MindBloom: Data Usage

 

HERE YOU MAY REQUEST DELETION OF DATA AND/OR YOUR MINDBLOOM ACCOUNT

Google Play Data Safety Disclosure for MindBloom

DATA COLLECTED (stored on your server)

Data TypeCollectedPurposeRequired

Email addressYesAccount creation & loginYes

Password (hashed)YesAuthenticationYes

NameYesPersonalization (greeting, AI companion)Yes

Wellness goalsYesPersonalize responses: Yes& AI responsesYes

Mood logs (mood level 1-5, optional note)YesMood tracking feature, AI contextYes

Chat messagesYesAI companion conversation historyYes

Self-care logs (water, sleep, exercise, medication, journal)YesSelf-care tracking featureYes

Breathing session data (technique, duration)YesActivity trackingYes

Course/lesson progress & quiz scoresYesTrack learning progressYes

Push notification tokens (device token, device type)YesSend notificationsNo

DATA SHARED WITH THIRD PARTIES

DataThird PartyPurpose

Chat messages (user's messages only)Abacus AI (LLM API at apps.abacus.ai)Processed by AI model to generate Blaze the Fox companion responses. Messages are sent to the Abacus AI API for real-time AI response generation.

No other user data is shared with or transferred to any third party. No advertising SDKs, analytics SDKs, crash reporting SDKs, or tracking libraries are included in the app.

DATA SENT OFF DEVICE BY LIBRARIES/SDKs

LibraryData SentDestination

Expo SDK (runtime)Minimal device metadata (OS version, app version) for update checksExpo servers (expo.dev)

OpenAI client library (used to call Abacus AI)Chat message content + conversation context (mood, goals, course progress)Abacus AI API (apps.abacus.ai) — used to generate AI companion responses

No Firebase, Google Analytics, Sentry, advertising, or other telemetry SDKs are included.

WEBVIEWS

The app does not use webviews to collect or transfer user data.

DATA HANDLING PRACTICES

• Encryption in transit: All data transmitted over HTTPS/TLS

• Encryption at rest: Database hosted on managed PostgreSQL with encryption at rest

• Data deletion: Users can delete their account, which cascades deletion of all associated data (mood logs, chat history, progress, self-care logs, push tokens)

• No data sold: User data is never sold to third parties

• No advertising: No ads or ad-related data collection

• No location data collected

• No financial/payment data collected (one-time purchase handled entirely by Google Play)

Summary for the Play Console form:

• Does your app collect or share any of the required user data types? → Yes

• Is all user data encrypted in transit? → Yes

• Do you provide a way for users to request data deletion? → Yes (account deletion)

• Data types to declare: Email, Name, Other personal info (wellness goals, mood, journal entries), App interactions (chat messages, course progress, breathing sessions)

• Data shared: Chat messages shared with Abacus AI for AI processing only — not for advertising, not sold