Section 1
Scope and Audience
This Privacy Policy applies to:
- The Mom's Bloom iOS and Android mobile application.
- Mom's Bloom public legal, privacy-choice, account-deletion, and support pages.
- Mobile-account, mobile-subscription, support, safety, security, privacy-request, and compliance operations related to the service.
This service is intended for adults only and is not directed to children or minors. If local law treats a user as a minor even when the app is available through an app store, that use must be reviewed before launch or continued processing.
Section 2
Who We Are
- Controller / operator
- JSS AI Labs
- Registered address
- Counsel-required production blocker: registered address must be finalized before production release.
- Privacy contact
- momsbloom@jssailabs.com
- Support contact
- momsbloom@jssailabs.com
If your local law gives you a right to contact a supervisory authority, regulator, data-protection authority, or consumer-protection agency, you may also do so.
Section 3
Information We Collect
Pregnancy, reproductive-health, fertility, loss, mental-wellness, symptom, contraction, kick-count, and pregnancy-photo information can reveal highly sensitive consumer-health and reproductive-health facts. We treat those categories as sensitive even if a particular law uses a different label.
Depending on how you use Mom's Bloom, we may collect the following categories of information.
3.1 Account, profile, and consent information
- Name, email address, user ID, login metadata, authentication provider details, and account status.
- Pregnancy role and profile fields such as due date, gestational age/current week, trimester, pregnancy type, and related profile context.
- Consent records for Terms, Privacy Policy, health-data consent, consent withdrawal, platform, app version, timestamp, and similar audit evidence.
3.2 Pregnancy, reproductive-health, wellness, and baby-related information
- Pregnancy profile details, expected due date, gestational-age calculations, trimester, pregnancy milestones, and related pregnancy journey context.
- Symptoms, wellness check-ins, mood or mental-wellness entries, screening-related entries, hydration, nutrition, supplements, activity/sleep context if used, and similar self-entered wellness records.
- Contraction timing, kick counts, appointment notes, visit-prep records, hospital-bag or checklist items, weekly reflections, pregnancy support notes, and similar tracking information.
- Maternal metrics if entered or supported, such as weight, blood pressure, or other pregnancy-related measurements.
- Baby-related data you choose to enter, such as baby name/nickname, baby profile context, milestones, and pregnancy/baby journal content.
3.3 Chat, AI, and generated-support information
- Messages, prompts, questions, and context you send to Bloom, Bubble, or other Mom's Bloom AI-supported features.
- Responses generated by AI systems.
- Chat metadata such as private-mode flags, timestamps, feature context, safety/escalation flags, and continuity context.
- Derived data such as memories, summaries, reflections, insight artifacts, and personalization context created to support continuity and requested app functionality.
3.4 Photos and mobile media
- Belly photos and related metadata, such as week, storage path, capture source, sharing flags, export metadata, and timestamps.
- Photos or files you intentionally upload, create, export, save, or share through mobile features.
- Device permissions or operating-system signals related to camera, photo library, media picker, and saved exports, depending on platform and feature use.
3.5 Partner and family sharing information
- Linked-partner identifiers, invitation/linkage metadata, and connection status.
- Partner check-ins and partner-specific support data.
- Couple Mood Bridge signals or translated support prompts where both sides have opted in.
- Partner reactions to shared content where the feature is used.
- Content you intentionally share with a partner or family recipient through supported mobile sharing features.
3.6 Notifications, mobile device, diagnostics, and analytics
- Push notification tokens, such as Firebase Cloud Messaging tokens.
- Reminder timing preferences, notification categories, and notification settings.
- App version, platform, app instance/runtime metadata, device compatibility information, security/app-attestation signals, and diagnostic metadata.
- Crash reports, sanitized error details, app-performance information, and product usage events used to understand feature adoption, app stability, and product quality.
3.7 Subscription, purchase, support, and legal-request information
- Subscription status, entitlement state, billing-owner status, store transaction metadata, and subscription lifecycle events.
