🔒 Privacy Policy

⚠️ Hosted vs. Self-Hosted — Be Informed

Bloom is open-source software designed to be self-hosted. If you self-host Bloom on your own device, your data never leaves your machine — that's the gold standard for privacy.

If you're using a hosted instance (like this website), your data lives on someone else's server. While we take every precaution to protect it, you should understand the tradeoffs:

• 🏠 Self-hosted = full privacy. Data on your hardware, under your control. No one else can access it.
• 🌐 Hosted = convenient, but the server operator could technically access the database. You're trusting them.
• 🔐 We encrypt the database at rest and use secure connections (HTTPS), but no hosted service can guarantee the same level of privacy as running it yourself.
• 📖 Bloom is fully open-source — you can verify exactly what the code does, and spin up your own instance anytime.

Our honest recommendation: If your cycle data privacy is critical to you, self-host Bloom. It takes about 5 minutes.

📍 How Your Data is Stored

Bloom stores all data in a single SQLite database file on the server running the app. There is no syncing to external cloud services, no third-party databases, and no data warehouses.

• ✅ Data stored in a single SQLite file — not spread across services
• ✅ No third-party databases, analytics platforms, or data brokers
• ✅ Optional AES-256-GCM encryption at rest with a user-provided key
• 🏠 Self-hosted: Your data stays on your own hardware — nobody else can access it
• 🌐 Hosted: Your data lives on the server operator's machine — convenient, but you're trusting them with your data

🚫 What Bloom Does NOT Do

• ❌ No AI prediction — Bloom uses transparent mathematical formulas, not opaque machine learning models
• ❌ No cloud sync — Your data is not synced to any external cloud service or third-party server
• ❌ No data selling — Your cycle data is yours alone. Period.
• ❌ No ads — ever
• ❌ No analytics or tracking scripts — no Google Analytics, no pixels, nothing
• ❌ No social media integrations
• ❌ No cookies for tracking — only a session cookie for login
• ❌ No upselling — no premium features behind paywalls
• ❌ No medical claims — Bloom is an awareness tool, not a medical device. Always consult healthcare providers for medical decisions

🔐 Security

• 🔑 Passwords are hashed with bcrypt (industry standard)
• 🍪 Sessions use secure, HttpOnly cookies
• 🛡️ Security headers protect against common web attacks (XSS, clickjacking, MIME sniffing)
• 🔒 Camera, microphone, and geolocation access are blocked by default
• 🗄️ Optional database-at-rest encryption (AES-256-GCM with PBKDF2 key derivation)
• 🔐 Encrypted backups use AES-256-GCM with a password you choose (never stored)

📧 Email Notifications

If you choose to enable partner email notifications:

• 📤 Emails are sent through the server operator's configured email service — no third-party marketing platforms
• ⚙️ You control this feature entirely — it's off by default
• 🙅 Email content is generated on the server, never stored externally
• ⚠️ On a hosted instance, the server operator's email service will process the email content. Self-host for maximum privacy.

📦 Your Rights

You have complete control over your data:

• 📥 Export anytime — download all your data as CSV or JSON from Settings
• 🗑️ Delete anytime — permanently wipe your account and all associated data from Settings
• 👤 Update anytime — change your settings, pronouns, and preferences whenever you want
• 🚚 Migrate anytime — export your data and import it into your own self-hosted instance

💛 Why This Matters

Period data is deeply personal. In a world where health apps have been caught selling data, sharing with advertisers, or handing records to authorities — Bloom takes a different approach.

We built Bloom as open-source software so you don't have to trust us — you can verify. The code is public. The math is documented. And you can always run it yourself.

Your body, your data, your choice. Always.