Privacy Policy
Last updated: July 16, 2026
Bloomly ("we," "our," or "the app") is a career journaling app developed by Olana. This policy describes how we collect, use, and protect your information.
Information We Collect
- Account information: Name and email address when you sign in with Apple or Google
- Journal content: Journal entries, voice recordings (processed for transcription then discarded), performance reports, and career goals you create within the app
- Image attachments: Up to four images per entry (photos, screenshots, or documents) that you choose to attach. Attachments are stored in our cloud storage alongside the entry they belong to and are deleted when you delete the entry or your account.
- Work artifacts: If you use Work Capture, the emails you forward to your private Bloomly inbox address and the files, images, or PDFs you share into the app from elsewhere. We extract and summarize their text so they can serve as evidence in your reports. Forwarded email text and the generated summary are stored in our cloud database; shared images and PDFs up to a size limit are kept in our private cloud storage alongside their extracted text, so the original stays available with the entry it supports, and are deleted when you delete the artifact or your account; larger files are processed transiently and deleted once their text has been extracted. You control which email senders feed your reports — unrecognized senders are held for your review before anything they send is used.
- Profile data: Job title, company, location, years of experience, resume text, and the career goals and challenges you share during onboarding or in Settings
- Usage analytics: Product usage events (e.g., onboarding steps, feature usage) tied to a pseudonymous account identifier, collected through our analytics provider to improve the app experience. No journal content is included in analytics.
- Crash data: Crash reports and basic diagnostics through our crash reporting provider. For signed-in users, reports may include a pseudonymous account identifier so we can diagnose recurring problems. Journal content is not included.
- Subscription data: Purchase and subscription status managed by our subscription provider and Apple
- Push notification token: If you grant notification permission, your device's push token so we can deliver report-ready alerts (see Push Notifications below)
How We Use Your Information
- To provide app functionality: storing your journal entries, generating AI-powered insights, and performance reports
- To sync your data across devices when you sign in
- To process your voice recordings into text using our AI transcription service
- To generate AI insights and reports using our AI service provider
- To extract and summarize the work artifacts you forward or share, so they can serve as evidence in your reports
- To manage your subscription status
AI Processing
Your journal entries, profile information, and the content of any work artifacts you forward or share — including the text of forwarded emails and text extracted from shared documents, PDFs, and images — are sent to our AI service provider to generate insights, reports, coaching responses, summaries, and voice transcription. Journal and profile data are sent through an authenticated server-side proxy (never directly from your device); work artifacts are processed server-side after they reach our systems. The proxy enforces rate limiting and only forwards specific, whitelisted models and fields — it cannot be used as a general-purpose AI relay. Your content is not used to train any third-party model: our AI provider's API data usage policy excludes data sent through their API from being used for model training.
Data Storage and Security
- Your data is stored locally on your device and synced to our cloud database when you sign in
- All data is transmitted over HTTPS
- Sensitive credentials and private API keys are kept server-side. The app includes public client identifiers and client keys required to connect to its service providers; these values do not grant administrative access.
- Authentication uses industry-standard JWT tokens
International Users
Bloomly is operated from the United States. If you use Bloomly from outside the U.S. — including the European Economic Area, the United Kingdom, the United Arab Emirates, Saudi Arabia, Egypt, Bahrain, Kuwait, Morocco, or Qatar — your information will be transferred to and processed in the United States and other countries where our service providers operate, including cloud infrastructure for storage, AI processing for journal insights, subscription management, product analytics, and crash reporting. By using Bloomly, you consent to this transfer. We rely on standard contractual safeguards with our processors and apply equivalent protection regardless of where you live.
iOS App Advertising Measurement
To understand whether our own Apple Search Ads campaigns work, the iOS app uses only Apple's privacy-preserving attribution. If you install Bloomly after tapping one of our Apple Search Ads, Apple provides a privacy-preserving attribution token through its AdServices framework. Our subscription provider (RevenueCat) uses that token to attribute the install — and any resulting trial or subscription — to a campaign, in aggregate. This does not involve Apple's advertising identifier (IDFA), and it does not track you across other companies' apps and websites.
The iOS app does not use any third-party advertising or attribution SDKs, does not request App Tracking Transparency permission, and does not track you as defined by Apple. We use this data solely to measure the performance of our own Apple Search Ads campaigns. We do not build advertising profiles, and Bloomly never shows ads.
Website Analytics and Advertising
When you visit bloomly.cc, we use first-party analytics and service providers including PostHog and Ahrefs to understand website visits and page use. We also use the TikTok Pixel and Events API to measure the effectiveness of website advertising. Depending on your browser and settings, these tools may process the page URL, referring page, interactions, device and browser information, approximate location derived from your IP address, cookie or session identifiers, campaign parameters, and advertising click identifiers.
These website tools are separate from the iOS app. They do not receive your journal entries, reports, voice recordings, work artifacts, or other content stored in Bloomly.
Data Sharing
We do not sell or rent your personal information. Your data is only shared with the service providers required to operate the app:
- Our AI processing partner: To generate insights, reports, coaching responses, voice transcription, and summaries of the work artifacts you forward or share
- Our subscription management provider: To track and validate your subscription status, and to attribute Apple Search Ads installs to a campaign in aggregate (see iOS App Advertising Measurement above)
- Our product analytics provider: For pseudonymous product usage measurement using an account identifier and coarse product or account characteristics (no journal content, name, or email included)
- Our crash reporting provider: For diagnostic crash data, which may include a pseudonymous account identifier for signed-in users (no journal content included)
- Apple: As required for App Store and subscription processing, and for privacy-preserving Apple Search Ads attribution
We can provide the current list of subprocessors on request at the contact address below.
Push Notifications
If you grant notification permission, Bloomly delivers a single alert when a new performance report (weekly, mid-month, semi-annual, or annual) is ready, so you can open it from the Reports tab. We do not send marketing pushes, silent push, critical alerts, or time-sensitive interruptions, and the notification payload contains only the report period — never journal content. You can revoke notification permission at any time in iOS Settings → Bloomly → Notifications.
Third-Party Platform Posts
Bloomly can generate draft posts for LinkedIn and X based on your recent entries, either as feed suggestions at a cadence you set, or on demand. Drafts are produced server-side from your entries and shown to you for review. When you tap to share, Bloomly hands the draft to the LinkedIn or X app or website using their standard composer; from that moment forward, the content is governed by that platform's terms and privacy policy. Bloomly does not post on your behalf, and we do not receive engagement data from those platforms.
Data Retention and Deletion
- Your data is retained as long as your account is active
- You can delete your account at any time from Settings → Account → Delete Account. Deletion cascades server-side through your journal entries, image attachments, work artifacts (including forwarded emails and their summaries), performance reports, profile, and your subscription-provider customer record. Active subscriptions must be canceled separately in your Apple ID settings, since Apple controls subscription billing.
- Local data can be removed by deleting the app
Your Rights
You can access your data in the app and delete your account through Settings. To request a copy of your data, or to exercise other data rights, contact us at [email protected]. Depending on where you live, you may have additional rights under local data protection law — including the right to access, correct, restrict, object to, or port your personal data, and to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact us at the email above.
Children's Privacy
Bloomly is not intended for children under 13. We do not knowingly collect information from children.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through the app.
Contact
If you have questions about this policy, contact us at [email protected].