🔒 Core commitment: Your health data is never sold, never shared with advertisers, and never used to profile you. It is yours. Full stop.
What is consumer health data?
Consumer health data refers to personal information that relates to your physical or mental health. In the context of Bloom, this includes:
- Mood ratings and emotional state logs
- Energy levels and focus patterns
- Sleep duration and quality records
- Medication names, doses and schedules you enter
- Journal entries and CBT thought records
- Symptom descriptions or mental health notes you log
How we protect health data
- Medical-grade encryption: your health data is encrypted to the same standard used in regulated healthcare and financial services - both when stored and when in transit
- Your password is never readable: it is transformed through a secure, irreversible process before it ever reaches our servers - not even Bloom can see it
- Zero Trust architecture: every request to access your data must be continuously verified - there is no implicit trust at any layer of the system
- Sessions that self-destruct: your login tokens expire automatically and cannot be reused - a stolen token becomes worthless within minutes
- Passkey support: sign in with your face, fingerprint, or device PIN - your authentication key never leaves your device and cannot be phished
- On-device first: health data stays on your device where possible; any server-side copy is encrypted and inaccessible to staff
- No employee access to your records: all internal access is authenticated, limited, and logged with a permanent audit trail
- No training: your health data is never used to train AI models - Bloom's or anyone else's
Who we never share health data with
- Advertising networks or data brokers
- Insurance companies or employers
- Government agencies (unless required by a court order or applicable law in Kenya or your jurisdiction)
- Any third party for commercial purposes
Clinician sharing - your choice only
Bloom provides an optional feature allowing you to generate an encrypted export of your wellness data to share with a therapist or psychiatrist. This is entirely voluntary:
- You choose exactly what to include in the export
- The export is generated and encrypted on your device
- A time-limited link (expires after 48 hours) is created for secure transfer
- Bloom does not store a copy of any export
- You can revoke sharing links at any time
Data deletion
You can delete your health data at any time through the app settings. Account deletion removes all server-side health records within 30 days. On-device data is cleared immediately upon your request.
Legal basis (GDPR & Kenya Data Protection Act)
Processing of health data under GDPR (Article 9(2)(a)) and the Kenya Data Protection Act 2019 (Section 30, ODPC-supervised) requires explicit consent, or where it is necessary for the provision of health care (Article 9(2)(h)). Bloom relies on your explicit, informed consent, which you provide when you first enter health data into the app.