ThoughtBloom Privacy Policy
Last Updated: 31 August 2025
1) Introduction
ThoughtBloom (“ThoughtBloom,” “we,” “our,” or “us”) is an AI‑assisted journaling and music discovery web application. We take your privacy seriously and designed this policy to explain what we collect, why we collect it, and the choices you have. ThoughtBloom is currently in public beta; beta software can have bugs or downtime, so please keep your own backups of important content.
Contact: info@thoughtbloom.ai
2) Scope & Definitions
This policy applies to the ThoughtBloom website, app, and APIs hosted on thoughtbloom.ai, including serverless/edge functions (the “Service”). Terms such as “Personal Data,” “Controller,” “Processor” follow GDPR Article 4.
3) What We Collect
We collect the minimum data needed to run the Service. Categories include:
- Account Data – email address, hashed password or OAuth tokens, Supabase user ID, plan/tier.
- Journal & Media Data – journal entries, moods/tags, uploaded images, the prompts you enter for AI features, and AI outputs. When you use journal import, you may upload raw text/JSON that we process server‑side (see §5).
- Conversations (Listening Room) – your messages and the assistant responses, stored with the relevant thread.
- Usage & Diagnostics – timestamps, page routes, device/browser type, performance metrics, basic server logs; limited IP‑based signals used for security/rate‑limiting.
- Product Analytics & Marketing – event data (e.g., button clicks, funnel steps), page views, session duration, referrer/campaign parameters (see §6).
- Payments – handled by Stripe (billing details, last 4 of card, status); we store subscription status/plan, not full card numbers.
- Support – emails or messages you send us and related metadata.
- Derived Data – aggregates we compute (e.g., counts, summaries). We do not share your journal content with analytics or advertising vendors.
4) How We Use Data & Legal Bases
- Contract (GDPR Art. 6(1)(b)) – operate the Service (accounts, journaling, conversations, Liner Notes, deterministic Soundtracks), process payments, and provide support.
- Legitimate Interests (Art. 6(1)(f)) – security (abuse prevention, rate limits), product analytics to improve features, debugging, and uptime.
- Consent (Art. 6(1)(a)) – non‑essential cookies/trackers (e.g., Meta Pixel, GA4 advertising features) where required by law.
- Legal Obligation (Art. 6(1)(c)) – tax/accounting, responding to lawful requests.
We do not sell Personal Data. Under California law (CPRA), some ad/analytics integrations can be considered “sharing” for cross‑context behavioral advertising—see §11 for opt‑outs.
5) AI Processing (Server‑Side Only)
Provider: Google Gemini 2.0 Flash‑Lite via Google Cloud.
Where we use it today:
- Listening Room replies (chat)
- Liner Notes (short insights on entries)
- Journal Import Parsing – when you upload prior journals in plain text or JSON, we parse and structure that text server‑side into entries/tags/dates
- (Note: Soundtracks are not AI‑generated; see §7.)
How it works: All AI requests originate server‑side (Supabase Edge Functions). We send only the context needed for the task (e.g., your prompt + limited recent context for replies; the text you uploaded for import).
Model training: Per Google’s service documentation, API data sent for inference is not used to train Google models by default.
Storage: Your prompts/responses are stored in your account. Imported text is used to create structured entries and is not sent to analytics/advertising vendors.
6) Cookies, Pixels & Analytics (What Loads and Why)
We use a mix of first‑party analytics and third‑party marketing/measurement. Where required by law, non‑essential tags load only after consent.
6.1 Product Analytics – Mixpanel
Purpose: Understand feature adoption and funnels so we can improve the product.
Data: Event names (e.g., onboarding step completed), basic device info, timestamps, and a distinct_id (anonymous device ID prior to sign‑in; Supabase user ID after sign‑in). We do not send your journal text.
Opt‑out: Use your browser privacy tools to block analytics or email us to request suppression.
6.2 Site Analytics – Google Analytics 4 (Measurement ID G‑DDQRL4PX17)
Purpose: Traffic/engagement metrics and marketing performance.
Data: Page paths, events, device/browser, approximate location inferred by Google. GA4 does not store raw IP addresses in reports.
Opt‑out: Install Google’s opt‑out add‑on or block analytics cookies via your browser or consent banner (where available).