- Support messages, privacy-request correspondence, deletion/export request records, grievance records, and related verification evidence.
- We do not process full payment card numbers directly in the app; Apple App Store and Google Play process store-managed payment information.
3.8 How data may be created or received
- User-provided: account details, pregnancy profile entries, symptoms, check-ins, photos, chat prompts, support messages, sharing choices, and privacy requests.
- App-generated or inferred: gestational age, trimester, reminder schedules, milestones, summaries, memories, insights, safety/escalation flags, and personalization context.
- Device/app metadata: platform, app version, push token, app integrity signals, diagnostics, analytics events, and permission status.
- Processor-generated: authentication events, subscription entitlement events, crash/diagnostic outputs, AI responses, and backend processing logs.
- Partner/family-shared: limited content, reactions, or support signals provided by a linked partner or recipient where a feature is enabled.
Section 4
Sources of Information
We collect information:
- Directly from you when you sign up, complete onboarding, log health or pregnancy information, upload photos, use chat, manage subscriptions, contact support, or submit a privacy request.
- From your mobile device or app runtime when you enable notifications, use camera/media features, use app features, or encounter app errors.
- From linked partners or authorized family recipients where a feature is designed to share limited information or support signals.
- From processors and service providers that support authentication, subscriptions, messaging, analytics, diagnostics, AI processing, cloud infrastructure, and support operations.
- From Apple App Store, Google Play, RevenueCat, Firebase, Supabase, Google Cloud, and similar processors where needed for app functionality, subscription status, security, diagnostics, or service operations.
Section 5
How We Use Information
We use information for the following purposes:
Account and mobile app functionality
- Examples of data used
- Account identity, profile, consent records, app/device metadata
- Notes
- Create and maintain your account, authenticate access, sync settings, and operate iOS/Android app features.
Pregnancy tracking and personalization
- Examples of data used
- Due date, gestational age, symptoms, mood, hydration, nutrition, supplements, appointments, contractions, kicks, milestones, baby-related data
- Notes
- Provide requested tracking, journaling, reminders, summaries, weekly content, and personalization.
AI support and continuity
- Examples of data used
- Chat prompts, selected profile/health context, prior messages, memories, summaries, safety/escalation context
- Notes
- Generate supportive responses and continuity features. AI is informational only and not medical advice.
Reminders and push notifications
- Examples of data used
- Push token, notification permissions, reminder preferences, due dates, appointments, app settings
- Notes
- Send or schedule reminders and operational messages where enabled.
Partner/family sharing
- Examples of data used
- Linked-partner metadata, shared entries, bridge opt-ins, partner reactions
- Notes
- Provide optional sharing features that you enable or use.
Photos/media features
- Examples of data used
- Belly photos, metadata, exports, sharing flags
- Notes
- Store, display, export, and optionally share pregnancy photo content.
Subscription management
- Examples of data used
- Entitlements, store transaction metadata, subscription lifecycle events
- Notes
- Verify access, manage paywall/subscription state, and support billing issues.
Fraud, abuse, security, and integrity
- Examples of data used
- Auth logs, device/app metadata, app-attestation signals, diagnostic data, consent audit records
- Notes
- Protect users, prevent abuse, investigate incidents, and maintain compliance evidence.
Analytics and diagnostics
- Examples of data used
- App usage events, crash reports, performance data
- Notes
- Improve reliability and feature quality. Current posture is first-party analytics only and requires final product/store verification before launch.
Support, legal compliance, and privacy requests
- Examples of data used
- Support messages, request metadata, identity verification evidence, consent and deletion records
- Notes
- Respond to support, legal, regulator, privacy, grievance, and deletion/export requests.
Section 6
How We Disclose Information
We may disclose information in the following circumstances. We do not grant unrestricted access to your pregnancy records to partners, processors, advertisers, or app stores.
