Privacy policy

Last updated: 2 May 2026 · Effective on first App Store release.

Plain English. Bloom is a curated coffee guide. It collects what it needs to sign you in, show shops near you, and let you submit shops. It does not track you across other apps or sites, sell data, or run third-party analytics. You can delete your account from inside the app.

Who this applies to

This policy covers the iOS app Bloom - The Specialty Coffee Guide ("Bloom", "the app") and the website at thebloomguide.app. Bloom is operated as a sole proprietorship by Stefan Bekker, the data controller for the purposes of the GDPR and UK GDPR. Privacy questions and data-rights requests go to [email protected]. Contact us by email at the address below; postal correspondence available on request.

What we collect

This list mirrors the privacy manifest shipped with the app and the privacy nutrition labels on the App Store.

Account data

Email address. When you sign in with email and password, or with Sign in with Apple (where you may choose to share or hide your real email; Apple's relay address is fine). Used to identify your account and to recover access.
User ID. A random identifier we assign to your account so your data can be linked to you inside Bloom.
Username and display name. If you set them. Public on shops you've submitted that have been approved by a curator.

Content you create

Shop submissions. The shop name, address, and the answers you give to the eligibility quiz. Stored linked to your account so curators can review and so you can see the status of your submissions.
Photos. Exterior, interior, and menu photos you upload during a submission. Photo location metadata (EXIF, including GPS) is stripped on the device before upload.
Saved shops. The shops you save inside the app. Linked to your account so the list is the same on every device you sign in on.
Blooms. The shops you've Bloomed (a single positive signal from someone who's visited). Linked to your account.
Reports and "Wrong for Bloom" submissions. If you report a shop as inaccurate, closed, or otherwise objectionable, or if you submit a "Wrong for Bloom" challenge arguing a shop doesn't fit the rubric, we store the report and your account ID so curators and super-curators can act on it.

Location

Precise location, while in use. Used to center the map on you and to find shops near you. The app sends your latitude and longitude to our server when you query the map, the server returns shops within radius, and the location you sent is then discarded. We do not store your device location, we do not keep a history of where you've been, and the location query is not linked to your account in our database. The app asks for permission the first time you tap "locate me" or pan the map. Foreground only; Bloom has no background-location entitlement. You can revoke permission in iOS Settings → Bloom at any time.

What we don't collect

No advertising identifier (IDFA, IDFV).
No third-party analytics, telemetry, or tracking SDKs. Bloom is not built on Mixpanel, Amplitude, Firebase, Sentry, Crashlytics, Datadog, or anything similar.
No third-party crash reporting. The crash reports Apple aggregates from devices that have opted in to "Share with App Developers" reach us through Apple's App Store Connect dashboard, governed by Apple's privacy policy, not ours.
No contacts, calendar, microphone, or health data.
No background location.
No selling of personal data, no sharing for advertising.

Our backend provider Supabase logs IP addresses and request metadata for security and rate-limiting under their own privacy policy, with retention per their terms. We do not read or use IP addresses for any product feature, and we do not link them to your account.

How we use it

To sign you in and keep your session active.
To show shops near you and let you save shops.
To accept submissions and route them to a curator for review.
To prevent abuse, for example by blocking submissions from accounts a curator has flagged.
To respond to support requests you send us.

We do not use your data for advertising, profiling, or training third-party AI models.

Legal bases (GDPR, UK GDPR)

Contract. Account creation, sign-in, saved shops, submission tracking, and account deletion are processing necessary to deliver the service you signed up for.
Legitimate interests. Curator review, abuse prevention, and security logging rely on our legitimate interest in running an editorially trustworthy guide and keeping it safe from spam, balanced against your interests.
Consent. Precise location is used only with your explicit iOS permission and only while the app is in use. You can revoke consent in iOS Settings at any time.

Who else sees it

Bloom relies on two service providers. There are no other SDKs and no other third parties.

Supabase. Postgres database, authentication, and file storage. Hosts your account row, your submissions, your saved shops, your Blooms, and your uploaded photos. The Bloom backend runs in a Supabase project hosted in the United States (us-east-1 region, AWS).
Apple. Sign in with Apple, the App Store, and Apple Maps directions when you tap "Directions" on a shop. If you use Apple's "Hide My Email" relay, the address we receive is an @privaterelay.appleid.com address; we do not see your real email.

We do not sell your personal data and we do not share it with advertisers.

How long we keep it

Account data: until you delete your account.
Submissions you make that are pending or rejected: kept for 24 months from the rejection date for moderation history, then removed. Pending submissions are removed when you delete your account.
Submissions you make that are approved: kept in the app, but the link to your account is removed when you delete your account. The shop record stays; it's curated content the community relies on.
Curator decisions, dissent records, "Wrong for Bloom" challenges, and editorial-challenge resolutions: kept for 24 months from the resolution date so curators and super-curators have history to draw on, then deleted.
Server logs: short rolling window measured in days.

Your rights

You can exercise any of the rights below by emailing [email protected] from the address on your account, or by using the in-app controls where they exist. We respond within 30 days.

Access. Ask for a copy of the personal data we hold about you.
Rectification. Edit your username and display name in the Profile tab. For corrections to a submitted shop, email us.
Erasure. Delete your account in Profile → Settings → Delete account, or ask us to delete it. This removes your profile, saved shops, Blooms, pending submissions, and rejected submissions. Approved shops you submitted stay in the app but are anonymized.
Restriction and objection. Ask us to pause processing or object to a specific use.
Portability. Ask for your data in a portable, machine-readable format.
Withdraw consent. Revoke location or photo access in iOS Settings → Bloom.
Lodge a complaint. If you're in the EU, UK, or Switzerland, you can complain to your local data protection authority. We'd rather hear from you first so we can fix it.

California residents (CCPA and CPRA)

If you live in California, you have the right to know what personal information we collect about you and how we use it, the right to delete it, the right to correct it, and the right to opt out of any sale or sharing for cross-context behavioral advertising. Bloom does not sell personal information and does not share personal information for cross-context behavioral advertising; the "Do Not Sell or Share" toggle is therefore a no-op, but we list the right here for completeness.

To exercise any California right, email [email protected] from the address on your account. You can use an authorized agent; we'll ask the agent to provide written authorization signed by you. We do not discriminate against you for exercising a privacy right.

Children

Bloom is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. The 16-year threshold matches the GDPR Article 8 default and applies worldwide for the Bloom service. If you believe a child under 16 has created an account or submitted data, email [email protected] and we will delete the account and the data.

Security

Traffic between the app and our servers is encrypted with TLS. Passwords are hashed by our authentication provider; we never see them in plaintext. Photos are stored in private Supabase Storage buckets gated by row-level access rules; only the submitter and curators can read submission photos before approval. No system is perfectly secure, but we apply reasonable controls.

International transfers

Personal data submitted through Bloom is stored and processed in the United States, on infrastructure operated by Supabase (us-east-1 region, AWS). For users in the European Economic Area, the United Kingdom, or Switzerland, this constitutes an international data transfer. Bloom relies on Supabase's Standard Contractual Clauses (SCCs) as the lawful basis for that transfer, and on supplementary technical measures including encryption in transit and at rest.

Changes

If this policy changes in a way that affects what we collect or how we use it, we'll update the "last updated" date above and, for material changes, surface a notice in the app before the change takes effect.

Contact

Privacy questions, data-rights requests, complaints: [email protected]. Postal correspondence available on request.