Bloomora Join Early Access
Legal

Privacy Policy

Effective Date: June 25, 2026

Versión en español →

← Back to Bloomora

Bloomora is a product developed and operated by Didiersoft LLC ("we," "us," or "our"). Bloomora helps you reflect on your values, track check-ins, review decisions, and use AI-assisted prompts for personal growth. This Privacy Policy explains what information Bloomora collects or processes, where it is stored, and the choices you have.

Bloomora is available to users in the United States and Latin American countries. This policy addresses applicable laws in those regions, including the California Consumer Privacy Act (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), Mexico's Ley Federal de Protección de Dados Personales en Posesión de los Particulares (LFPDPPP), Colombia's Ley 1581 de 2012, and Argentina's Ley 25.326.

Short version: Most of your data lives on your device. When you use AI features, some data is sent to OpenAI under your explicit consent — not automatically. We do not sell your personal data. You can export or delete your data at any time from the Profile screen. A Spanish-language version of this policy is available at privacy-es.html.

Summary of Key Points

What personal information do we collect? We collect the information you enter into Bloomora, including your nickname, reflection responses, check-ins, decisions, AI prompts, and app preferences. Most of this information stays on your device.

Do we process sensitive personal information? Daily check-ins and reflection responses may be sensitive under some privacy laws. We use them only to provide Bloomora's features and personalized insights.

Do we sell personal information? No. We do not sell personal information for money. Google Mobile Ads may process advertising identifiers and related data for ad delivery, measurement, and fraud prevention.

Do we use AI providers? Only when you opt in to AI features. Bloomora sends the minimum needed data through Bloomora's Cloudflare-hosted AI service to the OpenAI API.

How can you exercise your rights? You can export or delete local app data from the Profile screen, revoke AI consent in the app, manage ad tracking through device and Google settings, or contact us at founder@didiersoft.com.

Table of Contents

  • 1. Who We Are
  • 2. Information We Collect
  • 3. Legal Basis for Processing
  • 4. Primary and Secondary Purposes
  • 5. How We Use Information
  • 6. Local Storage and Data Retention
  • 7. AI Features
  • 8. Advertising
  • 9. Authentication and Social Logins
  • 10. Cookies, Tracking Technologies, and Do-Not-Track
  • 11. Notifications and Permissions
  • 12. Data Sharing and International Transfers
  • 13. Your Rights
  • 14. Account and Data Deletion
  • 15. Security and Breach Notification
  • 16. Children's Privacy
  • 17. Changes to This Policy
  • 18. Contact Us

1. Who We Are

The data controller and responsible party for personal data processed through Bloomora is:

Didiersoft LLC
Email: founder@didiersoft.com

References to "Bloomora," "we," "us," or "our" in this policy refer to Didiersoft LLC as the developer and operator of the Bloomora application.

2. Information We Collect

Information You Provide

Bloomora may collect information you enter into the app, including:

  • Profile information: nickname, age, gender, profession, relationship status, location, life goal, life focus areas, and coaching preferences.
  • Reflection and questionnaire responses: value scores, top values, session progress, and answered questions.
  • Daily check-ins: mood, energy, and stress ratings, dates, and timestamps.
  • Decisions, action steps, due dates, action statuses, and AI-generated responses you choose to save.
  • AI Companion messages and decision prompts you submit while using AI-powered features.
  • Your nickname, entered during onboarding and stored locally on your device. The app does not currently require or offer account sign-up as part of the main user journey. See Section 9 for details on authentication features.
  • App preferences: theme, reminder settings, notification time, and related settings.

Sensitive Personal Information

Daily check-in data (mood, energy, stress ratings) and personal reflection responses may qualify as sensitive personal information under certain applicable laws, including the CCPA/CPRA and Brazil's LGPD. We collect and use this data solely to provide the app's features and generate your personalized insights. We do not use sensitive personal information for advertising profiling or disclose it to third parties for purposes unrelated to providing the service.

