← Bloomiya home

Privacy Policy

Effective: July 8, 2026 · Version 1.0.1 · Last updated: July 9, 2026

Change history
Contents
  1. Introduction
  2. Who We Are and How to Contact Us
  3. Scope and Geographic Availability
  4. Information We Collect
  5. Sensitive Information and Consumer Health Data
  6. How We Use Information
  7. Bloom Buddy and AI Features
  8. Living Proof Protocol and Automated Processing
  9. How We Share Information
  10. Reproductive and Cycle-Tracking Data
  11. Biometric Information
  12. Children and Teen Users
  13. Marketing Communications
  14. Data Retention
  15. How We Protect Information
  16. Cookies and Similar Technologies
  17. Your Privacy Rights
  18. California Privacy Notice
  19. Washington and Other Consumer Health Data Rights
  20. Canadian Privacy Rights
  21. UK, EU, EEA, and International Visitors
  22. Third-Party Services
  23. Account Deletion
  24. Changes to This Privacy Policy
  25. Contact

1. Introduction

This Privacy Policy explains how Bloom AI Labs Inc., a Delaware corporation ("BLOOMIYA," "we," "us," or "our"), collects, uses, discloses, and safeguards information about you when you use the BLOOMIYA mobile application, website at https://bloomiya.ai, and related products, features, and services (collectively, the "Services").

BLOOMIYA is a wellness technology platform. We do not provide medical care, medical advice, diagnosis, or treatment. The consumer Services are not intended to be used as a substitute for advice from a licensed healthcare provider.

For the consumer Services, BLOOMIYA is not acting as a HIPAA covered entity or business associate unless a separate written agreement expressly states otherwise. We protect health-related data using HIPAA-aligned safeguards, including encryption, access controls, audit logging, and health-data handling controls.

By using the Services, you acknowledge that you have read this Privacy Policy. Where applicable law requires your consent for a specific processing activity, we will ask for it separately.

2. Who We Are and How to Contact Us

RoleContact
Data controllerBloom AI Labs Inc.
General contacthello@bloomiya.ai
Privacy requestsprivacy@bloomiya.ai
Security reportshello@bloomiya.ai with the subject line "Security"
Phone+1-984-220-5767
Websitehttps://bloomiya.ai

You may contact us at privacy@bloomiya.ai to exercise privacy rights, ask questions about this Privacy Policy, withdraw consent, or request information about how we handle your data.

3. Scope and Geographic Availability

This Privacy Policy applies to all users of the Services and visitors to the BLOOMIYA website.

The BLOOMIYA app is currently intended for users in the United States and Canada. BLOOMIYA may add additional jurisdictions in future releases. BLOOMIYA is not currently offered in India, and Accounts registered from India may be rejected or restricted.

If you access the website from outside the United States or Canada, you may still have privacy rights under your local law. We will respond to valid privacy requests as required by applicable law.

4. Information We Collect

We collect information in the categories below, depending on how you use the Services.

4.1 Information You Provide

Account information. This may include your name, email address, date of birth, country or region, U.S. state where applicable, optional phone number, optional gender, login credentials, and account preferences.

Profile and wellness inputs. This may include height, weight, activity goals, dietary preferences, self-reported meals, self-reported sleep, self-reported mood, and other information you choose to enter into the Services.

Photos and images. If you use features that involve your camera or photo library — such as meal photo logging (a photograph of your meal for AI nutrition analysis), profile picture upload, or identity verification (a photo of your government-issued ID) — we may collect and process the photos or images you capture or upload. Meal photos are processed to extract nutrition information and may be retained in your history until you delete them. Identity verification photos are handled by our identity verification subprocessor and retained per our KYC retention schedule in §14.

Health and wearable data. If you connect a wearable device, health app, or health platform, we may receive activity, heart rate, sleep, workout, mobility, recovery, and related wellness metrics from that service, subject to your device and platform permissions.

