This privacy policy explains how Bloom collects, uses, stores, and protects your personal data. We believe in being straightforward about what we do with your information, so we've written this in plain language rather than legal jargon.
By creating a Bloom account, you agree to the practices described in this policy. If you have any questions, you can reach us at hasna.robert@gmail.com.
1. Who We Are
Bloom is a face timelapse application. You take a photo every day and Bloom turns those photos into a timelapse video that shows how a face changes over time.
Bloom is developed and operated by Robert Hasna, an individual based in Romania. Bloom is subject to the European Union's General Data Protection Regulation (GDPR). For the purposes of data protection law, Robert Hasna is the data controller — the person responsible for deciding how and why your personal data is processed.
Contact: hasna.robert@gmail.com
2. Information We Collect
Account information
When you create an account, we collect:
- Email address — to identify your account and communicate with you
- Display name (optional) — if you choose to provide one
- Authentication provider — whether you signed up with email, Google, or Apple
Photos and media
When you use Bloom, we store:
- Source images — the original photos you upload
- Cropped images — automatically generated versions of your photos, cropped and aligned to the face
- Timelapse videos — videos automatically generated from your cropped images
- Photo dates — the date associated with each photo
App preferences
- Timezone — used to send reminders at appropriate times and to display dates correctly
- Notification preferences — whether you want to receive daily reminders
- Gallery save preference — whether to save photos to your device's photo library
- Video settings — your chosen speed, quality, and resolution for timelapse videos
Device information
- Push notification token — a token provided by your device so we can send you reminders. This is issued by Expo's push notification service.
- Device identifier — used to manage push notification tokens across your devices
Automatically generated data
- Notification logs — records of which reminders were sent and when, so we don't send duplicates
- Processing status — whether each photo has been processed and whether each video has been generated
What we do NOT collect
- We do not collect your date of birth. The date of birth you provide during registration is used only to verify your age and is not stored.
- We do not collect your location or GPS data.
- We do not collect biometric templates, faceprints, or facial recognition profiles.
- We do not use analytics, advertising trackers, or third-party tracking tools.
3. How We Process Your Photos
Understanding what happens to your photos is important, so here is exactly what our system does, step by step:
- You upload a photo. Your photo is sent over an encrypted connection (HTTPS) and stored on our secure cloud servers.
- Our AI detects the face. An automated system scans the photo to locate the face. It uses a machine learning model to identify facial landmarks (such as the position of the eyes) that are needed for alignment.
- The face is aligned and cropped. Using the eye positions, the system rotates and scales the image so that every photo in your timelapse is consistently framed. The result is a 1024×1024 pixel cropped image of the face.
- Detection data is discarded. The facial landmark coordinates used during alignment are processed entirely in memory. They are never saved to any database, file, or log. Once the cropping is complete, this data ceases to exist.
- Your timelapse video is generated. When all your photos are processed, Bloom automatically compiles them into a timelapse video using your chosen speed, quality, and resolution settings. A date stamp is added to each frame.
Important: Bloom does not perform facial recognition. We do not identify who is in a photo, compare faces across users, or build any kind of biometric profile. The face detection is used solely to align and crop your photos for a visually consistent timelapse.
4. Why We Process Your Information
Under GDPR, we need a legal basis for every type of data processing. Here are the bases we rely on:
| Data | Legal basis | Reason |
|---|---|---|
| Account information | Contract performance (Art. 6(1)(b)) | Necessary to provide you with an account and the Bloom service |
| Photos, cropped images, videos | Consent (Art. 6(1)(a)) | You provide explicit consent during onboarding for the processing of your photos, including photos of children |
| App preferences and video settings | Contract performance (Art. 6(1)(b)) | Necessary to deliver the service according to your preferences |
| Push notification tokens | Legitimate interest (Art. 6(1)(f)) | To send you daily reminders, which you can disable at any time |
| Notification logs | Legitimate interest (Art. 6(1)(f)) | To avoid sending duplicate reminders |
You can withdraw your consent for photo processing at any time by deleting your account (see How to Delete Your Data).
5. Children's Information
Bloom is designed for use by adults aged 18 and over. We verify your age during registration and do not allow anyone under 18 to create an account.
We understand that many parents use Bloom to create face timelapses of their children. This is the intended use of the app — parents documenting their child's growth over time.
If you upload photos of a child:
- You must be the child's parent or legal guardian.
- You confirm this during registration and again when you consent to data processing.
- Your child's photos receive the same security protections as all other data in Bloom.
- Your child's photos are processed in exactly the same way as adult photos — face detection, alignment, cropping, and video generation.
- No biometric templates or facial recognition profiles are created from your child's photos.
Children do not interact with Bloom directly. The app is operated entirely by the parent or guardian.
