Privacy Policy
Effective date: March 26, 2026
1. INTRODUCTION
Bloomly is a mobile application for couples, operated by Nuralabz, a company registered in Poland. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data.
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Polish data protection law. If you have any questions about this policy or how we handle your data, contact us at tom@nuralabz.com.
By using the App, you acknowledge that you have read and understood this Privacy Policy.
2. DATA CONTROLLER
The data controller responsible for your personal data is:
Nuralabz Registered in Poland Contact: tom@nuralabz.com
3. WHAT DATA WE COLLECT
We collect only the data necessary to provide and improve the App. This includes:
Data you provide directly:
| Data | Purpose |
|---|---|
| Name | To identify your account and personalise your experience |
| Email address | To manage your account, send service communications, and provide support |
| Profile picture | To personalise your in-app profile |
| Anniversary date | To enable personalised features within the App |
| Content you upload (photos, videos, journal entries) | To provide the core journaling and sharing features of the App |
Data we collect automatically:
| Data | Purpose |
|---|---|
| Device type and operating system | To ensure compatibility and diagnose technical issues |
| App version | To manage updates and bug fixes |
| IP address | For security monitoring and fraud prevention |
| Usage data (features used, session duration, interactions) | To understand how the App is used and improve it |
| Language and timezone settings | To provide the correct localised experience |
Location data (with your explicit consent):
We collect your real-time location only if you choose to enable location sharing within the App. This is an optional feature. Specifically:
- We store only your most recent known location - we do not build or retain a location history.
- Location data is deleted when you disable the feature or delete your account.
- Location may be collected in the background if you have enabled widgets or background location features.
You can withdraw consent for location sharing at any time through your device settings or within the App.
4. LEGAL BASIS FOR PROCESSING
Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Contract performance (Article 6(1)(b) GDPR): Processing your account information, content, and subscription data is necessary to provide the App and fulfil our agreement with you.
- Legitimate interests (Article 6(1)(f) GDPR): We process usage data and device information to improve the App, ensure security, and prevent fraud - provided these interests are not overridden by your rights.
- Consent (Article 6(1)(a) GDPR): We rely on your consent to process your location data and to send you marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Legal obligation (Article 6(1)(c) GDPR): We may process data where required by applicable law.
5. HOW WE USE YOUR DATA
We use your data to:
- Create and manage your account.
- Provide and maintain the App's features and functionality.
- Enable connection and content sharing between you and your partner.
- Send service-related notifications (e.g. security alerts, account updates).
- Send marketing communications, where you have consented. You can unsubscribe at any time via the link in any marketing email or by contacting us.
- Monitor and improve the App's performance and stability.
- Detect and prevent fraud, abuse, and unauthorised access.
- Comply with legal obligations.
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
6. DATA SHARING
We do not sell your personal data. We share it only in the following limited circumstances:
Service providers. We use trusted third-party providers to operate the App, including cloud hosting (e.g. Amazon Web Services, Google Cloud, Cloudflare) and email delivery services. These providers act as data processors under written agreements and are prohibited from using your data for any purpose other than providing their services to us.
Your connected partner. Content you create or upload within the App is shared with your connected partner as part of the App's core functionality. You control what you upload.
Legal requirements. We may disclose your data if required to do so by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Nuralabz, our users, or others.
Business transfers. If Nuralabz is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance if this occurs and your data will remain subject to this Privacy Policy.
7. INTERNATIONAL DATA TRANSFERS
Your data may be stored or processed outside the European Economic Area (EEA) by our third-party infrastructure providers. When this occurs, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Transfers only to providers who meet equivalent data protection standards.
For more information about the safeguards in place for international transfers, contact us at tom@nuralabz.com.
8. DATA RETENTION
We keep your data only for as long as necessary for the purposes described in this policy.
| Data type | Retention period |
|---|---|
| Account data (name, email, profile) | Retained while your account is active. Deleted immediately upon account deletion. |
| User-generated content (photos, videos, journals) | Retained while your account is active. Deleted upon account deletion. |
| Location data | Only the most recent location is stored. Deleted when location sharing is disabled or account is deleted. |
| Backup copies | Retained for up to 90 days after deletion for disaster recovery. Encrypted and inaccessible during normal operations. |
| Aggregated/anonymised usage data | May be retained indefinitely as it cannot identify you. |
If your account is inactive for 12 consecutive months, we may deactivate it and delete your content. We will notify you before doing so. For accounts with a lapsed subscription, premium content is retained for up to 3 months after the subscription expires.
9. YOUR RIGHTS UNDER GDPR
As a user in the European Union (or as protected by GDPR), you have the following rights regarding your personal data:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate or incomplete data.
- Right to erasure: You can request that we delete your personal data. You can also delete your account directly in the App (Profile > Settings > Delete Account).
- Right to restriction of processing: You can ask us to pause processing of your data in certain circumstances.
- Right to data portability: You can request your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time without affecting prior lawful processing.
- Right to lodge a complaint: You have the right to lodge a complaint with the Polish data protection authority (UODO - Urząd Ochrony Danych Osobowych) at uodo.gov.pl, or with the supervisory authority in your EU member state of residence.
To exercise any of these rights, contact us at tom@nuralabz.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
10. DATA SECURITY
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include:
- Encryption of data in transit and at rest.
- Access controls limiting data access to authorised personnel only.
- Regular security reviews and vulnerability assessments.
- Secure, geographically redundant infrastructure.
- Automated backups retained for up to 90 days.
No system is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected users directly.
If you suspect your account has been compromised, contact us immediately at tom@nuralabz.com.
11. CHILDREN'S PRIVACY
Bloomly is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has created an account, we will delete their data promptly.
If you are a parent or guardian and believe your child has used the App, please contact us at tom@nuralabz.com.
12. COOKIES AND TRACKING TECHNOLOGIES
The App itself does not use browser cookies. Our website may use cookies and similar technologies (such as web beacons) to track usage and improve our content. You can control cookie settings through your browser.
We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry standard for how such signals should be interpreted.
13. THIRD-PARTY LINKS
The App may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their practices.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For significant changes, we will notify you through the App or by email.
Your continued use of the App after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree, please stop using the App and delete your account.
15. CONTACT AND COMPLAINTS
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: tom@nuralabz.com
We aim to respond to all enquiries within 48 hours on business days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Polish data protection authority:
UODO (Urząd Ochrony Danych Osobowych) Website: uodo.gov.pl