Cycle-tracking and reproductive data. If you affirmatively enable these features, we may collect cycle-tracking, pregnancy-related, or reproductive wellness information. These features are opt-in only.

Identity verification information. For fraud prevention, sanctions screening, redemption-integrity, or legal compliance purposes, we may ask you to complete identity verification before certain redemptions or account actions. This may include government-issued identification information or verification results processed by a service provider.

Parent or guardian information. If a parent or guardian consent flow is enabled, we may collect information needed to verify parental consent, administer a minor's account, or respond to parent or guardian requests.

Communications. We collect information you send through email, support forms, phone calls, surveys, waitlists, contact forms, in-app support, or chat features, including Bloom Buddy conversations.

Payment information. BLOOMIYA does not charge users in v1.0 and does not directly process payment-card information. If paid features or in-app purchases are introduced, payment processing will be handled by an appropriate payment provider or app-store platform, and this Privacy Policy will be updated as needed.

4.2 Information Collected Automatically

Device and app information. We may collect device type, operating system, app version, browser type, IP address, device identifiers, language settings, time zone, session timestamps, crash logs, diagnostics, and similar technical information.

Usage information. We may collect information about screens viewed, features used, buttons clicked, session duration, referral source, and interactions with the Services.

Location information. We may infer approximate location from IP address. If you enable precise location permissions, we may collect precise location only for the features you enable and only in accordance with your device settings.

Living Proof Protocol signals. To protect reward integrity and reduce fraud, we may process behavioral, device, activity, timing, motion, location-context, and variance signals. Where you opt in, we may also process biometric-related signals such as voice embeddings or behavioral biometrics.

Cookies and similar technologies. Our website uses essential cookies and, where you consent, analytics cookies. See Section 16.

4.3 Information From Third Parties

We may receive information from:

5. Sensitive Information and Consumer Health Data

Some information we collect may be considered sensitive personal information, special-category personal data, biometric information, or consumer health data under applicable law. This may include:

We use sensitive information only for the purposes described in this Privacy Policy, including providing the Services, operating SubCoin rewards, preventing fraud, securing accounts, complying with law, and supporting features you choose to enable. We do not sell sensitive information. We do not share sensitive information for cross-context behavioral advertising.

6. How We Use Information

We use information for the following purposes:

PurposeExamples of information used
Create and administer your AccountAccount information, login credentials, preferences
Provide core wellness featuresProfile inputs, wearable data, wellness inputs, Bloom Buddy interactions
Operate SubCoin rewardsVerified activity, LPP confidence, redemption history, fraud-prevention signals
Verify identity and prevent fraudIdentity verification results, device data, behavioral signals, account activity
Personalize the ServicesGoals, preferences, usage patterns, wellness inputs
Provide supportContact details, support messages, diagnostic information
Send service communicationsEmail address, phone number where enabled, account status
Send marketing where permittedEmail address, preferences, consent status
Improve the ServicesAggregated, de-identified, anonymized, or synthetic data; diagnostics; usage trends
Protect safety and securityLogs, device data, fraud signals, account activity
Comply with lawAccount, identity, transaction, consent, and audit records as required

We do not use your identifiable personal information to train third-party AI models for a provider's own purposes. We may use aggregated, de-identified, anonymized, or synthetic data to improve BLOOMIYA systems and models, subject to available consent and opt-out controls.

7. Bloom Buddy and AI Features

Bloom Buddy is a conversational AI wellness companion. Bloom Buddy is not a doctor, therapist, counselor, nutritionist, emergency responder, or substitute for a licensed professional.

We may process Bloom Buddy conversations to:

Where we use third-party AI or infrastructure providers to process AI interactions, those providers process information on our behalf. We do not authorize third-party AI providers to use your identifiable BLOOMIYA content to train their own models.

In an emergency, contact local emergency services immediately. In the United States, call 911. Do not rely on Bloom Buddy or BLOOMIYA support for emergency assistance.

