Sign Up
Contact Log In Sign Up
System Status

Additional information for EU residents about how we process personal data in compliance with the General Data Protection Regulation.

Last updated: July 16, 2025

1. Introduction

This GDPR Compliance page provides additional information for residents of the European Economic Area (EEA) about how Bloo, Inc. ("Blue", "we", "us", or "our") processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

This page supplements our main Privacy Policy and should be read together with it. In case of any conflict, the GDPR-specific provisions in this document prevail for EEA residents.

2. Data Controller Information

Bloo, Inc.
2035 Sunset Lake Road
Newark, Delaware 19702
United States
Email: support@blue.cc

We are a data controller for the personal data we process about you. In certain circumstances, we may also act as a data processor on behalf of our business customers.

3. Data Protection Officer

Our Data Protection Officer can be contacted at:

Emanuele Faja, CEO
Email: support@blue.cc
Subject Line: GDPR Request

We process your personal data under the following legal bases set forth in Article 6 of the GDPR:

4.1 Performance of a Contract (Article 6(1)(b))

  • Creating and managing your account
  • Providing our project management services
  • Processing payments and billing
  • Providing customer support

4.2 Legitimate Interests (Article 6(1)(f))

Our legitimate interests include:

  • Improving and developing our Service
  • Ensuring security and preventing fraud
  • Analyzing usage patterns and trends
  • Sending service-related communications

We have conducted legitimate interest assessments to ensure your interests and fundamental rights do not override these interests.

4.3 Legal Obligation (Article 6(1)(c))

  • Complying with tax and accounting requirements
  • Responding to lawful requests from authorities
  • Maintaining records as required by law

4.4 Consent (Article 6(1)(a))

  • Sending marketing communications
  • Processing optional data you choose to provide
  • Using cookies beyond those strictly necessary

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Data Subject Rights

Under the GDPR, you have the following rights:

5.1 Right of Access (Article 15)

You can request a copy of your personal data and information about how we process it.

5.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure (Article 17)

You can request deletion of your personal data when:

  • It's no longer necessary for the original purpose
  • You withdraw consent (where consent is the legal basis)
  • You object to processing based on legitimate interests
  • The data has been unlawfully processed

5.4 Right to Restriction (Article 18)

You can request we limit processing while we:

  • Verify accuracy of data you've contested
  • Determine if our legitimate interests override yours
  • Establish, exercise, or defend legal claims

5.5 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format when processing is based on consent or contract and is automated.

5.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop immediately. For other purposes, we will stop unless we demonstrate compelling legitimate grounds.

5.7 Rights Related to Automated Decision-Making (Article 22)

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects.

6. International Data Transfers

We transfer personal data outside the EEA to:

  • United States (our headquarters)
  • Singapore (data storage)

For information about what data is transferred and stored, see Sections 3 and 7.2 of our Privacy Policy.

We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs): We use the European Commission's standard contractual clauses for transfers to countries without an adequacy decision
  • Technical Measures: All data is encrypted in transit and at rest
  • Organizational Measures: Access controls and data protection training

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach is likely to result in high risk
  • Document all breaches and actions taken

8. Data Protection by Design and Default

We implement data protection principles from the outset:

  • Data Minimization: We only collect data necessary for specified purposes
  • Purpose Limitation: We only use data for stated, legitimate purposes
  • Storage Limitation: We follow the retention periods in Section 8 of our Privacy Policy
  • Security: We implement appropriate technical and organizational measures

9. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

For a list of supervisory authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

10. Specific Processing Activities

10.1 Marketing Communications

  • Legal Basis: Consent or legitimate interest (existing customers)
  • Right to Object: You can opt out anytime via unsubscribe links or account settings
  • Data Sources: Information you provide and Service usage data

10.2 Analytics and Improvements

  • Legal Basis: Legitimate interest in improving our Service
  • Data Types: Usage patterns, feature adoption, performance metrics
  • Retention: See Section 8 of our Privacy Policy

10.3 Customer Support

  • Legal Basis: Contract performance and legitimate interest
  • Data Types: Communications, account information, issue details
  • Retention: 3 years for quality and training purposes

11. Cookies and Tracking

For detailed information about cookies, see Section 4 of our Privacy Policy.

Under GDPR, we classify cookies as:

  • Strictly Necessary: No consent required (authentication, security)
  • Analytics/Performance: Consent required (usage analysis)
  • Functional: Consent required (preferences, settings)

12. Children's Data

We do not knowingly process personal data of children under 16 without parental consent. If we become aware of such processing, we will promptly delete the data.

13. Changes to This Notice

We may update this GDPR notice to reflect changes in our practices or legal requirements. Material changes will be communicated via email or Service notification.

14. Contact Us

For any GDPR-related questions or to exercise your rights:

Email: support@blue.cc
Subject Line: GDPR Request

We will respond to your request within one month, extendable by two months for complex requests. We will inform you of any extension and the reasons.

There is no fee for exercising your rights unless requests are manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to act.

© Blue | Designed with across the

AI Assistant

Responses are generated using AI and may contain mistakes.

How can I help you?

Ask me anything about Blue or this documentation.

Enter to send • Shift+Enter for new line • ⌘I to open