If you believe a child under 18 has created a Bloom account without parental consent, please contact us at hasna.robert@gmail.com and we will promptly delete the account.
6. Data Storage and Security
We take the security of your data seriously. Here are the measures in place:
- Encryption in transit — All data sent between your device and our servers is encrypted using HTTPS (TLS).
- Encryption at rest — Your photos, videos, and account data are encrypted on our servers by our infrastructure provider.
- Authentication — Access to your account is protected by a password (or OAuth provider) and secured with JSON Web Tokens (JWT) that expire daily.
- Data isolation — Your data is isolated from other users. You can only access your own photos, videos, and account information.
- Email verification — We verify your email address during registration to prevent unauthorized account creation.
- Transient processing data — Facial landmark coordinates used during photo alignment are computed in memory and never written to disk, databases, or logs.
Our infrastructure is provided by Supabase, which handles data storage and authentication. All data is stored in Supabase's eu-central-1 region (Frankfurt, Germany), within the European Union. We have a Data Processing Agreement in place with Supabase that governs how they handle your data on our behalf.
7. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account information (email, name, preferences) | While your account is active |
| Source images (your original photos) | While your account is active |
| Cropped images (aligned face images) | While your account is active |
| Timelapse videos | While your account is active |
| Push notification tokens | While your account is active |
| Notification logs | While your account is active |
| Facial detection data (alignment coordinates) | Not retained — processed in memory and immediately discarded |
When you delete your account, all of your data is permanently removed from our systems. See How to Delete Your Data for details.
Inactive accounts
If you do not have an active subscription and your account has had no activity (no photo uploads, no API requests) for 12 consecutive months, we will delete your account and all associated data. Before this happens, we will send you warning emails at 9 months, 11 months, and 1 week before the scheduled deletion, giving you the opportunity to log in and keep your account. Accounts with an active paid subscription are never considered inactive.
8. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share your data only with the following service providers, who process it on our behalf:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Cloud infrastructure — stores your account data, photos, and videos | All data listed in section 2 |
| Expo | Push notification delivery | Your device's push notification token and notification content |
Both providers process data under agreements that comply with GDPR requirements.
We may also disclose your data if required by law — for example, in response to a valid court order or legal obligation.
Business transfer: If Bloom is acquired by or merged with another entity, your data may be transferred to the new operator as part of that transaction. If this happens, we will notify you before your data is transferred and before any new privacy policy applies. The new operator will be bound by the same data protection obligations described in this policy until they notify you otherwise.
9. International Data Transfers
Bloom is operated from Romania, within the European Union. Your data is stored on Supabase's infrastructure in Frankfurt, Germany (EU). Your data remains within the European Union for storage and primary processing.
Some of our service providers (such as Expo for push notifications) may process limited data outside of the European Economic Area (EEA). Where this occurs, they do so under appropriate safeguards as required by GDPR, such as Standard Contractual Clauses or adequacy decisions by the European Commission.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — You can request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — You can ask us to correct any inaccurate data.
- Right to erasure (Art. 17) — You can ask us to delete your data. You can also do this directly from the app.
- Right to restrict processing (Art. 18) — You can ask us to temporarily stop processing your data.
- Right to data portability (Art. 20) — You can request your data in a structured, machine-readable format.
- Right to object (Art. 21) — You can object to processing based on legitimate interest (such as push notifications).
- Right to withdraw consent (Art. 7(3)) — You can withdraw your consent for photo processing at any time. Since photo processing is the core service, withdrawing consent means deleting your account.
To exercise any of these rights, email us at hasna.robert@gmail.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with Romania's data protection authority:
ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
Website: www.dataprotection.ro
11. How to Delete Your Data
Delete your entire account
You can delete your account at any time from Settings → Delete Account in the Bloom app. This permanently and irreversibly deletes:
- All your original photos (source images)
- All cropped images
- All generated timelapse videos
- Your notification history and push tokens
- Your video settings
- All person profiles you created
- Your account and all associated data
This action cannot be undone. Once deleted, your data cannot be recovered.
Delete individual photos
You can delete individual photos from the app without deleting your entire account. Deleting a photo removes both the original and cropped versions from our servers. If the deleted photo was part of a timelapse video, the video will be regenerated without it.
12. Changes to This Policy
We may update this privacy policy from time to time. If we make significant changes to how we handle your data, we will notify you through the app or by email before the changes take effect.
The "Last updated" date at the top of this page shows when this policy was last revised. We encourage you to review this page periodically.
13. Contact Us
If you have questions about this privacy policy, want to exercise your data rights, or have any concerns about how we handle your data:
- Email: hasna.robert@gmail.com
- Website: dailybloom.app
We aim to respond to all inquiries within 30 days.