This policy explains what data Bloom (The Bloom Guide) collects, why we collect it, where it is stored, and the rights you have over it. We wrote it in plain language. If anything is unclear, email privacy@thebloomguide.app.

Effective date: 2026-04-28.

Who we are

Bloom is an iOS app that helps people find specialty third-wave coffee shops. Shops come from user submissions and are reviewed by curators before they appear in the app. The app is published under The Bloom Guide brand and is distributed through the Apple App Store.

What we collect and why

We collect only what the app needs to work. The list below is exhaustive for v1.

Account information

When you create an account we store:

• Your email address.
• A hashed version of your password (we never see or store the plaintext). This is managed by Supabase Auth.
• If you sign in with Apple: the stable Apple user identifier Apple returns to us, and the email address Apple shares (which may be a relay address).
• A profile row containing a username, an optional display name, and an optional home city you can edit.

We use account information to authenticate you, attribute the shops you submit, and link your saved shops to you across devices.

Location

Bloom requests location only while the app is in use. We never request "Always" location, and Bloom does not run location services in the background.

We use your location for two things:

• Centering the discover map on you.
• Sorting shops by distance from where you are.

Your location stays on the device. We do not transmit it to our servers, and we do not store a history of where you have been. The only time coordinates leave your device is when you submit a shop, and in that case the coordinates that travel are the shop's location, not yours.

Photos you upload

When you submit a shop, you attach exterior, interior, and menu photos. These are uploaded to Supabase Storage in a public bucket so they can be displayed in the app to other users. Before upload, the app strips EXIF metadata (including any GPS coordinates the camera embedded) so the photo's origin location is not exposed.

Submitted photos become part of the curated shop entry once approved. Photos attached to rejected or pending submissions are deleted when you delete your account (see "Deletion" below).

Submitted shop data

When you submit a shop we store the name, address, geographic coordinates, your eligibility quiz answers, the photos described above, and the OCR text extracted from the menu photo. Curators review this data before the shop is published.

Saved shops

When you tap save on a shop, we store a row containing your user ID and the shop ID. This list is mirrored to your device with SwiftData so the Saved tab works offline. We do not record when you view a shop, only when you save one.

On-device menu OCR

During submission, Bloom runs Apple VisionKit's on-device text recognition (VNRecognizeTextRequest) over the menu photo. The image and the recognized text stay on your device. They leave the device only if you confirm the submission, in which case both travel to our server as part of the shop record.

Crash reports

If you opt in to share analytics with app developers in iOS Settings, Apple sends us aggregated, anonymized crash diagnostics. This is the standard iOS flow and you can turn it off at any time in Settings → Privacy & Security → Analytics & Improvements.

What we do not collect

• No third-party analytics or tracking SDKs.
• No advertising identifiers.
• No browsing history, no contacts, no calendar, no microphone, no health data.
• No device fingerprinting.

Where data is stored

Bloom uses Supabase as its backend. Our Supabase project is hosted in the European Union region (Frankfurt). Account, profile, shop, submission, and saved-shop data live in a Postgres database there. Submitted photos live in Supabase Storage in the same region.

Apple handles Sign in with Apple and, if you opted in, crash diagnostics. Apple's privacy practices are at https://www.apple.com/legal/privacy/.

Third parties

We share data only with the processors and providers required to run the service.

• Supabase (data processor): hosts the database, authentication, and storage that back the app. Region: EU. Privacy notice: https://supabase.com/privacy.
• Apple (authentication provider and platform): provides Sign in with Apple, the App Store, and the iOS runtime.

We do not sell your data. We do not share it with advertisers. We do not use it to train machine learning models.

International transfers

If you use Bloom from outside the European Union, your data is transferred to and stored on servers in the EU. For users in the United States, we rely on the EU-U.S. Data Privacy Framework and standard contractual clauses where applicable.

How long we keep data

• Account data and profile rows: kept while your account exists.
• Saved shops: kept while your account exists.
• Pending and rejected shop submissions (including their photos and quiz answers): kept while your account exists.
• Approved shop submissions: kept indefinitely as part of the curated guide. When you delete your account we anonymize the submitter reference but the shop remains.
• Crash diagnostics from Apple: governed by Apple's retention policy.

Your rights

You have the following rights regardless of where you live. EU and UK residents have these rights under the GDPR. California residents have equivalent rights under the CCPA/CPRA.

• Access: request a copy of the data we hold about you.
• Correction: ask us to fix inaccurate data, or edit your profile and submissions in the app.
• Deletion: delete your account from inside the app (Profile → Settings → Delete account) or by emailing privacy@thebloomguide.app.
• Portability: request a machine-readable export of your data.
• Objection and restriction: ask us to stop or limit specific processing.
• Withdraw consent: where processing is based on consent, you can withdraw it at any time.
• Lodge a complaint: with your local data protection authority. EU residents can find their authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, email privacy@thebloomguide.app. We respond within 30 days.

Account deletion

You can delete your account from inside the app: Profile → Settings → Delete account. This calls a server-side function that removes:

• Your profile row.
• Your saved-shops list.
• Any pending or rejected shops you submitted, plus their photos and quiz answers.
• Your authentication record (email, password hash, Apple identifier).

For shops you submitted that were approved before deletion, the shop entry stays in the guide because the community relies on it, but the submitter reference is set to null so the shop can no longer be linked to you.

The deletion runs immediately. Backups are purged on a 30-day rolling cycle, so within 30 days no copy of your account data remains.

Children

Bloom is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child has created an account, email privacy@thebloomguide.app and we will delete the account.

Security

Connections to Supabase use TLS. Passwords are hashed using Supabase Auth's bcrypt-based scheme. Database access is restricted by row-level security policies so users cannot read or modify data that does not belong to them. Supabase Storage buckets containing user-submitted photos are public by design (the photos are meant to be visible in the app); private user data is never stored in those buckets.

No system is perfectly secure. If you suspect a vulnerability, email privacy@thebloomguide.app.

Changes to this policy

If we change this policy in a way that affects how we handle data, we will update the "updated" date at the top of this page and, for material changes, notify active users in-app or by email at least 14 days before the change takes effect.

Contact

Questions, requests, or complaints: privacy@thebloomguide.app.

Last updated: Mon Apr 27 2026 20:00:00 GMT-0400 (Eastern Daylight Time)