8. Living Proof Protocol and Automated Processing

BLOOMIYA uses the Living Proof Protocol ("LPP") to help verify reward-eligible activity, reduce fraud, detect duplicate or manipulated accounts, and protect the integrity of SubCoin rewards.

LPP may process combinations of:

LPP outputs may be used to delay or restrict redemption, adjust earning confidence, trigger fraud review, request additional verification, or restrict Account activity.

If an automated LPP-related decision has a material effect on your account or redemption eligibility, you may request human review by contacting privacy@bloomiya.ai or using the in-app support flow where available.

9. How We Share Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We may share information with the following categories of recipients:

Service providers and subprocessors. We use providers for hosting, cloud infrastructure, security, analytics where consented, email delivery, support, identity verification, fraud prevention, crash reporting, and other operational services. These providers process information on our behalf under contractual restrictions.

Wearable and health-platform providers. If you connect or disconnect a third-party platform, information may flow according to your platform permissions and that provider's own terms and privacy policy.

Partner Catalog providers. If you redeem SubCoin for a partner-provided good or service, we may share only the information reasonably needed to fulfill that redemption, such as your name, delivery information, redemption details, or eligibility confirmation.

Legal and safety recipients. We may disclose information if we believe disclosure is required by law, valid legal process, regulatory request, security need, emergency, fraud investigation, or to protect the rights, safety, and integrity of BLOOMIYA, users, partners, or the public.

Business transfers. If BLOOMIYA is involved in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and privacy protections.

With your direction or consent. We may share information when you direct us to do so or give consent.

10. Reproductive and Cycle-Tracking Data

Cycle-tracking, pregnancy-related, and reproductive wellness features are opt-in only.

We do not sell reproductive data. We do not share reproductive data for cross-context behavioral advertising. We do not use reproductive data for advertising or marketing.

We use reproductive data only to provide features you enable, calculate relevant wellness insights, support your dashboard, improve safety and reliability, and comply with law.

We will not disclose reproductive data to law enforcement, government authorities, or civil litigants unless required by valid legal process or applicable law. Where legally permitted, we will use reasonable efforts to notify affected users before disclosure and to challenge invalid or overbroad requests.

If you disable a reproductive or cycle-tracking feature, we will delete related active feature data within a reasonable period, subject to legal, security, backup, and audit retention limits described in this Privacy Policy.

11. Biometric Information

BLOOMIYA may process biometric-related information only where enabled, required for a feature, or permitted by applicable law. This may include behavioral biometrics such as touch patterns, typing patterns, motion signatures, or voice embeddings used for verification and fraud prevention.

Where applicable law requires a specific biometric notice, consent, or written release, including for residents of Illinois, Texas, or Washington, we will provide the required notice and obtain required consent before collecting biometric identifiers or biometric information covered by those laws.

We do not sell, lease, trade, or profit from biometric information.

You may withdraw biometric consent where required by law or where made available in the Services. Withdrawal may disable biometric-dependent LPP factors and may affect reward confidence, redemption eligibility, or fraud-review status.

Biometric identifiers or biometric information covered by applicable biometric laws will be retained only as long as reasonably necessary for the disclosed purpose or as required by law, and will be deleted after consent withdrawal, Account deletion, or the end of the applicable retention period.

12. Children and Teen Users

You must be at least 13 years old to create an Account unless BLOOMIYA has expressly enabled a child-appropriate experience and obtained verifiable parental consent as required by applicable law.

Users who are 13 through 17, or under the age of majority in their jurisdiction, may use the Services only with consent and supervision from a parent or legal guardian.

BLOOMIYA does not knowingly collect personal information from children under 13 without verifiable parental consent where required by the Children's Online Privacy Protection Act or similar laws. If we learn that we collected personal information from a child under 13 without required consent, we will take appropriate steps to delete the information or obtain required consent.

Parents or guardians may contact privacy@bloomiya.ai to request review, deletion, or restriction of a child's personal information where required by law.

