Privacy Policy

How My Bloom Aura and VisionXY7 collect, use, and protect data across the platform and this website, in line with UK GDPR and the Data Protection Act 2018.

Last updated: 4 July 2026

1. Who We Are

My Bloom Aura is a product engineered and operated by VisionXY7 ("VisionXY7", "we", "us", "our"). For the purposes of UK GDPR and the Data Protection Act 2018, VisionXY7 acts as a data processor on behalf of the clinics that use My Bloom Aura ("clinic customers"), and each clinic customer acts as the data controller for its own patients' personal data. Where VisionXY7 collects data directly relating to the operation of this website (such as demo request enquiries), VisionXY7 acts as the data controller for that specific data.

VisionXY7 is registered with the UK Information Commissioner's Office (ICO), the UK's independent regulator for data protection and information rights. Our security and data governance programme is led by Dr. Mahdi Seify, Founder and Chief Intelligence Officer of VisionXY7 and an ISO/IEC 27001 Lead Auditor and Lead Implementer — see our Security page for full detail.

Contact for all data protection enquiries: hello@visionxy7.com.

2. What Data We Collect

Depending on how you interact with My Bloom Aura, we may process the following categories of data:

  • Contact details submitted through our demo request form or email (name, clinic name, email, phone number)
  • Patient communication content processed on behalf of a clinic customer (booking requests, triage responses, follow-up messages) across phone, web chat, SMS, WhatsApp, and email
  • Technical and usage data related to how the website and platform are accessed (IP address, browser type, device information)
  • Cookies and similar technologies used for essential website functionality

3. How We Use Data

Patient data processed through My Bloom Aura is used exclusively to deliver the coordination service to the clinic customer: booking, triage routing, follow-up, and record-keeping within the clinic's own systems. Patient data is never used to train AI models, and is never sold, rented, or shared with third parties for marketing purposes.

Contact details submitted through this website are used solely to respond to enquiries and, where consented to, to send occasional product updates.

4. Data Retention

Patient data is retained in accordance with the retention schedule agreed with each clinic customer, which is typically aligned to that clinic's own clinical record-keeping obligations under UK healthcare regulation. Website enquiry data is retained for no longer than 24 months unless a live commercial relationship requires longer retention.

5. Your Rights Under UK GDPR

If you are a patient of a clinic using My Bloom Aura, your data protection rights (access, rectification, erasure, restriction, portability, and objection) should be exercised directly with your clinic, as they remain the data controller for your records. If you have contacted VisionXY7 directly through this website, you may exercise these rights by emailing hello@visionxy7.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

6. Security

My Bloom Aura uses an ISO 27001-aligned security architecture, including encryption in transit and at rest, role-based access control, and audit logging. Full detail is available on our Security page.

7. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page reflects the most recent revision.

My Bloom Aura is an AI Patient Reception and Coordination System for women's health and fertility clinics in the UK, engineered by VisionXY7. Questions about this page can be sent to hello@visionxy7.com.