6.1 Service providers and processors
- Supabase for authentication, database, storage, realtime, edge functions, and account-deletion operations.
- Google Cloud Vertex AI for AI response generation and related prompt/context processing.
- Firebase App Check, Firebase Cloud Messaging, Firebase Crashlytics, and Firebase Analytics for app integrity, push messaging, crash diagnostics, and first-party product analytics.
- RevenueCat for subscription operations and entitlement synchronization.
- Apple App Store and Google Play for store billing, app distribution, subscriptions, refunds/cancellations where store-managed, and platform compliance.
- Support tooling, email, website hosting/CDN, and operational tools if used for public legal pages, support requests, privacy requests, or security operations. Final tooling inventory must be verified before launch.
6.2 Partner or family recipients you authorize
If you use partner-linking, family-sharing, export, or sharing features, we may disclose the selected information to the recipient you authorize or to the sharing destination you choose. Not all information is shared.
- Private chat mode is designed to remain private.
- Couple Mood Bridge signals require opt-in conditions.
- Belly photo sharing is feature-based and not automatic for every photo.
- Exported files may leave the controlled app environment once you save or share them outside Mom's Bloom.
6.3 Legal, safety, and business necessity disclosures
- Comply with law, regulation, court order, or lawful request.
- Protect users, our service, or the public from harm.
- Investigate or address fraud, abuse, security issues, or policy violations.
- Support a corporate transaction, reorganization, merger, sale, or financing, subject to applicable confidentiality and legal requirements.
Section 7
Sensitive Health and Reproductive Data
Mom's Bloom processes information that may qualify as health data, consumer health data, reproductive-health data, or other sensitive personal data under applicable law.
This includes, depending on feature use, pregnancy status, due date, gestational age, symptoms, contractions, kicks, mood and mental-wellness entries, hydration, nutrition, supplements, appointments, weight/blood pressure where used, baby-related information, belly photos/media, AI prompts/responses about pregnancy or wellness, and partner/family sharing content.
We process this information only for the purposes described in this Policy and the separate Health Data Notice.
We apply heightened caution to these categories because they may reveal pregnancy, reproductive choices, health concerns, mental-wellness status, family context, or other sensitive facts.
Important commitments for this service
- We do not sell your health data.
- We do not use your health data for targeted advertising.
- We do not use the app for cross-app tracking.
- We require separate health-data consent for certain personalized AI and health-related experiences.
Section 8
AI, Automation, and Safety
Mom's Bloom uses AI systems to generate chat responses, summaries, memories, and support content. This may involve sending user inputs and selected contextual records to backend systems and AI providers so the requested feature can function.
Our AI features are intended to be supportive and informational only. They are not designed to diagnose, treat, cure, prevent, monitor, predict, or triage medical conditions or pregnancy outcomes. AI output may be incomplete, outdated, inaccurate, hallucinated, or not tailored to your medical history, medications, pregnancy complications, clinician instructions, or local care pathway.
Mom's Bloom is not automatically subject to HIPAA merely because it is a health-related app. HIPAA status depends on the business model and whether we act for a covered entity or business associate. Counsel must review any future clinical, employer, insurer, provider, or business-associate relationship before launch in that channel.
Any future feature or claim involving diagnosis, treatment, emergency triage, medication dosing, fetal or maternal risk assessment, clinical monitoring, provider workflows, or clinical decision support requires product, counsel, regulatory, and clinical review before launch.
Section 9
Consent, Permissions, and Withdrawal Effects
Mom's Bloom separates different choices so that accepting one item does not silently become consent for unrelated optional processing.
Account Terms acceptance
- What it covers
- Contractual terms for using the service
- Withdrawal or refusal effect
- If you do not accept required Terms, you may not be able to create or continue using an account.
Privacy Policy acknowledgment
- What it covers
- Notice that explains personal-data processing
- Withdrawal or refusal effect
- If a required acknowledgment is not completed, account access may be limited until the required notice flow is complete.