Information Collected Automatically

Bloomora itself does not use a separate analytics or crash reporting SDK. However, some third-party services used in the app may automatically process technical information, including:

  • Device type, operating system, app interactions, diagnostic information, IP address, approximate location derived from IP address, and advertising identifiers — through Google Mobile Ads.
  • Notification permission status and local timezone information for reminder scheduling.

Information Processed by Third-Party Services

Bloomora uses the following third-party services to provide specific features:

  • OpenAI API — for AI-powered companion responses, decision alignment, daily insights, and value-based quotes (consent-gated). Requests reach OpenAI only through Bloomora's AI service described below.
  • Cloudflare — hosts Bloomora's AI service (a serverless Worker) that relays AI requests to OpenAI, applies per-feature rate limits, and processes your IP address for abuse prevention.
  • Google Mobile Ads / AdMob — for banner and interstitial advertising.

These services process information under their own privacy practices, linked in the relevant sections below.

3. Legal Basis for Processing

United States

We collect and process personal information based on: your consent (for AI features and advertising choices), contractual necessity (to deliver the app's core functionality), and legitimate interest (app security, fraud prevention, and service improvement). For California residents, additional rights and disclosures are described in Section 13.

Brazil (LGPD — Lei Geral de Proteção de Dados)

Under Brazil's LGPD, we process your personal data on the following legal bases:

  • Consent (Art. 7, I): AI features, advertising choices, and optional permissions. You may withdraw consent at any time without affecting processing already performed.
  • Contract performance (Art. 7, V): Core app features including reflection sessions, check-ins, and value discovery.
  • Legitimate interest (Art. 7, IX): App security, fraud prevention, and de-identified service improvement, subject to a proportionality assessment.
  • Legal obligation (Art. 7, II): Compliance with applicable law or regulatory requirements.

For sensitive personal data (mood, energy, and stress check-ins), we process solely on the basis of your specific, highlighted consent (Art. 11, I). You may revoke this consent at any time in Profile > Coaching & AI settings.

Mexico (LFPDPPP)

Under Mexico's LFPDPPP, Didiersoft LLC acts as the responsable (responsible party). We process your personal data based on your consent. For sensitive personal data (datos sensibles), including mood, energy, and stress check-ins, we require your express, written consent before collection. You may revoke consent at any time as described in Section 13.

This Privacy Policy serves as the Aviso de Privacidad required by the LFPDPPP. A Spanish-language version is available at privacy-es.html.

4. Primary and Secondary Purposes

Primary Purposes

We collect and use your personal information to provide the Bloomora application, which includes:

  • Reflection sessions, values discovery, and Wheel of Life visualisation.
  • Daily check-in tracking and personalized growth insights.
  • AI Companion responses and decision support (with your consent).
  • Configurable notifications and reminders.
  • Data export, deletion, and portability controls.

Secondary Purposes

We may use aggregated, de-identified information — from which individual users cannot be identified — to improve app reliability, performance, and develop new features. Secondary uses do not involve selling or sharing your individually identifiable information.

You may opt out of secondary purposes at any time by contacting us at founder@didiersoft.com.

5. How We Use Information

We use the information we collect to:

  • Provide reflection, values, wheel, check-in, profile, and reminder features.
  • Generate personalized insights, AI Companion responses, decision reflections, action suggestions, and daily quotes.
  • Save your progress and preferences locally on your device.
  • Enable you to export or delete your local app data from the Profile screen.
  • Display ads and support ad delivery, measurement, analytics, and fraud prevention.
  • Improve app reliability and security using de-identified, aggregated data.

6. Local Storage and Data Retention

Most Bloomora data is stored locally on your device using Isar and SharedPreferences. This includes profile data, reflection responses, value scores, daily check-ins, decision logs, app preferences, and reminder settings. Bloomora does not maintain a central server database for your reflection, profile, decision, or check-in data. Bloomora's AI service (used only when you opt into AI features) does not store this content either — see Section 7.

