WinBloom
Back to Support

Privacy Policy

Effective May 2, 2026

Privacy Policy

This Privacy Policy applies to the WinBloom iOS application and WinBloom website (together, the "Service"), created by Ali Hassan Amin (the "Service Provider") as a free service. This Service is intended for use "AS IS".

Effective date: 2026-05-02

Information We Collect

We collect the following categories of personal information:

  • Profile data: display name and nickname (optional), and email address when provided by your sign-in provider.
  • Authentication data: sign-in provider identifiers (Apple or Google) and your Supabase user UUID.
  • App content: wins you create, including title, note text, category, and timestamps.
  • Social feature data: friend requests (requester/recipient IDs, status, timestamps), friendship connections, and limited friend-garden summaries (nickname/display name fallback, weekly win count, streak, and category color petals).
  • Settings data: app and website preferences you choose (for example theme, text size, reduced motion, and policy-notice acknowledgement), stored locally on your device/browser.
  • Notification preference data: whether you allow local reminders in iOS. Reminder scheduling occurs on-device.
  • Technical data: IP address and request metadata processed by our infrastructure providers for security, abuse prevention, and service reliability.

We do not collect precise geolocation, contacts, photos, camera or microphone recordings, health data, or advertising identifiers (IDFA).

How We Use Your Information

  • Profile and authentication data: to create and maintain your account and let you sign in securely.
  • Win entries: to store, display, and organize your wins and streaks.
  • Social feature data: to process friend requests, maintain friend connections, and show limited friend-garden summaries to accepted friends.
  • Settings data: to remember your selected preferences across sessions on the same device/browser.
  • Notification preference data: to request permission and schedule local daily reminders on iOS when enabled by you.
  • Technical data: for security monitoring, abuse prevention, and troubleshooting.

No Tracking, No Advertising

WinBloom does not use advertising identifiers (IDFA), cross-app tracking SDKs, behavioural analytics platforms, or third-party ad networks. We do not sell personal data or share data with data brokers. The website stores a local theme preference in your browser solely for appearance settings, not for advertising or cross-site tracking.

Sign In with Apple

The Application uses Sign In with Apple to authenticate users. When you sign in with Apple, Apple may provide us with your name and email address (or an Apple-generated private relay email address) at your discretion. We receive a unique Apple user identifier that persists across sign-ins. We do not receive your Apple ID password. Apple's privacy policy applies to the data Apple itself collects: https://www.apple.com/legal/privacy/.

Sign In with Google

The Application also supports Sign In with Google via OAuth. When you sign in with Google, Google may provide us with your name and email address. We receive a unique Google user identifier. We do not receive your Google password. Google's privacy policy applies to the data Google itself collects: https://policies.google.com/privacy.

Third-Party Data Processors

We use the following third-party services to operate the Service:

Supabase (Supabase Inc.)
Role: Backend database and authentication infrastructure.
Data received: authentication identifiers, profile information, win entries, friendship/friend-request records, and related metadata needed to run the Service.
Supabase Privacy PolicySupabase Terms of Service

Apple (Sign in with Apple)
Role: Identity provider for optional sign-in.
Apple Privacy Policy

Google (Sign in with Google)
Role: Identity provider for optional sign-in.
Google Privacy Policy

We do not use Google Analytics, Firebase Analytics, advertising SDKs, or third-party behavioral analytics.

How We Share Information

  • With infrastructure providers: we share data with Supabase to host authentication and database functionality.
  • With other users (social features): accepted friends can see your nickname/display name fallback, weekly win count, streak status, and category-color petal summaries. They do not receive your private win titles or notes through friend-garden views.
  • For legal and safety reasons: we may disclose information when required by law or to protect the rights, safety, and integrity of the Service.

Legal Basis for Processing (EEA / UK Users)

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): processing your authentication data and win entries to deliver the service you requested.
  • Legitimate interests (Art. 6(1)(f) GDPR): retaining IP logs for security and fraud prevention.
  • Consent (Art. 6(1)(a) GDPR): processing optional profile fields (name, nickname, email) that you voluntarily provide.

You may withdraw consent for optional data at any time by editing or deleting your profile.

Data Retention

  • Win entries: retained until you delete them, or until your account is deleted.
  • Profile information: retained until edited or removed by you, or until account deletion.
  • Friendships and friend requests: retained while your account remains active, and removed when related accounts are deleted.
  • Authentication identifier: retained while your account remains active.
  • Local settings: kept on your device/browser until you clear app/browser data or uninstall.
  • Provider technical logs: retained by infrastructure providers according to their operational and legal requirements.
  • Upon account deletion: account deletion is triggered immediately through our backend deletion flow, and associated records are removed from active systems subject to provider backup/log retention windows.

Your Rights

Right to Delete Your Data
You can delete your account and all associated data directly within the app:
Share tab → Settings → "Delete Account"
This flow removes your wins, profile, and authentication account through a secure backend deletion function.

Right to Access Your Data
You may request a copy of personal information we hold about you by emailing support@winbloom.app with the subject "Data Access Request." We will respond within a commercially reasonable timeframe.

Right to Correct Your Data
You can update your display name and nickname in the app via Share tab → Edit Profile. Email identity values are managed by your sign-in provider (Apple or Google); contact us at support@winbloom.app if you need help with account records.

Right to Data Portability (EEA / UK)
You may request an export of your personal data in a machine-readable format by emailing support@winbloom.app with the subject "Data Portability Request."

Opt-Out
You can stop ongoing collection by deleting your account, uninstalling the iOS app, or stopping use of the website. You can also disable iOS notifications in system settings at any time.

Age Requirements

WinBloom is not directed at children. You must be at least 16 years of age to use this Application (or the minimum age required in your country, if higher). If you are under 16, do not use this app or provide any personal information. If we discover that a user is under the required minimum age, we will promptly delete their account and data.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information the Service Provider processes and maintains. However, no method of transmission over the internet or electronic storage is 100% secure.

Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA). If you reside in the European Economic Area, the General Data Protection Regulation (GDPR) also applies to your personal data. If you reside in California, the California Consumer Privacy Act (CCPA) applies.

The data controller is: Ali Hassan Amin, Toronto, Ontario, Canada. Contact: support@winbloom.app.

Changes to This Policy

This Privacy Policy may be updated from time to time. When we update it, we will revise the effective date and publish the updated version in the app and on the website. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.

Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us.

Contact Us

If you have any questions regarding privacy while using the Service, or have questions about these practices, please contact the Service Provider at support@winbloom.app.

Questions? Contact us at support@winbloom.app