Health-data consent
- What it covers
- Processing pregnancy, reproductive-health, wellness, and related sensitive data for certain personalized health and AI features
- Withdrawal or refusal effect
- If refused or withdrawn, health-context features may stop, operate in limited mode, or provide less personalized responses. Existing data may be deleted through account deletion or privacy requests, subject to lawful retention exceptions.
AI processing notice/consent where required
- What it covers
- Sending prompts, selected context, and generated outputs through backend AI systems
- Withdrawal or refusal effect
- AI features may be unavailable or less personalized where the required notice or consent is not active.
Analytics/diagnostics choice
- What it covers
- Product analytics, crash diagnostics, and performance monitoring
- Withdrawal or refusal effect
- A separate public analytics toggle was not confirmed in the current repo state. This is a launch gap to verify; diagnostics may remain necessary for security/reliability where permitted by law.
Partner/family sharing consent
- What it covers
- Sharing selected content or support signals with a linked partner or recipient
- Withdrawal or refusal effect
- Disabling or not using sharing prevents future feature-based sharing, but content already seen, saved, screenshotted, exported, or retained by a recipient may not be recoverable by us.
Push notification permission
- What it covers
- Mobile operating-system permission and app reminder preferences
- Withdrawal or refusal effect
- You can disable push notifications in device settings or app settings where supported; reminders and push delivery may stop.
Photo/camera/media permissions
- What it covers
- Camera, photo library, media picker, and export/save features
- Withdrawal or refusal effect
- Refusal may prevent photo capture, upload, or save/export features from working.
Subscription purchase consent
- What it covers
- Store-managed purchase, renewal, cancellation, refund, and entitlement records
- Withdrawal or refusal effect
- Cancellation is handled through Apple App Store or Google Play. Deleting Mom's Bloom data does not automatically cancel a store subscription unless the store flow also cancels it.
Account deletion and retention boundaries
- What it covers
- In-app deletion scheduling, grace period, purge, backups, legal records, security records, subscription/accounting records
- Withdrawal or refusal effect
- Deletion removes live account data after the disclosed process, subject to lawful retention exceptions, backup cycles, archived consent evidence, fraud/security records, subscription/accounting records, and processor propagation time.
We aim to make choices clear and non-coercive. Withdrawal generally affects future processing that relies on consent. It does not always require deletion of data already processed where another lawful basis or legal exception applies, but you may separately request deletion as described below.
Section 10
Retention, Export, and Deletion
We retain information for as long as needed to provide the service, satisfy legal or operational requirements, resolve disputes, enforce agreements, and protect the integrity of the service.
Examples
- Account, profile, and pregnancy-journal data are generally retained until a deletion request is purged after the disclosed 30-day grace period, subject to lawful retention exceptions.
- Consent records and related audit evidence may be retained longer where legally necessary.
- Diagnostics, analytics, support, privacy-request, and subscription records may be subject to provider-specific retention schedules or legal/accounting requirements.
- Backup or archived copies may persist for a limited time before deletion cycles complete.
- Processors may need reasonable time to propagate deletion or apply their own lawful retention obligations.
10.1 Data export
The app currently provides an in-app JSON export for a substantial set of profile and journal data. Export scope may not include every operational, processor-held, diagnostic, subscription, consent-audit, or derived record in every case. Additional request-based export may be available where required by law.
10.2 Account deletion
The app currently supports in-app account deletion through a two-phase flow. After confirmation, the account is suspended immediately and scheduled for permanent deletion 30 calendar days later unless it is restored before that deadline. The final purge is intended to remove live account data and associated content, including belly-photo storage objects, subject to lawful retention exceptions, backup cycles, archived consent evidence, security/fraud records, subscription/accounting records, and processor limitations.
Section 11
Your Rights and Choices
Depending on where you live, you may have rights such as:
- Accessing or knowing information we hold about you.
- Correcting inaccurate information.
- Deleting information.