Local app data remains on your device until you delete it in-app, uninstall the app, or clear app data through your device settings. Local storage is protected by your device's operating system. Bloomora does not add a separate encryption layer to local Isar or SharedPreferences data beyond device OS protections.

Retention Periods

Data Storage Location Retention Period
Profile, check-ins, reflections, decisions, preferences Device (Isar / SharedPreferences) Until deleted in-app or app is uninstalled
AI Companion session messages Device memory (not persisted to disk) Current session only; cleared when app is closed
Accepted AI-suggested actions Device (Isar) Until deleted in-app or app is uninstalled
Inputs relayed to the AI model OpenAI API (via Bloomora's AI service) Up to 30 days per OpenAI's data policy
AI request metadata (feature, language, outcome, timing, IP) Cloudflare (Bloomora's AI service) Transient operational logs per Cloudflare's privacy policy; no message content stored
Advertising and analytics data Google Mobile Ads / AdMob Per Google's data retention policy

7. AI Features

Bloomora includes AI-powered reflection and companion features. AI features are consent-gated — no data is sent until you explicitly opt in within the app. AI requests are sent over HTTPS to Bloomora's own AI service (a serverless Worker hosted on Cloudflare), which relays only the minimal data needed to the OpenAI API. Depending on the feature used, this includes:

  • Your message or decision text.
  • Recent conversation history for the current AI Companion session.
  • A context summary derived from your top values, low-scoring life areas, saved life goal, life focus, and coaching preferences.
  • Recent check-in scores and top values, for daily insights.
  • Top values, for quote generation.
  • Your Life Compass reflection questions and answers, when you explicitly request an AI interpretation.
  • For the "Who I Am" reflection and life-goal suggestions: journey evidence such as your top values, Life Compass results, life-area scores, recent check-in patterns, saved life goal, life focus, and coaching style.

Data minimization: Bloomora's AI service enforces a strict allowlist before anything reaches the AI model. Your nickname and demographic details — including age range, gender, profession, relationship status, and location — are never sent to the AI, even though some are stored locally on your device.

Bloomora's AI service does not store the content of your messages, reflections, or the AI's responses. It logs only limited technical metadata — the feature used, language, success or error outcome, timing, and your IP address — to enforce per-feature rate limits and prevent abuse.

AI Companion conversation history is held in app memory for the current session only and is not saved as a transcript by Bloomora. If you accept or edit an AI-suggested action, only the accepted action text is saved locally as a decision or action log.

You may revoke your AI consent at any time in Profile > Coaching & AI settings. After revocation, no further data will be sent from the app. Revocation does not affect data already transmitted during prior sessions.

Disclaimer: AI responses are generated automatically and may be incomplete, inaccurate, or unsuitable for your situation. Bloomora's AI features are for personal reflection and organisation only. They are not professional, medical, mental health, therapeutic, financial, legal, or crisis advice. Bloomora does not diagnose, treat, cure, or prevent any medical or mental health condition and does not guarantee any well-being, health, relationship, career, or life outcome. Consult a qualified professional for medical, mental health, legal, or financial concerns. If you are experiencing a crisis or need immediate support, contact a local emergency service or crisis helpline.

Do not submit information to AI features that you do not want processed by OpenAI.

OpenAI's data controls for API usage: platform.openai.com/docs/guides/your-data
OpenAI's privacy policy: openai.com/policies/privacy-policy

8. Advertising

Bloomora uses Google Mobile Ads / AdMob to display ads. Google Mobile Ads may collect and process data such as IP address, user product interactions, diagnostic information, device identifiers, account identifiers, advertising identifiers, and approximate location derived from IP address for advertising, analytics, and fraud prevention purposes.

California residents: Sharing advertising identifiers and behavioral data with Google for cross-context behavioral advertising constitutes "sharing" of personal information under the CCPA/CPRA, even without a monetary exchange. You have the right to opt out of this sharing. See Section 13 for how to exercise this right.

