Privacy Policy

Effective Date: 2026-05-29

Company: Noventra AI Ltd. (“buddybloom”, “we”, “our”, “us”)

Contact: noventraai2025@gmail.com

1. Overview

This Policy explains what data we collect when you use the buddybloom mobile app on iOS (the “Service”), how we use and share it, and your choices. buddybloom is a focus companion app: you run focus sessions, set goals, check in on how you feel, and an animated companion responds to you. By using the Service, you agree to this Policy.

2. Data We Collect

2.1 Account

• Sign-in: When you create an account we collect your email address and an authentication identifier, via email sign-in or Sign in with Apple / Google.

2.2 Content & Activity You Provide

• Onboarding answers: Your chosen companion character, motivation style, and the focus goals and tasks you type.
• Focus sessions: Session duration, intensity, completions, and quits (including an optional reason you select).
• Goals: The goals you add and when you mark them complete.
• Check-ins: A self-reported mood selected from a fixed set of options (e.g. “ready”, “tired”, “overwhelmed”). We store the selected option, not free-text descriptions of your mental or physical health.

2.3 Purchases

• Subscriptions: Subscription status, receipts, and entitlement data from the Apple App Store and our subscription provider (RevenueCat). We do not receive your full payment card details.

2.4 Usage & Diagnostics

• App interactions, screens viewed, feature usage, device type, OS version, and app version, used to understand how the app is used and to improve it. Before you sign up these events are tied only to a random anonymous identifier; after sign-up they are associated with your account. Where we associate analytics with your email, we use a one-way hashed (SHA-256) form of your email — never your raw email address.

3. How We Use Data

• Provide the core experience: run focus sessions, track streaks and goals, and power your companion.
• Generate the companion’s in-app messages (see Section 4).
• Operate, maintain, secure, and improve the Service (analytics, debugging, support).
• Verify purchases, manage subscriptions and entitlements.
• Communicate important changes to the Service or this Policy.

4. AI Processing & Model Training

Your companion’s lines are generated by third-party AI providers. To produce a line, we send context about the moment — such as your chosen character, the type of event (e.g. session start, goal completed), your current streak, and the goal or task title relevant to that moment — to an AI routing provider (OpenRouter) which forwards it to a language model (e.g. Google Gemini, Anthropic, or Meta models). We do not send your email, password, or payment data to these providers. We do not use your content to train AI models.

5. Third-Party Service Providers

We use trusted processors to deliver the Service; they act on our instructions and do not sell your data.

• Backend & storage: Supabase for secure hosting, authentication, and databases.
• Subscriptions: RevenueCat to manage entitlements, plus the Apple App Store for billing.
• AI text generation: OpenRouter and the underlying model providers (e.g. Google, Anthropic, Meta) for generating companion messages.
• Analytics: PostHog (hosted in the United States) for usage and diagnostics. No advertising trackers.
• Sign-in: Apple and Google for authentication.

6. Data Sharing

We do not sell your personal data. We share data only with:

• Service providers listed above to operate the Service.
• The Apple App Store to validate purchases and comply with store policies.
• Law enforcement or regulators if required by law.

7. Data Storage, Retention & Security

• Storage: Data is stored on secure cloud infrastructure with encryption in transit and at rest.
• Retention:
  • Account, profile, session, and goal data: kept while your account is active, until you request deletion, or after 24 months of inactivity (then we may delete).
  • Purchase/entitlement and analytics/diagnostic data: typically retained up to 24 months unless longer is required for fraud prevention, accounting, or legal obligations.
• Security: Access controls, least-privilege practices, and monitoring to reduce unauthorized access risks. No system is perfectly secure.

8. Your Choices & Rights

• Account & data: You can sign out in the app. For account or data access and deletion requests, email noventraai2025@gmail.com.
• Subscriptions: Manage or cancel anytime via your Apple account subscription settings.
• Notifications: You can disable notifications in your device settings.

9. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them.

10. International Transfers

Your data may be processed in countries outside your own, including the United States. Where required, we use appropriate safeguards.

11. Region-Specific Rights

California: You may have rights under the CCPA/CPRA; we do not “sell” or “share” personal information for cross-context behavioral advertising. To exercise any rights, contact us at the email below.

12. Changes to This Policy

We may update this Policy. Material changes will be posted in the app or at this URL with an updated effective date.

13. Contact Us

Questions or requests: noventraai2025@gmail.com

© 2026 Noventra AI Ltd. All rights reserved.