bloom

This policy is under review. Last updated April 18, 2026. For questions, contact rjhungate@gmail.com.

Privacy Policy

Effective April 18, 2026 · Last updated April 18, 2026

Bloom IVF (“Bloom,” “we,” “us”) provides a patient experience and clinical coordination platform for in vitro fertilization (IVF) treatment. This policy explains what information we collect, how we use it, and the choices you have.

Information we collect

  • Account information: your name, mobile phone number, and (optionally) email address.
  • Health and cycle data: treatment protocol, medication schedule, dose confirmations, lab results, monitoring appointments, journal entries, symptoms, and communications with your care team. This data is provided to Bloom by your fertility clinic acting as your covered entity under HIPAA, or entered by you.
  • Device and usage information: IP address, browser type, pages viewed, and timestamps. Used for security (rate limiting, account lockout) and operational logging. We do not use third-party ad or analytics pixels.

SMS and Communications

When you provide a phone number, you consent to receive transactional SMS from Bloom. The SMS program is strictly limited to patient care and account security. Bloom sends:

  • Authentication codes: 6-digit one-time passcodes used to sign in to your account.
  • Medication and appointment reminders: sent only after you opt in to SMS reminders from your patient portal settings. Clinic staff do not receive patient SMS reminders on your behalf.
  • Care-coordination notices: trigger-shot timing alerts, Bloom Box delivery updates, and urgent messages from your care team that you have requested via SMS.

Message frequency varies based on your treatment cycle and reminder preferences. Message and data rates may apply; rates are set by your wireless carrier, not Bloom.

SMS data is never sold. We do not share your phone number, SMS content, or SMS opt-in status with third parties for marketing, advertising, or any purpose unrelated to providing the Bloom service. Our only SMS subprocessor is Twilio, who transmits messages under a business-associate agreement.

How to opt out: reply STOP to any Bloom SMS to unsubscribe from that category. Reply HELPfor support. You may re-enable SMS at any time from your patient portal settings. Opting out of SMS does not affect in-app notifications or your clinic's ability to contact you through other channels.

How we use information

  • Deliver the Bloom coordination and reminder service.
  • Enable your clinic to manage your care.
  • Operate the AI Guardian safety-check tool on clinical protocols.
  • Provide account security, audit logs, and regulatory compliance.
  • Improve product reliability using aggregated, de-identified metrics (for example, dose confirmation rates across all patients).

How we share information

  • Your clinic and its authorized staff (physicians, nurses, coordinators) see the data necessary to manage your care.
  • Support people you invite (partner, family, friend) see only the categories you explicitly authorize in the support invite form.
  • Partner pharmacy receives the medications and shipping address required to fulfill your Bloom Box order.
  • Subprocessors (hosting, database, SMS, email, card processing) operate under business-associate agreements and process data only to provide the Bloom service. We do not sell your data.
  • Legal requirements: we may disclose information when required by law, to prevent harm, or to enforce our Terms.

Data retention

Health and cycle data is retained for the duration of your active treatment and for a period of seven (7) years thereafter, consistent with medical-records retention standards. Authentication logs are retained for one (1) year. Aggregated de-identified metrics may be retained indefinitely. You may request deletion of your account at any time; we will retain only the minimum data required by law.

HIPAA posture

Bloom operates as a business associate to its clinic customers, who are the covered entities under HIPAA. We maintain a business associate agreement (BAA) with every clinic and with every subprocessor that touches protected health information. We follow the HIPAA Security Rule's administrative, physical, and technical safeguards, and will notify affected parties in the event of a breach in accordance with 45 CFR §§ 164.400–414.

Your rights

Depending on your state of residence, you may have the right to access, correct, or delete the personal information we hold about you, and to object to certain processing. To exercise any of these rights, contact compliance@bloomivf.ai. Most patient-facing rights (reviewing your record, correcting clinical data) are coordinated with your clinic, which holds the underlying medical record.

Children

Bloom is intended for adults (18+). We do not knowingly collect information from children. If you believe a minor has provided personal information, contact us at the address below and we will delete the account.

Security

We encrypt data in transit (TLS 1.2+) and at rest, require multi- factor authentication for clinic staff, and maintain audit logs of access to protected health information. No system is perfectly secure; please tell us immediately at compliance@bloomivf.ai if you suspect unauthorized access to your account.

Changes to this policy

We will update this policy from time to time. When we make material changes we will notify you by email (if you've provided one) or through the Bloom app, and we will update the “Last updated” date at the top of this page.

Contact

For privacy questions, data requests, or to report a security issue, contact compliance@bloomivf.ai. For anything else, reach us at rjhungate@gmail.com.

See also: Terms of Service.