Last Update: June 11, 2021
This Policy applies only to information collected through the Site and the App and therefore does not apply to data we collect in other contexts.
What Information We Collect and Maintain About You
We collect personal and other information from you directly when you provide it to us through the Site and the App.
We may also automatically collect certain information about you when you (i) use, access, or interact with our Site, including information about your computer, smartphone, or other device; and (ii) use our App, including the type of mobile device you use, your mobile device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the App.
The App does not request access to your phone’s contacts or other device data or applications, except when you choose to use services within the app that allow you to share photos or location information.
Personal information you provide.
You can visit the Site without submitting any information that we can use to identify you personally. However, if you use certain features on the Site, such as the “Contact Us” feature, you will be required to provide personal information. Such information could include, for example, your name, email address, or phone number.
When you register with us and use the App, you may provide your name, email address, age, user name, password and other registration information, transaction-related information, and information you provide when you contact us via the App. We may also collect this information when you create an account by using a third-party social networking service such as Facebook (each, an “SNS Account”). If you use an SNS Account to create your Bloom account, we will gather your name, email address, and other personal information that your privacy settings on the SNS Account allow us to access.
It is possible for you to submit your own content, such as answers to guided questions, journal entries, or other writings, in all cases submitted in the App.
Mental health information.
Because of the nature of the Services, we will be collecting information about you that relates to your mental health. Such information may include reflections on your mental health status, information about current mental state or mood, information on symptoms of mental health conditions, previous diagnoses, personal history, and additional personal information related to answers provided to guided questions.
Web log data.
When you use the Site, we automatically receive and record certain information from your computer (or other device) and your browser. This may include such data as your IP address and domain name, the pages you visit on the Site, the date and time of your visit, the files that you download, the URLs from the websites you visit before and after navigating to the Site, your software and hardware attributes (including device IDs), your general geographic location (e.g., your city, state, or metropolitan region), and certain cookie information (see below). To obtain such information, we may use web logs or applications that recognize your computer and gather information about its online activity.
The Site may contain cookies. Cookies are small files that are stored on your computer by your web browser. A cookie allows a website to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect or store information about your use of the Site during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before the Site, and the link you used to leave the Site. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the Site may not operate correctly.
SDKs and mobile advertising IDs.
Our Services may include third-party software development kits (“SDKs”) that allow us and our service providers to collect information about your activity (such as Facebook SDK). In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, allow us and our service providers to identify your mobile device over time for advertising purposes.
Third-party online tracking.
We also may partner with certain third parties to collect, analyze, and use some of the personal and other information described in this section. For example, we may allow third parties to set cookies or use web beacons on the Site or in email communications from us. This information may be used for a variety of purposes, including online website analytics.
Aggregated and deidentified information.
From time to time, we may also collect aggregated or deidentified information about Site users for internal use to improve the product. Such aggregated or deidentified information will not identify you personally.
How We Use Your Information
We use the information that we collect for a variety of purposes in the interest of consistently delivering the best and most personalized mental health services. These purposes include, for example:
To provide the Services;
To respond to your questions or requests concerning the Site, App, or other services offered by us;
To fulfill the terms of any agreement you have with us;
To fulfill your requests for our Services or otherwise complete a transaction that you initiate, including in-App and Site purchases;
To send you information about our Services and other topics that are likely to be of interest to you, including through emails from which you may opt-out;
To deliver confirmations, account information, notifications, and similar operational communications;
To improve your user experience and the quality of our products and Services;
To comply with legal and/or regulatory requirements; and
To manage our business.
In addition to the purposes above, we use the information that we collect automatically through the Site and the App for such purposes as:
Counting and recognizing visitors to the Site and users of the App;
Analyzing how visitors use the Site and various Site features;
Analyzing how users of the App use the App and App features;
Improving the Site and App and enhancing users’ experiences with the Site and the App;
Creating new products and services or improving our existing products and Services;
Enabling additional website analytics and research concerning the Site and the App;
Engaging in interest-based advertising (as described below); and
Managing our business.
We may link information gathered through the Site or the App with information that we collect in other contexts. But in that event, we will handle the combined information in a manner consistent with this Policy.
With Whom and Why We Share Your Information
In order to deliver the best personalized experience to you, we may share your personal data from time to time, including in encrypted form: To provide our Services.
Our Site currently does not respond to “do not track” browser headers.
With third-party service providers.