- Requesting portability of certain information.
- Withdrawing health-data consent.
- Limiting optional partner-sharing or notification features.
- Objecting to, restricting, or opting out of certain processing where local law provides that right.
- Appealing denial of a privacy request where required by law.
- Contacting a supervisory authority, regulator, or consumer-protection agency.
11.1 In-app choices
- Schedule account deletion from within the app, with a 30-day grace period before permanent purge.
- Export a JSON copy of major profile and journal data.
- Manage certain notification settings.
- Manage certain couple-sharing settings such as Couple Mood Bridge opt-in.
- Use private chat mode for supported chat flows.
11.2 Request-based choices
If you want to exercise a right that is not yet fully self-service in-app, contact us at momsbloom@jssailabs.com. For health-data consent withdrawal or privacy-choice questions, use the Privacy Choices page.
Section 12
International Transfers
Mom's Bloom and its processors may store or process information in jurisdictions other than your own. Where required, we rely on appropriate contractual, organizational, or technical safeguards for cross-border transfers.
For EU/UK users, counsel must finalize the transfer mechanism analysis, including whether standard contractual clauses, UK addenda, transfer-risk assessments, adequacy decisions, supplementary measures, or other safeguards are required for each processor. For India and other jurisdictions, counsel must confirm the current transfer rules and any restricted-country or notice requirements before launch.
Section 13
Security
We use administrative, technical, and organizational safeguards designed to protect personal information and health-related information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Repo-backed examples include consent audit records, server-side access controls, storage cleanup on account deletion, push-token handling, and crash-log sanitization designed to reduce leakage of sensitive app content.
Section 14
Adult-Only Service
Mom's Bloom is intended for adults. We do not intend to direct the service to children or minors. If you believe a child has provided personal information to us, contact momsbloom@jssailabs.com so we can review and act appropriately. Counsel must confirm how the adult-only posture interacts with local age-of-majority, app-store family, and India DPDP child-data requirements before launch.
Section 15
Region-Specific Notes
15.1 U.S. state consumer-health privacy notice
Counsel-required applicability note: U.S. state consumer-health privacy laws, including Washington's My Health My Data Act-style requirements, may apply depending on user residency, entity status, data categories, exemptions, and launch operations. The following notice is drafted as a high-sensitivity consumer-health baseline and must be finalized by counsel.
Consumer health data categories may include pregnancy status, due date, gestational age, symptoms, contraction/kick logs, mood and mental-wellness entries, hydration, nutrition, supplements, appointments, weight/blood pressure where used, baby-related data, reproductive-health context, belly photos/media, AI prompts/responses about health, AI-derived health summaries, partner/family health-sharing content, and related mobile metadata when linked to health features.
Sources include you, your mobile device/app runtime, app-generated inferences, linked partners or authorized recipients where used, and processors that support app functionality. Purposes include account operation, pregnancy tracking, personalization, AI support, reminders, safety/escalation prompts, subscriptions, security/fraud prevention, diagnostics, analytics, support, legal compliance, and privacy-request handling.
Processor/service-provider categories include cloud backend and storage, AI processing, app integrity, push messaging, crash diagnostics, first-party analytics, subscription management, app stores, legal-page hosting, and support operations. Authorized third-party recipients may include a linked partner or recipient you choose, app stores for subscription/billing operations, and legal/safety recipients where law permits or requires. No non-processor affiliate health-data sharing is confirmed in the current repo-backed product state; counsel and product must verify before launch.
Consumer-health rights may include rights to know/access, confirm processing, obtain a copy, delete, withdraw consent, obtain a list of categories of third parties or affiliates with whom consumer health data is shared, appeal denials, and other rights provided by law. Submit requests to momsbloom@jssailabs.com or through supported in-app flows.
We do not use geofence targeting around healthcare or reproductive-health facilities. We do not sell consumer health data. Any future proposal to sell consumer health data, or to engage in a use treated as sale, sharing, targeted advertising, or tracking under applicable law, would require counsel-approved disclosure and any legally required consent or authorization before that change begins.
