Privacy Policy
Last updated: August 2025
Bloom (“we”, “our”, “us”) provides a digital platform for healthcare professionals and patients tocollaborate on personalized nutrition tracking and monitoring. We take your privacy seriouslyand process your data in full compliance with the General Data Protection Regulation (EU)2016/679 (“GDPR”).
1. Who We Are
Data Controller:
LUZ ECLETICA LDA
NIPC: 518687520
Registered in Portugal
Data Protection Officer (DPO): dev@bodybloom.ai
2. Who This Policy Applies To
• Patients using the Bloom mobile app
• Healthcare professionals using the Bloom web platform
• Anyone interacting with our services or contacting us
3. What Data We Collect
A) Patients
• Identification: name, email, password (hashed)
• Profile: age, gender, region, language
• Biometrics: weight, height, waist, physical activity
• Health-related data:
• Tracking data: food logs (text, photo, voice)
• Communication: interactions with AI assistant and healthcare professionals
B) Healthcare Professionals
• Name, email, specialization, clinic affiliation
• Account login and activity logs
• Content: nutrition plans, chat messages with patients
4. Why We Collect This Data (Legal Basis)
5. How We Use It
• Doctors use patient-submitted data to create nutrition plans.
• Bloom’s AI assistant provides educational insights based on pseudonymized inputs.
• Admins access only anonymized usage logs.
• Data is never sold, only shared with authorized processors (see Section 10).
6. Data Retention
• Personal data is stored while your account is active.
• Data may be retained longer where legally required.
• Backups may be retained for up to 90 days after deletion for security.
• You may request deletion at any time via hello@bodybloom.ai.
• Deletion and export are handled manually during the MVP stage.
7. Data Storage
• Hosted on GDPR-compliant infrastructure located in the EU.
• All data encrypted at rest and in transit.
• Passwords stored using industry-standard hashing.
8. Who Has Access
9. Your Rights
As a user under GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request data export (PDF/JSON)
• Request deletion of your data
• Withdraw consent at any time
• File a complaint with your national Data Protection Authority
Requests: hello@bodybloom.ai
We aim to respond within 30 days.
10. External Processors
We rely on selected third-party services for hosting, communication, and analytics. They are:
• Based in the EU or operating under Standard Contractual Clauses (Art. 46 GDPR)
• Bound by Data Processing Agreements
• Never allowed access to raw health data unless explicitly authorized
11. Cookies and Analytics
• We use cookies for essential functionality (login, security).
• Optional cookies may be used for analytics and performance.
• Users can disable non-essential cookies via their browser.
12. Roadmap for Privacy Features
• Currently: requests for access/export/deletion processed manually by email.
• All processing follows Privacy by Design (Art. 25 GDPR).
• Planned:
13. Children and Minors
Our services are intended for users aged 16 and above.
Users under 16 may only use the service with parental or guardian consent and underprofessional supervision.
14. Medical Disclaimer
Bloom is not a medical device and does not replace medical diagnosis or treatment. Theresponsibility for clinical decisions remains with healthcare professionals.
15. Changes to This Policy
We may update this Privacy Policy due to product or legal changes. Updates will be posted herewith a new “Last updated” date.
Last updated: August 2025
Bloom (“we”, “our”, “us”) provides a digital platform for healthcare professionals and patients tocollaborate on personalized nutrition tracking and monitoring. We take your privacy seriouslyand process your data in full compliance with the General Data Protection Regulation (EU)2016/679 (“GDPR”).
1. Who We Are
Data Controller:
LUZ ECLETICA LDA
NIPC: 518687520
Registered in Portugal
Data Protection Officer (DPO): dev@bodybloom.ai
2. Who This Policy Applies To
• Patients using the Bloom mobile app
• Healthcare professionals using the Bloom web platform
• Anyone interacting with our services or contacting us
3. What Data We Collect
A) Patients
• Identification: name, email, password (hashed)
• Profile: age, gender, region, language
• Biometrics: weight, height, waist, physical activity
• Health-related data:
- Symptoms, allergies, chronic conditions
- Supplements and medications
- Pre-assessment questionnaire
- Lab test data (bloodwork, hormones, nutrients)
• Tracking data: food logs (text, photo, voice)
• Communication: interactions with AI assistant and healthcare professionals
B) Healthcare Professionals
• Name, email, specialization, clinic affiliation
• Account login and activity logs
• Content: nutrition plans, chat messages with patients
4. Why We Collect This Data (Legal Basis)
Purpose | Legal Basis | Applies To |
To provide our service | Contact (art.6.1.b GDPR) | All users |
To generate non-clinical insights | Consent (Art.6.1.a & 9.2.aGDPR) | Patients |
To store and process health-related datasecurely | Legal obligation/consent | Patients |
To communicate with users | Contractual need | All |
To improve our product and features | Legitimate interest | Internalony |
5. How We Use It
• Doctors use patient-submitted data to create nutrition plans.
• Bloom’s AI assistant provides educational insights based on pseudonymized inputs.
• Admins access only anonymized usage logs.
• Data is never sold, only shared with authorized processors (see Section 10).
6. Data Retention
• Personal data is stored while your account is active.
• Data may be retained longer where legally required.
• Backups may be retained for up to 90 days after deletion for security.
• You may request deletion at any time via hello@bodybloom.ai.
• Deletion and export are handled manually during the MVP stage.
7. Data Storage
• Hosted on GDPR-compliant infrastructure located in the EU.
• All data encrypted at rest and in transit.
• Passwords stored using industry-standard hashing.
8. Who Has Access
Role | Access Level |
Doctor | Only assigned patients |
Admin | Anonymized technical data only |
Developer | No access to identifiable or health data |
DPO May | access logs fort GDPR requests |
AI assistant | Works only with pseudonymized input |
9. Your Rights
As a user under GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request data export (PDF/JSON)
• Request deletion of your data
• Withdraw consent at any time
• File a complaint with your national Data Protection Authority
Requests: hello@bodybloom.ai
We aim to respond within 30 days.
10. External Processors
We rely on selected third-party services for hosting, communication, and analytics. They are:
• Based in the EU or operating under Standard Contractual Clauses (Art. 46 GDPR)
• Bound by Data Processing Agreements
• Never allowed access to raw health data unless explicitly authorized
11. Cookies and Analytics
• We use cookies for essential functionality (login, security).
• Optional cookies may be used for analytics and performance.
• Users can disable non-essential cookies via their browser.
12. Roadmap for Privacy Features
• Currently: requests for access/export/deletion processed manually by email.
• All processing follows Privacy by Design (Art. 25 GDPR).
• Planned:
- In-app data deletion (“Right to be Forgotten”)
- Self-service export (PDF/JSON)
- Transparent user access logs
13. Children and Minors
Our services are intended for users aged 16 and above.
Users under 16 may only use the service with parental or guardian consent and underprofessional supervision.
14. Medical Disclaimer
Bloom is not a medical device and does not replace medical diagnosis or treatment. Theresponsibility for clinical decisions remains with healthcare professionals.
15. Changes to This Policy
We may update this Privacy Policy due to product or legal changes. Updates will be posted herewith a new “Last updated” date.