13. Marketing Communications

We may send transactional messages, such as verification codes, security alerts, account notices, support responses, redemption notices, and service updates. Transactional messages are part of the Services and may not be fully disabled while your Account is active.

We send marketing communications only where permitted by law and, where required, with your consent. You may unsubscribe from marketing emails by using the unsubscribe link or by contacting us.

If SMS messaging is offered and you opt in, you may opt out by replying STOP or using any other instructions provided in the message.

14. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including providing the Services, operating SubCoin rewards, preventing fraud, complying with law, resolving disputes, enforcing agreements, and maintaining security.

CategoryTypical retention period
Account and profile informationFor the life of the Account, then deleted or de-identified within a reasonable period after Account deletion, subject to exceptions
Wellness and wearable dataFor the life of the Account unless you delete it earlier or disconnect a source, subject to backup and legal retention limits
Reproductive or cycle-tracking dataWhile the feature is enabled, then scheduled for deletion after feature disablement or Account deletion, subject to legal and backup limits
Biometric identifiers covered by biometric lawsNo longer than reasonably necessary for the disclosed purpose, then deleted after consent withdrawal, Account deletion, or the applicable retention trigger
Identity verification and compliance recordsAs required for fraud prevention, legal compliance, audit, sanctions, tax, and regulatory purposes; this may be up to 7 years where applicable
Consent and audit recordsAs needed to document compliance, typically up to 7 years after Account closure where legally relevant
Security, access, and diagnostic logsTypically up to 3 years unless needed longer for security, legal, or fraud reasons
Support communicationsTypically up to 3 years unless needed longer for legal, safety, or support reasons
BackupsUp to 90 days in rolling backup systems unless longer retention is required for security or legal reasons
Aggregated or de-identified dataMay be retained indefinitely if it cannot reasonably be used to identify you

If you request deletion, we will delete or de-identify personal information unless retention is required or permitted by law, security, fraud prevention, dispute resolution, or legitimate business needs.

15. How We Protect Information

We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards may include:

No system is perfectly secure. We cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by unauthorized parties.

As a consumer health app that may process health-related information outside HIPAA, BLOOMIYA may be subject to the FTC Health Breach Notification Rule and other applicable breach-notification laws. If a reportable breach occurs, we will provide notices as required by applicable law.

16. Cookies and Similar Technologies

Our website uses cookies and similar technologies.

Essential cookies are required for site functionality, security, session management, load balancing, and similar purposes. Essential cookies cannot be disabled through our cookie banner.

Analytics cookies help us understand aggregate website usage and improve the website. Analytics cookies are used only where required consent has been obtained.

We do not use advertising cookies on the website in v1.0.

You may change your cookie choices by using the Cookie Settings link in the website footer where available. You can also adjust browser settings to block or delete cookies. Some browser settings may affect website functionality.

17. Your Privacy Rights

Depending on where you live, you may have the right to:

To exercise a privacy right, email privacy@bloomiya.ai. We may need to verify your identity before fulfilling a request. Authorized agents may submit requests where permitted by applicable law, subject to verification.

We will respond to privacy requests within the time required by applicable law. We will not discriminate against you for exercising privacy rights.

18. California Privacy Notice

This section applies to California residents and supplements the rest of this Privacy Policy.

In the past 12 months, we may have collected the following categories of personal information:

CategoryExamplesSold or shared for cross-context behavioral advertising?
IdentifiersName, email address, account ID, IP address, device identifiersNo
Personal information categories under Cal. Civ. Code §1798.80Contact information, account informationNo
Protected classification characteristicsAge range, gender if you choose to provide itNo
Commercial informationSubCoin redemption activity and Partner Catalog interactionsNo
Internet or electronic network activityApp usage, website usage, device logsNo
Geolocation dataApproximate location; precise location if enabledNo
Audio, electronic, or similar informationVoice data or support communications where enabled or providedNo
Biometric informationBehavioral biometrics or voice embeddings where enabledNo
InferencesWellness preferences, fraud-risk signals, personalization outputsNo
Sensitive personal informationAccount credentials, health data, biometric data, precise location if enabled, reproductive data if enabledNo

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16.