6.3 Advertising/Attribution – Meta (Facebook) Pixel
Purpose: Measure ad effectiveness and enable retargeting.
Data sent to Meta: Page URL/title, timestamp, cookies that recognize returning devices, device/browser signals, and IP‑derived approximate location (processed by Meta).
Opt‑out: Use our consent banner (where available), adjust Facebook ad preferences, or use tracker‑blocking tools. See also California “Do Not Sell or Share” in §11.
6.4 Essential Cookies
Authentication/security cookies (e.g., Supabase auth/session) are required for the Service to function and cannot be disabled within the app.
7) Soundtracks Are Deterministic (Non‑AI)
Our Soundtracks feature uses a rule‑based engine plus external catalogs: Last.fm and Apple iTunes (Apple Media Services). We query those services for artist/track metadata and cache results in our database. We do not send your journal text to those vendors—only the search terms needed (e.g., artist/title). Vendors necessarily receive IP/device data at the network layer when the server calls their APIs.
8) Sub‑Processors & Service Providers
We share data with trusted providers to run the Service:
| Provider | Purpose (Data Processed) |
|---|---|
| Supabase, Inc. | Database, authentication, storage (account data, journals, conversations, media) |
| Netlify, Inc. | Static hosting/CDN and TLS termination (site pages, assets) |
| Google Cloud (Gemini) | AI inference (prompts/context as described in §5) |
| Stripe, Inc. | Billing and payment processing (billing details, subscription status) |
| SendGrid (Twilio) | Transactional email (sign‑up, password reset) |
| Mixpanel, Inc. | Product analytics (event data; no journal text) |
| Google LLC (GA4) | Site analytics/measurement |
| Meta Platforms, Inc. (Pixel) | Ad attribution and retargeting |
| Legal Authorities | Data disclosure only when legally required |
We do not share journal content with analytics or advertising vendors.
9) Security
We use industry‑standard safeguards, including TLS for data in transit, encryption at rest for database/storage, and Row‑Level Security in Supabase to isolate each user’s data. Access to production systems is restricted to authorized personnel, and secrets are stored server‑side. No system can be 100% secure; please use a strong, unique password and keep your device secure.
10) Data Retention
- Account & Journals/Conversations: Kept until you delete them or close your account, plus up to 30 days in encrypted backups.
- Payments/Invoices: As required by law (typically 7 years).
- Analytics/Advertising: Retained per vendor defaults (see GA4/Meta/Mixpanel documentation) and our internal data minimization policies.
- Server Logs/Security Events: Retained for a reasonable period to ensure reliability and detect abuse.
11) Your Choices & Rights
Access/Correction/Deletion/Portability: Request a copy, fix inaccuracies, or delete your data by contacting info@thoughtbloom.ai. You can also export your journals from within the app (where available).
Withdraw Consent: Where consent is the basis, you can withdraw it (e.g., disable analytics/advertising cookies through the banner or your browser settings).
CCPA/CPRA (California): You have the rights to know, delete, correct, and to opt‑out of “sale”/“sharing” of Personal Information. We do not sell Personal Data. Because Meta Pixel may constitute “sharing,” you can opt‑out by (a) declining marketing cookies in the banner (where available) and/or (b) emailing us at info@thoughtbloom.ai with “California Opt‑Out” in the subject. We will honor applicable requests.
GDPR (EU/UK): You may exercise rights under Articles 15–21 (access, rectification, erasure, restriction, portability, objection). You also have the right to lodge a complaint with your local supervisory authority.
We will verify requests as required by law and respond within statutory deadlines.
12) Children’s Privacy
The Service is not intended for children under 13 (or older if required by local law). If you believe a child provided us Personal Data, contact info@thoughtbloom.ai and we will delete it.
13) International Data Transfers
We primarily process data in the United States. For EEA/UK/Swiss users, we rely on appropriate safeguards such as the EU–U.S. Data Privacy Framework, UK extension, and/or Standard Contractual Clauses as applicable.
14) Changes to This Policy
We may update this policy from time to time. Material changes will be announced by email and an in‑app banner at least 7 days before they take effect. The “Last Updated” date shows the current version.
15) Contact Us
Questions or requests about privacy? Email info@thoughtbloom.ai.