15.2 California and other U.S. state privacy notices
Counsel-required applicability note: California CCPA/CPRA and other U.S. state privacy laws may or may not apply depending on thresholds, exemptions, business model, revenue, data volume, and entity status. Counsel must confirm applicability before launch.
Potential personal-information categories include identifiers, contact information, account records, internet/app activity, device/app metadata, sensitive personal information, health/reproductive-health information, user content, photos/media, subscription records, support records, and inferences. Sensitive information may include pregnancy/reproductive-health data, mental-wellness data, account credentials/authentication data, and precise data categories designated by applicable law.
Potential rights may include access/know, deletion, correction, portability, opt out of sale/share/targeted advertising, limit use/disclosure of sensitive personal information, non-discrimination, appeal, and authorized-agent handling where required. We currently state a no-sale, no-targeted-advertising, and no-cross-app-tracking posture, but product/counsel must verify the final analytics, ATT, SDK, and store-disclosure configuration. Retention is described in Section 10 and must be finalized in the retention schedule.
15.3 EEA, UK, and GDPR/UK GDPR notes
Counsel-required applicability note: GDPR/UK GDPR applicability, controller details, representative needs, DPO needs, local supervisory authority information, lawful-basis wording, special-category conditions, international-transfer mechanisms, and DPIA requirements must be finalized by counsel before launch.
Controller/operator: JSS AI Labs, with registered address pending counsel finalization.
Lawful bases by purpose may include:
- Account creation, authentication, app functionality, subscription access, and requested support: performance of a contract or steps requested before entering a contract.
- Required legal notices, consent records, tax/accounting records, legal requests, and compliance evidence: legal obligation where applicable, or legitimate interests where legal obligation does not apply.
- Security, fraud prevention, abuse prevention, app integrity, and service reliability: legitimate interests, balanced against user rights and sensitive-data risks.
- Optional push notifications, photo/media permissions, partner/family sharing, and certain AI/personalization features: consent where required by law or platform rules.
- Health, reproductive-health, and mental-wellness processing: explicit consent where relied on for special-category data, unless counsel identifies a different valid Article 9/UK GDPR condition for a specific purpose.
- First-party analytics and diagnostics: consent or legitimate interests depending on local ePrivacy/PECR requirements, SDK configuration, and whether data is strictly necessary.
- Safety/escalation prompts: performance of requested service, legitimate interests, explicit consent, vital interests, or another basis may be relevant depending on context; counsel must finalize.
EU/UK rights may include access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority, and rights related to automated decision-making. Withdrawing consent does not affect processing already performed before withdrawal and may not affect processing based on another lawful basis.
Mom's Bloom does not intend to make decisions producing legal or similarly significant effects solely by automated processing. AI-generated outputs, safety prompts, personalization, and analytics must not be represented as clinical determinations.
15.4 India DPDP notes
Counsel-required applicability note: India's Digital Personal Data Protection Act, 2023 and implementing rules/effective provisions must be confirmed by counsel before launch.
Where applicable, Mom's Bloom should provide clear notice of personal-data categories, purposes, consent, withdrawal methods, grievance handling, and contact details before or at the time of processing. Privacy and grievance contact: momsbloom@jssailabs.com.
Potential DPDP rights and obligations may include access to information about processing, correction, completion, updating, erasure, grievance redressal, consent withdrawal, consent-manager interactions where applicable, processor management, reasonable security safeguards, breach notification to the Data Protection Board and affected users where required, and restrictions for children's data. Because Mom's Bloom is adult-only, any suspected child or minor use must be escalated and reviewed.
Cross-border transfer rules, significant data fiduciary status, consent wording, notice format, and breach/rights response requirements require counsel finalization.
Section 16
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we may publish a new version, update the effective date, and where required ask for renewed consent in-app.
Section 17