Privacy Policy

iBloom ("we", "us", "our") is committed to protecting your privacy. This policy explains how we handle your data.

1. Your Data Stays on Your Device

iBloom stores your health data (cycle logs, symptoms, mood, appointments, medications, BBT, blood pressure, weight, and notes) in your browser's local storage. We cannot access, read, or sell this data.

If you create an account and use cloud backup, your data is encrypted with AES-256-GCM before leaving your device. The encryption key is derived from your password — we cannot decrypt your backup even if compelled.

2. What We Collect

Account information (if you sign up):

• Email address — used for account identification, premium status sync, and partner sharing
• Password — stored as a SHA-256 hash, never in plain text

AI chat queries:

• When you ask iBloom AI a question, your query is sent to our Cloudflare Worker which forwards it to Google Gemini or OpenRouter (OpenAI gpt-4o-mini)
• These providers process your query to generate a response. They may retain queries per their own privacy policies
• We do not store your AI conversations on our servers. Conversation history is stored locally on your device only

Analytics (privacy-friendly):

• We use Plausible Analytics — no cookies, no personal data, no tracking across sites
• We collect: page views, country (approximate), device type. That's it.

3. What We Do NOT Collect

• We do NOT read your health data (cycle, symptoms, mood, etc.)
• We do NOT sell any data to third parties
• We do NOT show ads
• We do NOT use cookies or tracking pixels
• We do NOT share data with insurance companies, employers, or data brokers
• We do NOT fingerprint your browser

4. Third-Party Services

• Google Gemini — processes AI chat queries. Google AI Terms
• OpenRouter / OpenAI — processes AI chat queries (fallback). OpenRouter Privacy
• Polar.sh — handles subscription payments. Polar Privacy
• Cloudflare — hosts our backend worker and KV storage. Cloudflare Privacy
• Railway — hosts the web application. Railway Privacy
• Plausible — privacy-friendly analytics. Plausible Privacy

5. Data Encryption

Cloud backups use AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations). Your password is the encryption key — without it, your data cannot be decrypted by anyone, including us.

Passwords are hashed with SHA-256 before storage. We never store or transmit plain-text passwords.

6. Your Rights

• Access: All your data is on your device — you have full access at all times
• Export: You can export all data as JSON from the Account tab
• Delete: You can delete all data from Account → Settings → Delete All Data
• Portability: Export your data and use it however you wish

7. Children's Privacy

iBloom is not intended for children under 13. We do not knowingly collect data from children.

8. iBloom Care — Provider Data Sharing

iBloom Care allows licensed healthcare providers to request read access to specific categories of your health data. Here's how your privacy is protected:

• Consent-based: No provider can access your data without your explicit approval. You choose which data categories to share and can revoke access instantly
• Audit-logged: Every time a provider reads your data, we log their identity (NPI), what they accessed, and the timestamp. You can view your full audit trail anytime
• Scoped access: Providers can only read the specific categories you consented to (e.g., cycle data but not journal entries). They cannot access anything beyond your selection
• No data copying: Providers read your data on demand through our secure API. Your data is not duplicated into a separate provider system
• Instant revocation: When you revoke a provider, their access token is invalidated immediately. Their next request will be denied
• Provider identity: Providers must verify their NPI (National Provider Identifier) through iBloom Care before requesting patient access

Provider conduct after accessing your data is governed by their own HIPAA obligations and professional standards. iBloom provides the access control and audit infrastructure but is not a HIPAA Covered Entity.

9. Medical Disclaimer

iBloom is a health tracking tool, not a medical device. AI responses are for informational purposes only and should not replace professional medical advice. Always consult your healthcare provider for medical decisions.

10. Changes to This Policy

We may update this policy. Changes will be posted here with an updated date. Continued use of iBloom after changes constitutes acceptance.

11. Contact

Questions about privacy? Email us at [email protected]

iBloom — Your body. Your data. Your phone.