Bloom Care — Privacy Policy

How we handle your data and your patients' data

Last updated: April 18, 2026

Bloom Care is a provider-facing platform. This policy covers two categories of data: your data (as a healthcare provider) and patient data (accessed through the platform).

1. Provider Data We Collect

When you create a Bloom Care account, we collect and store:

Data	Purpose	Storage
Email address	Account identity & login	Cloudflare D1
Full name	Displayed to patients in consent modal	Cloudflare D1
NPI number	Provider verification via NPPES	Cloudflare D1
NPPES registry data	Name, credential, taxonomy, state (public data)	Cloudflare D1
Role & clinic name	Displayed to patients	Cloudflare D1
Password hash	Authentication (SHA-256, salted)	Cloudflare D1
Subscription status	Plan & patient limits	Cloudflare D1

We do not collect your location, device fingerprint, browsing history, or any data beyond what is listed above.

2. Patient Data — How It Works

This is the most important section of this policy. Please read it carefully.

Bloom Care does NOT store patient health data

Patient health data lives in the patient's Bloom account (encrypted in Cloudflare KV, controlled by the patient). When you view a patient's data through Bloom Care, you are reading it in real time through a secure API. The data is:

Never copied to Bloom Care's database
Never stored on your device beyond the active browser session
Never cached server-side
Never shared with third parties by Bloom Care

Patient consent governs all access

You send an invite — the patient must approve it in their Bloom app
The patient chooses exactly which data scopes to share
The patient can change or revoke consent at any time with immediate effect
You cannot access any data the patient has not explicitly consented to share

7 data scopes

Scope	What it includes
Cycle	Period dates, flow, mood, cycle length
Pregnancy	Week, due date, LMP, kick counts
Symptoms	Daily symptom logs, pain levels
Medications	Prescriptions & supplements
Appointments	Scheduled visits
Journal	Personal reflections & notes
Vitals	BBT, blood pressure, weight

Audit logging

Every time you access patient data, the following is recorded:

Your NPI and name
Which data scope was accessed
Timestamp of access
Type of action (read, linked, revoked)

This audit log is visible to the patient at all times in their Bloom app. It cannot be deleted or modified by the provider.

3. What We Do NOT Collect or Do

We do not read, access, or process patient health data for our own purposes
We do not sell any data — provider or patient — to anyone, ever
We do not use patient data for advertising, marketing, or profiling
We do not use tracking cookies or analytics on the provider dashboard
We do not share provider data with third parties except as listed in Section 4
We do not retain patient data after a session ends

4. Third-Party Services

Bloom Care uses the following third-party services:

Service	Purpose	Data shared
Cloudflare	Infrastructure (Workers, D1, KV)	Provider account data, API requests
NPPES	NPI verification	NPI number (public registry lookup)
Resend	Email delivery	Patient email (for invite only)
OpenRouter	AI features (optional)	Patient data only when provider requests AI summary
Polar.sh	Payment processing	Provider email, payment info (not stored by us)

Each service operates under its own privacy policy. We select services that offer strong privacy protections and, where available, HIPAA-compatible options.

5. Data Security

Encryption in transit: All data is transmitted over HTTPS (TLS 1.3)
Authentication: Provider sessions use HMAC-SHA256 signed tokens
Password storage: SHA-256 hashed with a unique salt — we cannot see your password
Patient data encryption: Patient backups in Cloudflare KV are encrypted with AES-256-GCM using a key derived from the patient's password (PBKDF2, 100,000 iterations). We cannot decrypt patient data.
NPI verification: Prevents unauthorized access by non-providers
Rate limiting: 50 invites per provider per day to prevent abuse

6. Your Rights as a Provider

Access: View all data we hold about your account
Correction: Update your name, clinic, or role at any time
Deletion: Delete your account — all patient links are immediately revoked, your data is permanently removed
Data export: Request a copy of your account data

7. Patient Rights (as enforced by Bloom Care)

Bloom Care enforces the following patient rights on behalf of Bloom app users:

Right to consent: No data access without explicit patient approval
Right to know: Full audit log of who accessed what and when
Right to limit: Patient can narrow which scopes are shared at any time
Right to revoke: Instant access termination, effective immediately
Right to transparency: Patient sees provider name, NPI, clinic, and verification status before consenting

8. HIPAA Considerations

Bloom Care is built with HIPAA-aligned technical safeguards:

Scoped, consent-based access control
Comprehensive audit logging
Encryption in transit and at rest
Instant access revocation
NPI-based provider identity verification

However, Bloom Care does not currently have Business Associate Agreements (BAAs) in place with all infrastructure providers. HIPAA-covered entities should conduct their own risk assessment before using Bloom Care with protected health information (PHI).

For enterprise BAA inquiries, contact ibloom.care.app@gmail.com.

9. Data Retention

Data type	Retention
Provider account	Until you delete it
Patient links	Until patient revokes or you delete account
Audit logs	Rolling 1,000 entries per patient (to be extended to 6 years for HIPAA)
Invite tokens	7 days (auto-expire)
Payment records	Managed by Polar.sh per their retention policy

10. Children's Privacy

Bloom Care is for licensed healthcare providers who are at least 18 years old. It is not intended for use by minors. Patient data shared through Bloom Care may include data from patients under 18 — in such cases, parental/guardian consent and applicable pediatric privacy laws apply.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email. Continued use of Bloom Care after changes constitutes acceptance.

12. Contact

Questions about privacy or data handling?

Email: ibloom.care.app@gmail.com