Privacy Policy

Effective date: April 20, 2026 · Last updated: April 30, 2026 (Navi destinations: Kakao Local for Korean apps + HERE Geocoder for global)

NLAP.APP ("we", "us", or "our") operates the Bloom mobile application ("the App"). This Privacy Policy explains what information is collected, how it is used, and your choices.

In short: Bloom does not collect or transmit any personal data of its own. The only network activity initiated by the App is ad requests to Google AdMob (banner + rewarded video), governed by Google's consent flow (UMP) in GDPR regions. All app settings remain on your device.

1. Information We Collect

Category	Data	Collected By	Purpose
Advertising	Advertising ID, device info, IP address, approximate location (country-level)	Google AdMob	Serve banner and rewarded video ads
GDPR consent	Consent string (TCF v2 format), stored via Google UMP SDK	Google UMP (on-device)	Regulatory compliance in EEA, UK, Switzerland
Crash diagnostics	Crash logs, stack traces, device info (model, OS version, memory), anonymous installation ID	Sentry (Functional Software Inc.)	App stability monitoring and bug fixing
App settings	Sticker configuration, floating button position, theme choice, PRO expiry timestamp, onboarding state	Stored locally on device (`SharedPreferences`)	App functionality
Address geocoding (optional, only when adding a navigation destination)	Address or place name you type → coordinates. Routed by your chosen default app: Korean apps (Kakao Navi/Map, Naver Map, TMAP) use Kakao Local REST API; other apps (Google Maps, Waze, HERE WeGo, etc.) try HERE Geocoding & Search API first (when configured) and fall back to Android Geocoder (Google Play Services). Resulting coordinates and label are stored locally only	Kakao Corp (Local API) for Korean apps · HERE Global B.V. (Geocoding API) and/or Google Play Services for other apps	Convert your typed address into latitude/longitude for one-tap navi launch
Saved navigation destinations	User-chosen label (e.g. "Home"), coordinates from geocoding, default app id (kakaonavi/google_maps/etc.)	Stored locally on device (`SharedPreferences`)	1-tap navigation launch

We do not collect or transmit:

Names, email addresses, or account information
Precise location data (GPS)
Contacts, photos, or files
Usage analytics, behavioral tracking, or any kind of event telemetry (crash reports contain no personally identifiable information — see Section 9 below)
Screen content in the background — Bloom's accessibility service is configured with canRetrieveWindowContent="false"
Notification content, sender, time, or source app — Bloom's NotificationListenerService is registered solely for the Do Not Disturb (DND) toggle and its onNotificationPosted/onNotificationRemoved callbacks are empty (see Section 3 below)
Screen captures and camera frames — Vision stickers (OCR, image share, QR, color picker, magnifier, mirror) process images entirely on-device via ML Kit / AndroidX libraries; nothing is uploaded, automatically saved, or recorded in the background (see Section 4 below)

2. Accessibility Service

Bloom uses Android's AccessibilityService for a narrow set of features:

Floating overlay — rendering the Bloom button and the Voronoi shortcut bloom on top of other apps
Global actions — firing home, back, recents, screenshot, lock screen, notification panel, and quick settings when you tap the corresponding sticker

The accessibility service is configured with canRetrieveWindowContent="false" and canPerformGestures="false". Bloom cannot read the content of other apps' screens, intercept or record keystrokes, or perform gestures on behalf of the user. Its authority is limited to firing the global system actions listed above when you tap a sticker.

Read more about the accessibility usage rationale on the How it works page.

3. Notification Listener (Do Not Disturb toggle)

Bloom registers an Android NotificationListenerService (BloomNotificationListenerService) exclusively for the Do Not Disturb (DND) toggle sticker. On some OEM devices (e.g. Samsung One UI), the standard NotificationManager.setInterruptionFilter() call is silently overridden by the OEM's own DND scheduler. The notification listener registration is therefore the sole mechanism Bloom uses for DND toggling — without this permission, the DND sticker simply prompts you to grant the permission and is otherwise inactive.