To provide the best experience to you, our user, Bloom uses third-party service providers that perform services on our behalf, including web-hosting companies, mailing vendors, and analytics providers. These service providers may collect and/or use your information, including information that identifies you personally, to assist us in achieving the purposes discussed above.
We may share your information with other third parties when necessary to fulfill your requests for Services; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.
For legal purposes.
We also may use or share your information with third parties when we believe, in our sole discretion, that doing so is necessary:
To comply with applicable law or a court order, subpoena, or other legal process;
To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
To establish, protect, or exercise our legal rights or defend against legal claims; or
To facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets. You will be notified via email or a notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
We never sell your information.
The App allows you to share collected data with your social media accounts, like Facebook, but only with your permission.
If you want to learn more about the personal information that Bloom has about you, or you would like to update, change, or delete that information, please contact us by email at email@example.com.
You may also opt out of receiving marketing emails from us by following the instructions in those emails or by emailing us at firstname.lastname@example.org.
You may stop all collection of information by the App by uninstalling the App. You may use the standard uninstall process as may be available as part of your mobile device or via the mobile application marketplace or network.
While using the App, the App allows you to access your data, edit your data, share your data and delete your data. You may do this in the Settings section of the Bloom app, which can be found in your profile.
We employ physical, technical, and administrative procedures to safeguard the personal information we collect online.
Your user content is deidentified and it is not read or reviewed by Bloom or any third parties.
However, no website or App is 100% secure, and we cannot ensure or warrant the security of any information you transmit to the Site, to the App, or to us, and you transmit such information at your own risk.
Data Retention and Storage
We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain personal information longer than is necessary for us to achieve the purposes for which we collected it, which includes the time period during which you are using the App and a reasonable time thereafter. We will retain automatically-collected information for up to 24 months and thereafter may store it in the aggregate as anonymized data. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
We store your data in the cloud and on U.S. servers.
If you would like to delete the personal data that you have provided via the Site or the App, please contact us at email@example.com and we will respond in a reasonable time. Please note that some or all of your personal data may be required in order for the Site or the App to function properly.
The information that we collect through or in connection with the Site and the App is processed in the United States for the purposes described above. We also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence. The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. By using the Site or by providing any personal or other information to us, you expressly consent to such transfer and processing.
Further Information for Users in the European Economic Area
If you are a user in the European Economic Area, we process your personal data in the United States as data controller and in compliance with the European General Data Protection Regulation (“GDPR”).
In addition to the data categories outlined above, we collect “data concerning health” as defined in the GDPR. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Legal Basis for Processing
When we process your personal data, we will only do so for the following reasons:
As necessary to perform our responsibilities under our contract with you (including to provide the Services);
When we have a legitimate interest in processing your personal data, including to communicate with you about changes to our Service, to help secure and improve our Services, and to analyze use of our Services;
As necessary to comply with our legal obligations; and
When you have provided us with your consent to do so.
Data subject rights
You have the right to:
access personal data we hold about you;
request rectification or erasure of your personal data;
request the restriction the of processing of your personal data;
object to the processing of your personal data; and
If we have requested your consent, you may withdraw such consent at any time.
If you would like to exercise any of your data subject rights under the GDPR, including by withdrawing your consent, please contact us at firstname.lastname@example.org.
You have the right to lodge a complaint regarding our data processing with a supervisory authority. The EU Commission provides a list of supervisory authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Bloom does not make any decisions involving the use automated decision-making or profiling that significantly affect you.
Transfer of personal data
Our service providers or other third parties with whom Bloom may share your personal data from time to time, as described above, may be located abroad, and in particular outside the European Economic Area. In such case, Bloom will require them to take, in accordance with applicable legislation, all organizational and technical measures reasonably necessary to ensure an adequate level of protection of your personal data.
Content on this Site and in the App is directed at individuals over the age of 18 and is not directed at children under the age of 13. We do not knowingly collect personally identifiable information or personal information, as defined in GDPR, from children under the age of 13.
In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we are able to take the necessary action.
Changes to this Policy
We may make changes to the Site and the App in the future and as a consequence will need to revise this Policy to reflect those changes. We will post all such changes on the Site, in the linked policy on the AppStore, and in the App under “Settings.” You should review this page periodically. If we make a material change to the Policy, you will be provided with appropriate notice.
How to Contact Us
Should you have any questions or concerns about this Policy, you can contact us at email@example.com or 45 Main Street, Suite 1004, Brooklyn, NY, 11201.