Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password, and profile picture
• Skin Profile: Skin type, concerns, sensitivities, and goals
• Daily Logs: Skin condition ratings, face zone assessments, photos (optional)
• Lifestyle Data: Sleep patterns, water intake, stress levels, exercise, diet information
• Product Usage: Products you track, ratings, and notes
• Feedback: Reviews, survey responses, and support communications

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App features used, frequency of use, interaction patterns
• Log Data: IP address, access times, app crashes, system activity
• Location Data: General location (country/region) for weather correlation (optional)
• Analytics Data: App performance metrics and usage statistics

1.3 Information from Third Parties

• Social Media: If you connect social accounts, we may receive basic profile information
• Payment Processors: Transaction confirmations (we do not store payment card details)
• Research Partners: Aggregated skincare research data from PubMed and other sources

2. How We Use Your Information

2.1 To Provide Services

• Create and maintain your account
• Track and analyze your skin health progress
• Generate personalized insights and recommendations
• Match products to your skin profile
• Provide AI-powered skin analysis
• Sync data across your devices

2.2 To Improve Our Services

• Analyze usage patterns to enhance features
• Develop new functionalities
• Train and improve our AI models (using anonymized data)
• Conduct research on skincare trends
• Fix bugs and improve performance

2.3 To Communicate with You

• Send app notifications and reminders
• Provide customer support
• Send important updates about the service
• Send marketing communications (with your consent)
• Request feedback through surveys

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties.

3.1 With Your Consent

We may share your information when you explicitly consent, such as when you choose to share your progress on social media or participate in community features.

3.2 Service Providers

We work with trusted third-party services that help us operate our app:

• Cloud Storage: Amazon Web Services for secure data storage
• Analytics: Google Analytics for app usage insights
• Email Services: SendGrid for transactional emails
• Payment Processing: Stripe for subscription management
• Customer Support: Zendesk for support tickets

These providers are contractually obligated to protect your information and can only use it to provide services to us.

3.3 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally for research, marketing, or business purposes.

3.4 Legal Requirements

We may disclose information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect rights, property, or safety.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit using TLS and at rest using AES-256
• Access Controls: Strict access controls and authentication for our systems
• Regular Audits: Security audits and vulnerability assessments
• Data Centers: Secure, SOC 2 certified data centers
• Employee Training: Regular privacy and security training for our team
• Incident Response: Established procedures for handling security incidents

While we strive to protect your information, no method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying you promptly of any breach affecting your personal data.

5. Your Privacy Rights

5.1 Access and Portability

You can access and download your data at any time through the app's settings. We provide data export in standard formats (JSON, CSV).

5.2 Correction and Update

You can update your personal information directly in the app or by contacting support.

5.3 Deletion

You can request deletion of your account and personal data. Some information may be retained for legal or legitimate business purposes.

5.4 Opt-Out Rights

• Marketing communications: Unsubscribe link in emails or app settings
• Push notifications: Device settings or app settings
• Analytics: Opt-out through app settings
• Personalized recommendations: Toggle off in privacy settings

5.5 Do Not Track

We respect Do Not Track browser settings and will not track users who have enabled this feature.

6. International Data Transfers

HadaBloom operates globally. Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Adequate data protection agreements with all processors

7. Children's Privacy

HadaBloom is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

If you are between 13 and 18, please review this policy with your parent or guardian before using HadaBloom.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to equal service and price
• Right to delete personal information

To exercise these rights, contact us at privacy@hadabloom.com or call 1-800-HADABLOOM.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights:

• Legal Basis: We process data based on consent, contract, legitimate interests, or legal obligations
• Data Minimization: We only collect data necessary for specified purposes
• Right to Object: You can object to processing based on legitimate interests
• Right to Restriction: You can request we limit processing of your data
• Right to Lodge a Complaint: You can complain to your local data protection authority

Our EU representative can be reached at eu-privacy@hadabloom.com

10. Data Retention

We retain your information for as long as necessary to provide services and fulfill the purposes outlined in this policy:

• Account Data: Retained while account is active plus 30 days
• Skin Logs: Retained for the life of your account
• Photos: Retained until you delete them
• Analytics Data: Anonymized after 2 years
• Marketing Data: Until you opt-out plus legal requirements
• Legal Records: As required by applicable laws

11. Third-Party Links

HadaBloom may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy in the app
• Sending you an email notification
• Displaying a prominent notice in the app

Your continued use of HadaBloom after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

For EU residents: eu-privacy@hadabloom.com
For California residents: ca-privacy@hadabloom.com