What Bloom never does with this permission:

Does not read notification content, title, or body text
Does not store or transmit notifications anywhere
Does not collect notification sender, time, or source app information
The onNotificationPosted and onNotificationRemoved callbacks are intentionally empty — no notification data is processed at any time

The permission is requested at first use of the DND sticker via a prominent disclosure screen. You can revoke it at any time via Settings → Notifications → Notification access → Bloom DND Toggle. After revocation, the next tap on the DND sticker simply re-shows the disclosure screen — there is no silent fallback or alternate behaviour.

4. Vision pipeline (screen capture and camera)

Bloom includes optional Vision stickers that read the screen or use the camera to provide accessibility-oriented utilities. All processing is performed on-device using ML Kit and AndroidX libraries — no images, text, or video ever leave your device.

Three input sources, selected by the user from a mode sheet on each tap:

Screen capture (AccessibilityService.takeScreenshot) — used by OCR, image share, QR scan, and color picker stickers. A single frame of the screen is captured at the moment you explicitly tap the sticker, via the silent Android 11+ AccessibilityService.takeScreenshot() API. No MediaProjection, no system consent dialog per capture, no foreground service notification, no background recording. The accessibility permission you already granted to Bloom is the only authorisation needed; FLAG_SECURE windows (banks, password managers) are blocked by the OS itself.
Gallery (PhotoPicker) — Android system photo picker. Bloom receives a single image you explicitly select. No READ_EXTERNAL_STORAGE permission needed.
Live camera (CameraX) — used by magnifier, mirror, and the camera mode of OCR / image share / QR / color picker. A camera preview is shown only while you are explicitly using the sticker. Camera permission is requested on first use via a Bloom prominent disclosure screen, then via the standard Android runtime grant. No automatic capture, no recording. For single-shot Vision sub-pipelines (camera-mode OCR / QR / colour / share) Bloom takes one frame when you press the shutter.

What Bloom never does in the Vision pipeline:

Captures and frames are never automatically saved — only when you explicitly choose "share" or "save" inside the result sheet
Captures and frames are never transmitted anywhere
OCR / barcode / palette / image processing all run on-device via Google ML Kit and AndroidX Palette — no server calls
Bitmaps are released from memory immediately after the result is shown
Closing the magnifier or mirror screen stops all camera streams immediately

You can revoke camera permission at any time via System Settings → Apps → Bloom → Permissions → Camera. Screen capture authorisation is the same as the accessibility permission Bloom already needs for its overlay — you can revoke it via System Settings → Accessibility → Installed apps → Bloom, which disables both the floating overlay and the screen-capture Vision stickers at once.

5. Advertising

Bloom displays ads from Google AdMob in two places:

Rewarded video ads on the home screen when you tap "Watch ad for PRO". Watching one full video grants 24 hours of PRO (the floating launcher). Maximum one rewarded impression per activation; never while the bloom is on screen.
Adaptive banner ads fixed at the top of the home screen (MainActivity) and the settings screen (SettingsActivity). No banner appears while the Voronoi bloom is open.

Google AdMob may collect device information and advertising identifiers to serve personalized ads. In the EEA, UK, and Switzerland, Bloom uses Google's User Messaging Platform (UMP) SDK to collect GDPR consent before any ad request is made. You can manage your consent at any time from Bloom → Settings → Manage privacy preferences (shown only where GDPR applies).

You can opt out of personalized advertising in your device settings under Settings > Google > Ads.

For more information, see Google's Privacy Policy.

6. Data Storage

All app settings are stored locally on your device only using Android SharedPreferences. This includes:

Sticker registry (which stickers are enabled, slot assignments)
Floating button position, size, and theme choice
PRO expiry timestamp
Onboarding completion flag

This data is:

Never transmitted to any server
Automatically deleted when you uninstall the App or clear app data
Not accessible to other apps

7. Children's Privacy

Bloom is a general-purpose accessibility tool. It is not directed to children under 13 and does not knowingly collect information from children. COPPA compliance: tagForChildDirectedTreatment is set to FALSE in our AdMob request configuration, and the App does not advertise to children.