You can limit or reset advertising identifiers and opt out of personalized ads through your device settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads) and through Google's ad settings.

Google's advertising privacy information: policies.google.com/technologies/ads
Google Mobile Ads data disclosure: developers.google.com/admob/android/privacy/play-data-disclosure

9. Authentication and Social Logins

Bloomora does not use account-based authentication. Users are identified by a nickname entered during onboarding, which is stored locally on the device only. No email address, password, or third-party authentication service is used. No authentication data is transmitted to any external service.

Bloomora does not offer social login through Google, Apple, Facebook, or other social media providers. We do not receive profile information from social login providers.

10. Cookies, Tracking Technologies, and Do-Not-Track

Bloomora's mobile app does not use browser cookies. Google Mobile Ads / AdMob may use mobile advertising identifiers and similar technologies to deliver, measure, and protect ads, as described in Section 8.

The public Bloomora website may receive standard technical information, such as IP address and browser request data, through normal hosting and security logs. We do not use a separate website analytics SDK in the Bloomora website.

Some web browsers and mobile platforms offer Do-Not-Track or similar signals. Because there is no uniform standard for recognizing these signals, Bloomora does not currently respond to browser Do-Not-Track signals. You can control ad personalization through your device advertising settings and Google's ad settings.

11. Notifications and Permissions

Bloomora may request notification permission to schedule reminders such as daily check-ins and action follow-ups. Reminders are scheduled locally on your device and do not require a server connection. You can disable or adjust notifications at any time in the app or through your device settings.

Bloomora does not request camera, microphone, contacts, photo library, or precise location permissions for its current core features.

12. Data Sharing and International Transfers

Bloomora does not sell your personal data for monetary consideration.

We may share or allow processing of information with:

  • OpenAI — when you use AI-powered features and have provided explicit in-app consent. AI requests are relayed through Bloomora's AI service rather than sent to OpenAI directly.
  • Cloudflare — hosts Bloomora's AI service, which processes AI requests in transit and your IP address for rate limiting and abuse prevention.
  • Google Mobile Ads / AdMob — to display, measure, and protect ads. For California residents, this may constitute "sharing" under CCPA/CPRA (see Section 13).
  • Your device's system share interface — if you choose to export your data using the in-app export feature.
  • Law enforcement or regulatory authorities — if required by applicable law, court order, or to protect the rights, safety, or property of Bloomora, its users, or the public.

Because Bloomora uses service providers such as OpenAI, Cloudflare, and Google, information processed by those providers may be transferred to, stored in, or processed in countries other than the country where you live, including the United States. We rely on those providers' security, privacy, and transfer mechanisms, and we take reasonable steps to process information consistently with this Privacy Policy and applicable law.

13. Your Rights

All Users

Regardless of where you live, you can:

  • Export your local app data: Profile > Privacy & Data > Export Data.
  • Delete your local app data: Profile > Privacy & Data > Delete All Data.
  • Revoke AI consent: Profile > Coaching & AI settings.
  • Disable notifications: Profile > Reminders or your device settings.
  • Limit ad tracking: your device advertising settings or Google ad settings.

To review, update, or delete data stored locally by Bloomora, use the controls in Profile > Privacy & Data. Because most app data stays on your device, deleting it in the app or through your device settings is the most direct way to remove it. To request help with privacy rights or data handled by third-party providers, contact us at founder@didiersoft.com.

California Residents (CCPA / CPRA)

California residents have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom it is shared.
  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information we hold about you.
  • Right to Opt Out of Sale / Sharing: Opt out of the sharing of your personal information with Google Mobile Ads for cross-context behavioral advertising. Exercise this right by adjusting your device advertising settings, visiting Google's ad settings, or contacting us. We do not sell personal information for monetary consideration.
  • Right to Limit Use of Sensitive Personal Information: Request that we limit use of your sensitive personal information (including mood, energy, and stress data) to purposes necessary to provide the app's services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit a request, contact us at founder@didiersoft.com. We will respond within 45 days. We may need to verify your identity before processing your request.

