🌸 MHS BLOOM — Privacy Policy
Last updated: June 2026 | Effective: June 2026
Your data is yours — your device, your data. Your personal content (such as your skin profile, beauty diary, favorites, language, and mode) is stored on your device and is not uploaded to our cloud. In our cloud we keep only the minimum needed to run your account and subscription. We do not sell your personal data.
1. Who We Are
MHS BLOOM ("the App") is a cosmetic reference application developed by MH-SYNAPTIX. The App provides dermocosmetic product information for educational and reference purposes only. It does not provide medical advice, diagnosis, or treatment.
The App is intended for adults (18 and over). The App is supported primarily through an optional PRO subscription and may also feature sponsored or promoted content from brands, which is identified as such where shown.
Contact: mhsynaptix@gmail.com
2. Data Stored Only on Your Device
The following data is stored locally on your device and is not transmitted to our servers. Uninstalling the App or deleting your account removes it from your device:
- Skin profile — skin type, cosmetic and care preferences, region, age range (optional)
- Beauty diary — your personal notes and entries
- Favorites — products you save
- Language preference and Mode (Consumer/Professional) and theme
3. Data We Collect
3.1 Account Data (Firebase Authentication)
- Email address — for account creation and sign-in
- Display name — provided at sign-up, shown in your profile
- Authentication tokens — for secure login (stored encrypted on your device)
3.2 Subscription Data
- Subscription status — free, trial, or PRO (and plan/tier)
- Purchase tokens — provided by Google Play and processed via RevenueCat to verify and manage your subscription. We do not store your card or payment details.
3.3 Sponsored Content
The App does not integrate third-party advertising networks and does not use a device advertising identifier for ad targeting. The App may display sponsored or promoted content from brands; where it does, such content is identified as sponsored, and it does not require sharing your personal information with those brands. We may update how sponsored content is presented over time, consistent with this policy.
3.4 Analytics & Aggregate Insights
- Firebase Analytics (GA4) — anonymous, aggregated, product-level events such as which products are viewed, searched, selected, rated, or shared, keyed by product/brand/category and with no personal identity. We may use these aggregate insights to improve content and the App and to inform our editorial and brand-partnership decisions. The contents of your beauty diary remain on your device; only an anonymous rating signal (not your written notes) may contribute to these aggregate totals.
- Approximate location — Google may derive a coarse, approximate location (such as country and city) from your network for aggregate analytics. This is not your precise or GPS location, and it is not linked to your identity.
- FCM token — for push notification delivery (only if you enable notifications)
- Account number — a sequential number assigned to your account for content-protection purposes
3.5 Data We Do NOT Collect
The App is designed to minimize the data it collects. In particular, it is not designed to collect categories such as biometric data, your precise (GPS) location (only the coarse, anonymous approximate location described in 3.4), or the contents of your contacts, photos, or files, and it is not intended to gather personal health or medical information.
4. How We Use Your Data
- To create and manage your account and sign-in
- To manage your subscription and free trial, and to unlock PRO access
- To send notifications (only with your permission, about your trial/subscription)
- To understand anonymous, aggregated usage so we can improve content and the App
- To protect our content
We do not sell your personal data. Your on-device personal content (such as your skin profile, diary, and favorites) is stored on your device and is not uploaded to our servers.
5. Data Storage and Security
- Cloud account/subscription data is stored in Google Cloud (Firebase) with encryption at rest and in transit
- Authentication tokens are stored using encrypted secure storage on your device
- Your personal content is kept locally on your device and is not uploaded to our servers
- All network communication uses HTTPS only
6. Your Rights
You have the right to:
- Access — View the data we hold (in-app data management page)
- Edit — Modify your profile and preferences at any time
- Delete — Permanently delete your account and all associated data at any time (in-app Account Deletion)
- Withdraw Consent — Revoke any previously given consent
- Object — Object to any data processing
When you delete your account, your data is permanently and irreversibly removed, including the personal content stored on your device.
7. Data Retention
- Active accounts: Cloud account/subscription data is retained while your account is active
- Deleted accounts: Cloud data is permanently erased within 30 days of a deletion request; on-device data is erased immediately on account deletion or app uninstall
- Analytics data: Anonymous and aggregated, not linked to individuals
8. Third-Party Services
We use the following third-party services:
9. International Compliance
🇪🇺 GDPR (European Union)
We comply with the General Data Protection Regulation. EU residents have all rights described in Section 6. Our legal basis is consent (for optional data) and legitimate interest / contract (for essential app and subscription functionality).
🇸🇦 PDPL (Saudi Arabia)
We comply with the Saudi Personal Data Protection Law (نظام حماية البيانات الشخصية). Data subjects in Saudi Arabia have the right to access, correct, and delete their personal data.
🇰🇷 PIPA (South Korea)
We comply with the Personal Information Protection Act. Korean users have the right to access, correct, delete, and suspend processing of their personal information.
🇯🇵 APPI (Japan)
We comply with the Act on Protection of Personal Information. Japanese users have the right to request disclosure, correction, and deletion of their personal data.
🇨🇳 PIPL (China)
We comply with the Personal Information Protection Law. Chinese users have the right to access, copy, correct, and delete their personal information.
10. Children's Privacy
MHS BLOOM is intended for adults aged 18 and over and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related inquiries, data requests, or concerns:
- Email: mhsynaptix@gmail.com
- In-App: Profile → Settings → Data Management