8. Third-Party Services

Service	Purpose	Privacy Policy
Google AdMob	Advertising (banner + rewarded video)	Link
Google User Messaging Platform (UMP)	GDPR / US state-law consent collection	Link
Sentry	Crash reporting & diagnostics	Link
Google Play Services	App distribution, signing, Geocoder backend (global geocoding)	Link
Kakao Corp (Local REST API)	Korean address / POI geocoding when adding a destination for a Korean navi app (Kakao Navi/Map, Naver Map, TMAP). Only invoked on user-initiated search.	Link
HERE Global B.V. (Geocoding & Search API)	Global address / POI geocoding when adding a destination for a non-Korean navi app (Google Maps, Waze, HERE WeGo, etc.). Only invoked on user-initiated search and only when an API key is configured by the operator.	Link

9. Navigation Destinations (Optional Feature)

If you choose to add a navigation destination sticker (e.g. "Home", "Office") via Settings → Stickers → Destinations → + Add, the following happens:

You first pick which navi/map app the sticker should launch. Bloom routes geocoding (address → coordinates) accordingly:
- Korean apps (Kakao Navi, Kakao Map, Naver Map, TMAP) — Bloom calls the Kakao Local REST API (dapi.kakao.com) over HTTPS. Your typed query is sent to Kakao Corp servers; only the query and a server-side API key are transmitted (no device id, no IP-based account lookup beyond standard HTTPS).
- Other apps (Google Maps, Waze, HERE WeGo, etc.) — when an API key is configured, Bloom first calls the HERE Geocoding & Search API (geocode.search.hereapi.com) over HTTPS for better global coverage. If HERE is not configured or returns no results, Bloom falls back to Android's built-in Geocoder, which forwards the query to Google Play Services. Only the typed query and the server-side API key are transmitted; no device id is sent by Bloom.
The resulting coordinates and your chosen label are stored locally in SharedPreferences. Nothing is uploaded to our servers (NLAP.APP).
When you tap a destination sticker, Bloom launches your selected map/navi app via an Android Intent (deep link or intent action). Bloom does not read any data back from those apps — once the navi app opens, it is its own process.
You can remove a destination at any time via the Delete button in the destination edit screen, or by clearing app data.

Bloom never accesses GPS / device location for this feature — destinations are derived from the text you type, not from where you currently are.

10. Crash Reporting (Sentry)

Bloom uses Sentry for crash and stability monitoring. The data sent on a crash is limited to:

Stack trace of the crashed thread
Device model, Android OS version, available memory, locale, timezone
App version + release identifier
Anonymous installation ID (Sentry-generated random UUID, regenerated on app reinstall, not linked to any account, email, or advertising identifier)
Approximate region (country / city) derived server-side from the connection IP — the IP itself is not stored beyond geolocation

Bloom configures Sentry with isSendDefaultPii = false and isAttachScreenshot = false, so email addresses, account identifiers, advertising IDs, and screenshots are never transmitted. Identical errors are deduplicated with a 1-hour cooldown to avoid noise. Sentry retention is 90 days. You can opt out by clearing app data (which regenerates the installation ID) or uninstalling the App.

11. Your Rights

We do not collect or store personal data on our own servers. Crash diagnostic data sent to Sentry is retained for 90 days and does not contain personally identifiable information. All locally stored data can be cleared at any time by uninstalling the App or clearing app data in your device settings. In GDPR jurisdictions, you can withdraw or update your advertising consent at any time through Bloom → Settings → Manage Privacy Options, and you can open this policy at any time via Bloom → Settings → Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the App after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

Company: NLAP.APP
Email: [email protected]