Brazilian Residents (LGPD)

Brazilian residents have the following rights under LGPD Art. 18:

  • Confirmation and Access: Confirm whether we process your personal data and access a copy of it.
  • Correction: Request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data.
  • Portability: Receive your personal data in a structured, machine-readable format for transfer to another service provider.
  • Deletion of Consented Data: Request deletion of personal data processed on the basis of your consent.
  • Information About Sharing: Obtain information about which public or private entities we have shared your data with.
  • Revocation of Consent: Revoke your consent at any time. Revocation does not affect the lawfulness of processing performed before revocation.

To exercise your LGPD rights, contact us at founder@didiersoft.com. We will respond within 15 days as required by the LGPD.

Mexican Residents — Derechos ARCO (LFPDPPP)

Mexican residents have the right to exercise ARCO rights with respect to their personal data:

  • Acceso (Access): Know what personal data we hold and how it is being used.
  • Rectificación (Rectification): Correct inaccurate or incomplete personal data.
  • Cancelación (Cancellation): Request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, has been processed unlawfully, or you have revoked consent.
  • Oposición (Objection): Object to the processing of your personal data for specific purposes, including secondary purposes.

You may also revoke your consent at any time without retroactive effect.

To exercise your ARCO rights, send a written request to founder@didiersoft.com including: your full name, a description of the right you wish to exercise, and documentation to help us verify your identity. We will respond within 20 business days of receipt of a complete request.

Colombian and Argentine Residents

Residents of Colombia (Ley 1581 de 2012) and Argentina (Ley 25.326) have rights to access, correct, and request deletion of their personal data. To exercise these rights, contact us at founder@didiersoft.com. We will respond within 30 days.

14. Account and Data Deletion

Local app data: Go to Profile > Privacy & Data > Delete All Data to permanently delete local profile data, decisions/actions, check-ins, reflections, reminders, and preferences stored by Bloomora on your device. You may also uninstall the app or clear app data through your device settings.

Account data: Bloomora does not currently use account-based authentication and does not maintain account records such as email addresses, passwords, or third-party login identifiers.

Third-party data: Data already processed by OpenAI or Google Mobile Ads / AdMob may also be subject to those providers' own retention, deletion, security, and legal obligations.

15. Security and Breach Notification

We use reasonable technical and organisational measures to protect your information, including:

  • TLS/HTTPS encrypted communication for all data transmitted to Bloomora's AI service, OpenAI, and Google APIs.
  • Device-level operating system protections for locally stored data. Bloomora does not currently add an additional encryption layer beyond OS protections for local Isar and SharedPreferences data.
  • In-app consent gating for AI features, plus a server-side allowlist that strips your nickname and demographic details before any data reaches the AI model.

No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

Breach notification: In the event of a security incident that affects your personal information, we will notify you as required by applicable law. For Brazilian residents, we will notify the Autoridade Nacional de Proteção de Dados (ANPD) and affected individuals within a reasonable timeframe — and no later than 2 business days for high-risk incidents per ANPD guidance. Notifications may be provided through the app, on the website, or by another contact method available to us.

16. Children's Privacy

Bloomora is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through Bloomora, please contact us at founder@didiersoft.com and we will take prompt steps to delete that information.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make minor changes, we will update the effective date above. For significant changes that affect how we process your personal data or introduce new processing activities, we will notify you through the app, on the website, or another available notice method and, where required by applicable law, seek your consent before the changes take effect.

18. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or Bloomora's privacy practices, contact us at:

Didiersoft LLC
founder@didiersoft.com

We will acknowledge your request promptly and respond within the timeframe required by the law applicable to your jurisdiction: 15 days for Brazil, 20 business days for Mexico, 45 days for California, and 30 days for all other jurisdictions.