Privacy Policy for Abloom - Couples Questions
Last Updated: December 12, 2024
OUR COMMITMENT: Your privacy is fundamental to Abloom. We use end-to-end encryption for your answers, collect minimal data, and never sell your information. We cannot read your encrypted answers - only you and your partner can.
1. Introduction
This Privacy Policy describes how Abloom - Couples Questions ("we," "our," or "us"), developed and operated by Viksva, MB, a company registered in Vilnius, Lithuania, collects, uses, and protects your personal information when you use our mobile application and services.
2. Information We Collect
2.1 Information You Provide
| Data Type |
Description |
Purpose |
| Your Name |
First name you enter during setup |
Display to your partner, personalization |
| Question Answers |
Your responses to daily and bonus questions |
Share with your partner (encrypted) |
| Bucket List Items |
Dreams and goals you add |
Shared planning with partner |
| Important Dates |
Anniversaries, birthdays, special occasions |
Reminders and celebration tracking |
| Sticky Notes |
Drawings/messages for your partner |
Communication with partner |
| Mood Selection |
Optional mood when answering questions |
Context for your partner |
2.2 Information Collected Automatically
| Data Type |
Description |
Purpose |
| Device ID |
Unique identifier generated on your device |
Account identification, push notifications |
| Platform |
iOS or Android |
App functionality, notifications |
| Timezone |
Your device's timezone |
Daily question scheduling, reminders |
| App Version |
Version of Abloom installed |
Compatibility, updates |
| Push Notification Token |
FCM token for notifications |
Deliver daily reminders, partner alerts |
2.3 What We Do NOT Collect
- Email address (not required)
- Phone number
- Password (we use anonymous authentication)
- Location data
- Contacts
- Photos (except sticky note drawings you create)
- Browsing history
3. End-to-End Encryption
YOUR ANSWERS ARE ENCRYPTED: We use AES-256-CBC encryption to protect your question answers. Encryption happens on your device BEFORE data is sent to our servers. We cannot read your answers - only you and your partner have the decryption key.
3.1 How Encryption Works
- When you create a couple, a unique encryption key is generated
- This key is shared only between you and your partner's devices
- The key is stored securely:
- Android: EncryptedSharedPreferences (AES256-GCM)
- iOS: Keychain
- Your answers are encrypted on your device before upload
- We store only the encrypted (unreadable) version
- Your partner's device decrypts the answers locally
3.2 What This Means
- Our servers only see encrypted gibberish, not your actual answers
- Even our employees cannot read your answers
- If our servers were breached, your answers would remain protected
- Only devices with the shared encryption key can decrypt answers
4. Data Storage and Retention
| Data Type |
Storage Location |
Retention Period |
| Encrypted Answers |
Cloud (Firebase) |
Deleted after both partners sync - answers are removed from our servers once both you and your partner have viewed them |
| Decrypted Answers |
Local device only (SQLite) |
Until you delete app data or leave couple |
| Partner Connection |
Cloud |
Until account deletion |
| Bucket List Items |
Cloud |
Until you delete them or account deletion |
| Important Dates |
Cloud |
Until you delete them or account deletion |
| Sticky Notes |
Cloud (auto-saved every 2.5 seconds) |
Until you clear them or account deletion |
| FCM Tokens |
Cloud |
Marked inactive on logout; deleted on account deletion |
| Invite Codes |
Cloud |
Expire after 24 hours; kept for support verification |
| Deletion Tokens |
Cloud |
Kept indefinitely for account recovery |
| Premium Status |
Cloud + local cache |
Synced; local cache for faster app startup |
| Device ID |
Local device only |
Until app uninstall |
| Encryption Keys |
Local secure storage only |
Until account deletion or leave couple |
5. How We Use Your Information
- Core Functionality: Delivering daily questions, syncing answers with your partner, managing your couple connection
- Notifications: Sending daily reminders, alerting when your partner answers
- Premium Features: Managing subscription status, enabling premium features for both partners
- Support: Responding to your inquiries, verifying identity for account issues
- Improvements: Analyzing anonymized usage patterns to improve the app
6. Third-Party Services
6.1 Firebase (Google)
- Authentication: Anonymous sign-in (no personal info required)
- Firestore: Cloud database for storing couple data
- Cloud Messaging: Push notification delivery
- Cloud Functions: Backend processing (reminders, notifications)
6.2 RevenueCat
- Manages subscription status
- We do NOT handle payment processing directly
- RevenueCat does not receive your answers or personal messages
6.3 Apple App Store / Google Play Store
- Handle all payment processing
- Manage subscription billing
- We do not have access to your payment details
THIRD-PARTY NOTICE: These services have their own privacy policies. We encourage you to review them. We are not responsible for their data practices.
7. Data Sharing
7.1 We Share Data With:
- Your Partner: Answers, bucket list items, important dates, sticky notes (this is the app's purpose)
- Service Providers: Firebase, RevenueCat (as described above)
7.2 We Do NOT:
- Sell your personal information
- Share your data with advertisers
- Use your answers for AI training
- Share your information with other couples
- Provide data to third parties for marketing
8. Your Rights and Choices
8.1 Access and Deletion
- View Your Data: All your data is visible within the app
- Delete Individual Items: You can delete bucket list items, important dates, and clear sticky notes within the app
- Delete All Data: Request complete account deletion using your Deletion Token (see Support page)
- Leave Couple: You can leave your current couple, which clears your local data and encryption keys
8.2 Notification Preferences
In Settings, you can control:
- Daily reminder notifications (on/off, time)
- Partner answered notifications
- Quiet hours (no notifications during specified times)
8.3 Data Portability
Your answer history is stored locally on your device and can be accessed within the app's History section.
9. Data Security
- Encryption in Transit: All data transmitted uses HTTPS/TLS
- Encryption at Rest: Answers encrypted with AES-256-CBC before storage
- Local Security: Encryption keys stored in platform secure storage (Keychain/EncryptedSharedPreferences)
- Access Controls: Firebase security rules restrict data access to authorized users only
SECURITY DISCLAIMER: While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You acknowledge that you provide data at your own risk.
10. Children's Privacy
Abloom is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own (including the United States where Firebase servers are located). We ensure appropriate safeguards are in place for such transfers.
12. GDPR Rights (European Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Portability: Receive your data in a portable format
- Right to Object: Object to certain processing
- Right to Withdraw Consent: Withdraw consent where applicable
To exercise these rights, contact us at mbviksva@gmail.com.
13. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your rights
14. Changes to This Privacy Policy
POLICY UPDATES: We may update this Privacy Policy at any time. We will update the "Last Updated" date at the top of this page when changes are made. Your continued use of the app after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
15. Data Retention After Deletion
When you delete your account:
- Your profile and couple connection are removed
- Your answers in shared sessions are anonymized (replaced with "[Deleted]") rather than deleted, so your partner retains their own answer history
- Your bucket list items, important dates, and sticky notes are deleted
- Your FCM tokens and deletion token are deleted
- Anonymized analytics data may be retained
- Audit logs of the deletion are kept for compliance
16. Contact Information
17. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW:
- We shall not be liable for any unauthorized access to or alteration of your data
- We are not responsible for data breaches at third-party service providers
- We are not liable for data loss due to device failure, app uninstallation, or user error
- We are not responsible for content your partner shares or how they use shared information
- This app is for entertainment purposes - we are not liable for any relationship outcomes
SUMMARY: We collect minimal data, encrypt your answers end-to-end, delete encrypted answers from our servers after both partners sync, never sell your data, and give you control over your information. Your privacy matters to us.