California residents may request access, correction, deletion, portability, opt-out of sale or sharing, and limitation of use of sensitive personal information where applicable. California residents may use the Do Not Sell or Share My Personal Information link on our website or email privacy@bloomiya.ai.

Where required by law, we honor user-enabled opt-out preference signals such as Global Privacy Control as an opt-out of sale or sharing. Because we do not sell or share personal information for cross-context behavioral advertising, honoring such signals should not change the core functionality of the Services.

19. Washington and Other Consumer Health Data Rights

If you are covered by Washington's My Health My Data Act or another applicable consumer health data law, you may have rights to access, confirm, delete, withdraw consent for, or receive a copy of consumer health data.

Consumer health data may include wellness inputs, wearable data, activity data, reproductive data where enabled, and other information that identifies or could reasonably be associated with your physical or mental health status.

We do not sell consumer health data. We do not share consumer health data for cross-context behavioral advertising.

To exercise rights related to consumer health data, contact privacy@bloomiya.ai.

20. Canadian Privacy Rights

If you are in Canada, you may have rights under PIPEDA and applicable provincial privacy laws, including rights to access, correct, withdraw consent, and challenge our privacy practices.

To exercise Canadian privacy rights, contact privacy@bloomiya.ai. We may verify your identity before responding.

21. UK, EU, EEA, and International Visitors

The BLOOMIYA app is currently intended for the United States and Canada. If you access the website or Services from the UK, EU, EEA, or another jurisdiction, your information may be transferred to and processed in the United States.

Where required by applicable law, we rely on appropriate safeguards for international transfers, such as standard contractual clauses or equivalent legal mechanisms.

Where UK GDPR, EU GDPR, or similar laws apply, our legal bases may include performance of a contract, consent, legitimate interests, legal obligation, and, for special-category data, explicit consent or another permitted basis under applicable law.

You may have rights to access, correct, delete, restrict, object, withdraw consent, receive portability, and avoid certain solely automated decisions with legal or similarly significant effects. You may also have the right to complain to your local supervisory authority.

To exercise these rights, contact privacy@bloomiya.ai.

22. Third-Party Services

The Services may link to or integrate with third-party websites, apps, wearable platforms, app stores, identity providers, payment providers, analytics providers, or Partner Catalog providers. Their privacy practices are governed by their own privacy policies, not this Privacy Policy.

You should review the privacy settings and privacy policies of any third-party service you connect to BLOOMIYA.

23. Account Deletion

You may request Account deletion through the app where available or by contacting privacy@bloomiya.ai.

After an Account deletion request, we will delete or de-identify personal information within a reasonable period, subject to retention needed for legal compliance, security, fraud prevention, dispute resolution, SubCoin integrity, audit records, backups, and other permitted purposes described in this Privacy Policy.

Data in rolling backups may persist for a limited period before deletion through normal backup rotation. Aggregated, de-identified, anonymized, or synthetic data that cannot reasonably identify you may be retained.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services, by email, or by posting an updated Privacy Policy before the changes take effect where required by law.

Your continued use of the Services after the updated Privacy Policy takes effect means you acknowledge the updated Policy. If you do not agree, you should stop using the Services and may request Account deletion.

25. Contact

For privacy questions or requests, contact:

Bloom AI Labs Inc.

4111 E Rose Lake Dr.

Charlotte, NC 28217, USA

Website: https://bloomiya.ai

General: hello@bloomiya.ai

Privacy: privacy@bloomiya.ai

Phone: +1-984-220-5767

For security concerns, email hello@bloomiya.ai with the subject line "Security".

Bloomiya™, Bloom AI™, Living Proof Protocol™, Bloom Buddy, and "Health is Wealth, Literally.™" are trademarks owned or licensed by Bloomiya Health Technologies Inc., 262 Chapman Rd, Suite 240, Newark, DE 19702, USA.