data)
  • Sharing: We don't sell or share your health data

Right to Delete

You can request deletion of your data.

How to delete: Settings → Advanced → Delete All Data (instant). For iCloud backup: iCloud.com → Manage Storage → Bloom → Delete

Right to Opt-Out of Sale

We do NOT sell your data. There is no opt-out needed because we never sell data in the first place.

Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Contact for CCPA requests: [email protected]

European Residents (GDPR)

If you are in the EU/EEA/UK, you have rights under GDPR:

Legal Basis for Processing

We process your data based on:

  • Consent (you choose to use Bloom)
  • Legitimate interest (providing period/pregnancy tracking)

Your GDPR Rights

  1. Right to Access - Request copy of your data. Export via Settings → Data Export (FHIR, PDF, CSV)
  2. Right to Rectification - Correct inaccurate data. Edit in-app: tap any logged day → Edit
  3. Right to Erasure (Right to be Forgotten) - Delete all your data. Settings → Advanced → Delete All Data
  4. Right to Data Portability - Export in machine-readable format. FHIR JSON (standard medical format)
  5. Right to Object - Object to analytics: Disable in iPhone Settings
  6. Right to Withdraw Consent - Stop using Bloom (delete app). Revoke permissions (Health, iCloud)

Data Controller

Ariadne Studio Works
Seoul, South Korea
Email: [email protected]

Supervisory Authority

If you believe we've violated GDPR, you can file a complaint with:

  • Your local data protection authority (EU country where you reside)
  • Korean Personal Information Protection Commission (our jurisdiction)

Data Retention

How Long We Keep Data

Data Type Retention Period Deletion Method
Local health data Until you delete app or manually delete User-initiated deletion
iCloud backup Until you delete backup or disable iCloud Apple automatic deletion
Medical exports (QR) 24 hours Automatic deletion (hardcoded)
Companion shared data Until you revoke access Immediate deletion on revocation
Analytics (anonymous) 90 days Apple automatic deletion

Automatic Deletion

Medical exports: Hardcoded 24-hour expiration. Cannot be extended. Automatic deletion runs every hour.

Companion data: Deleted when you revoke access. Deleted when companion deletes app. Deleted when companion deletes their account.

Analytics: Apple automatically deletes after 90 days. We do not control retention period.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • New features (e.g., new export formats)
  • Legal compliance (new regulations)
  • User feedback (clarifications)

When we make changes:

  1. We will update the "Last Updated" date at the top
  2. We will notify you via in-app banner (for material changes)
  3. Continued use = acceptance of updated policy

Major changes (e.g., changing how we handle health data) will require explicit consent via in-app prompt.

Review regularly: We recommend checking this policy periodically.

Security Incidents

In the event of a data breach:

  1. We will investigate within 24 hours
  2. We will notify affected users via in-app notification + email (if we have it)
  3. We will notify authorities as required by Korean law (PIPA) and EU law (GDPR)
  4. We will provide details: What data was affected, what we're doing, how to protect yourself
However: Due to our local-first + end-to-end encryption design:
  • A breach of our servers would yield only encrypted data (unusable without keys)
  • We do not have decryption keys for medical exports or companion data
  • Local device data requires physical access to your iPhone (protected by iOS encryption)

Report a security issue: [email protected]

Medical Disclaimer

Bloom is NOT a medical device.
  • Not intended for pregnancy prevention or contraception
  • Not a substitute for professional medical advice
  • Cycle predictions are estimates (not guarantees)
  • Always consult your healthcare provider

FDA Status: Bloom is not FDA-approved (not required for period tracking apps).

Accuracy: We cannot guarantee 100% accuracy of predictions or medical exports.

Contact Us

Questions about this Privacy Policy?

Mailing Address:
Ariadne Studio Works
Seoul, South Korea

Response time: We aim to respond within 7 business days.

© 2025 Ariadne Studio Works. All rights reserved.