← InnerBloom

Privacy Notice

Last updated: May 30, 2026

1. Who we are

InnerBloom ("we", "us") is the controller of personal data processed through the InnerBloom app and website. We decide why and how your data is processed for the purposes described here.

2. Data we collect

  • Account data: email, authentication identifiers (Google/Apple), display name.
  • Personality & mood data: answers to the personality test, mood entries, diary content, goals.
  • Conversation data: messages exchanged with Bloomie and voice transcripts (when you use voice mode).
  • Usage & device data: pages visited, features used, approximate IP-based location, device and browser identifiers, crash logs.
  • Support data: messages you send us when asking for help.
  • Billing data: handled by Paddle as Merchant of Record (see §5). We receive a subscription status and customer ID, not your card details.

3. Why we use it (purposes & legal bases)

  • Provide the Service — accounts, AI responses, mood tracking, voice mode. Legal basis: contract.
  • Improve the Service — aggregated analytics, bug fixing, model quality. Legal basis: legitimate interests.
  • Security & fraud prevention — abuse detection, rate-limiting. Legal basis: legitimate interests / legal obligation.
  • Customer support — answer your questions. Legal basis: contract / legitimate interests.
  • Marketing & updates — only when you opt in. Legal basis: consent.

4. AI processing

To generate responses, we send your prompts (and relevant memory) to trusted AI providers (Google, OpenAI, ElevenLabs). These providers process the data on our behalf under contractual confidentiality and do not use it to train their models. You can clear your data at any time from the profile screen.

5. Who we share data with

  • Service providers / sub-processors — hosting, database, AI inference, voice synthesis, analytics, error monitoring.
  • Merchant of Record — Paddle — Paddle.com Market Limited acts as the seller for all paid transactions, handling payments, subscription billing, tax compliance, invoicing, and chargebacks. See Paddle's Privacy Notice.
  • Professional advisers — legal and accounting, where strictly necessary.
  • Authorities — when required by law or to protect rights and safety.

We never sell your personal data.

6. International transfers

Some sub-processors are located outside your country, including the United States. Where required, we rely on safeguards such as the EU Standard Contractual Clauses or equivalent mechanisms.

7. Retention

We keep your account data while your account is active and for a limited period afterwards to meet legal and accounting obligations. Diary, mood, and chat data are deleted when you delete your account or use "Reset everything" on the profile screen. Backups are rotated regularly.

8. Your rights

Depending on your jurisdiction, you have the right to access, correct, delete, restrict, export, or object to the processing of your personal data, and to withdraw consent at any time. You can also lodge a complaint with your local data protection authority. To exercise these rights, contact us in-app or via our support channels — we respond within one month.

9. Security

We use appropriate technical and organisational measures — encryption in transit, access controls, least-privilege roles, and database row-level security — to protect your data.

10. Cookies & local storage

We use strictly-necessary cookies and browser local storage to keep you signed in and remember your preferences. We use basic analytics to understand how the Service is used. We do not use advertising cookies.

11. Children

The Service is not directed to children under 16. If you believe a child has provided us with personal data, please contact us so we can remove it.

12. Changes & contact

We will update this notice as the Service evolves. For questions about your privacy, contact us through the app. See also our Terms and Refund Policy.