arrow_backBack|MyBloom

Privacy Policy

Effective: March 2026

MyBloom ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. MyBloom is a global app available in English — we comply with GDPR (EU), CCPA (California), and equivalent privacy laws worldwide.

1. Data We Collect

When you use MyBloom, we collect:

  • Account data: email address, display name, authentication method (email/password or Google OAuth)
  • Health data: menstrual cycle dates, flow level, symptoms, mood, notes, basal body temperature, cervical mucus, ovulation test results
  • Pregnancy data: pregnancy start date, estimated due date, pregnancy history records
  • Garden data: flower names, earn dates, and Pixabay image URLs earned through daily logging
  • Profile settings: cycle length, period length, reminder preferences, theme preference, subscription tier

We do not collect your location, contacts, device identifiers, or any data beyond what you explicitly enter in the app.

2. How We Use Your Data

  • To provide cycle tracking, predictions, and insights personalised to you
  • To power your flower garden and daily affirmations
  • To send the optional weekly digest email (only if you enable it)
  • To process your subscription via Stripe (if you upgrade to Blossom)
  • To allow you to delete your account and all data at any time

We never sell, share, or rent your data to third parties.

3. Health Data

Menstrual and pregnancy data is sensitive health information. We treat it with the highest level of protection:

  • Stored in a secure PostgreSQL database (Supabase) with Row Level Security — only you can access your data
  • Encrypted in transit (HTTPS/TLS) and at rest
  • Never used for advertising, profiling, or shared with healthcare providers without your explicit consent
  • Never used to train AI or machine learning models

4. Third-Party Services

  • Supabase — database and authentication hosting. Data is stored on EU-region servers. Supabase Privacy Policy
  • Stripe — payment processing for Blossom subscriptions. We pass your email to Stripe; your card details are handled entirely by Stripe and never stored by us. Stripe Privacy Policy
  • Pixabay — flower images displayed in your garden. We store the image URL only; Pixabay may log the image request. Pixabay Privacy Policy
  • Google OAuth — optional sign-in method. If you sign in with Google, we receive your email and name from Google. Google Privacy Policy

5. Your Rights

Regardless of where you live, you have the right to:

  • Access — export a copy of all your data (Profile → Export My Data)
  • Correction — update your profile, cycle logs, or any data at any time
  • Deletion — permanently delete your account and all data (Profile → Delete Account)
  • Portability — download your data in JSON format for free (GDPR Article 20)
  • Withdraw consent — unsubscribe from the weekly digest at any time in Profile settings

For GDPR requests, CCPA "Do Not Sell My Personal Information" requests (we don't sell data, but we honour these requests), or any other privacy concern, contact us at privacy@norehan.dev. We respond within 30 days.

6. Data Retention

We keep your data for as long as your account is active. When you delete your account, all your data is permanently deleted from our database within 30 days. Stripe may retain payment records for tax and legal compliance (up to 7 years), governed by their own privacy policy.

7. Cookies & Local Storage

MyBloom uses:

  • Authentication cookies (Supabase session) — essential for keeping you logged in
  • Theme preference — stored in local storage
  • Service worker cache — for offline PWA functionality (caches app assets only, not personal data)

We do not use advertising, tracking, or analytics cookies.

8. Children

MyBloom is designed for users aged 13 and above. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it immediately.

9. Changes to This Policy

If we make material changes, we will notify you by email and update the effective date above. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at privacy@norehan.dev.

Privacy PolicyTerms of Service

© 2026 MyBloom. All rights reserved.