'%20fill='%23fff'%3e%3cpath%20d='M24%20364.337V24h141.909c25.481%200%2046.833%203.601%2064.056%2010.803%2017.222%207.191%2030.183%2017.279%2038.882%2030.24s13.049%2027.972%2013.049%2045.041c0%2012.961-2.72%2024.513-8.148%2034.645-5.429%2010.142-12.906%2018.534-22.431%2025.174-9.526%206.651-20.548%2011.299-33.069%2013.953v3.325c13.732.661%2026.451%204.383%2038.134%2011.134%2011.684%206.762%2021.077%2016.155%2028.168%2028.17%207.092%2012.025%2010.638%2026.231%2010.638%2042.628%200%2018.281-4.647%2034.601-13.952%2048.939-9.305%2014.35-22.762%2025.648-40.381%2033.908-17.607%208.248-38.992%2012.377-64.143%2012.377H24zm82.258-200.414h45.534c8.975%200%2016.947-1.497%2023.929-4.493s12.432-7.312%2016.374-12.961c3.931-5.65%205.902-12.466%205.902-20.439%200-11.409-4.041-20.384-12.135-26.926-8.082-6.53-18.995-9.801-32.738-9.801h-46.866v74.62zm0%20134.109h50.853c17.839%200%2030.987-3.381%2039.466-10.131%208.479-6.762%2012.708-16.178%2012.708-28.247%200-8.755-2.049-16.309-6.145-22.686-4.096-6.365-9.922-11.298-17.443-14.789-7.532-3.491-16.561-5.231-27.089-5.231h-52.339v81.095l-.011-.011zM388.865%2024v340.337h-81.256V24h81.256zm181.618%20230.159V109.082h81.091v255.255h-77.435v-47.529h-2.665c-5.649%2015.616-15.263%2028.004-28.829%2037.145-13.578%209.14-29.941%2013.71-49.102%2013.71-17.398%200-32.683-3.986-45.864-11.97-13.181-7.973-23.433-19.14-30.745-33.489s-11.023-31.165-11.133-50.437V109.082h81.256v146.739c.11%2013.854%203.766%2024.767%2010.968%2032.74s17.002%2011.96%2029.413%2011.96c8.082%200%2015.372-1.795%2021.847-5.407%206.486-3.601%2011.628-8.865%2015.45-15.781%203.821-6.927%205.737-15.318%205.737-25.174h.011zm224.376%20115.002c-26.704%200-49.718-5.286-69.044-15.869-19.337-10.583-34.181-25.703-44.532-45.371-10.362-19.668-15.537-43.069-15.537-70.215s5.208-49.445%2015.614-69.212c10.418-19.779%2025.096-35.174%2044.037-46.197s41.261-16.53%2066.962-16.53c18.17%200%2034.787%202.83%2049.851%208.48s28.08%2014.007%2039.048%2025.086%2019.501%2024.734%2025.591%2040.966%209.14%2034.81%209.14%2055.756v20.273H694.145v-47.199h146.226c-.11-8.633-2.159-16.342-6.145-23.104s-9.448-12.047-16.374-15.869-14.866-5.726-23.841-5.726-17.233%202.015-24.424%206.057c-7.202%204.052-12.906%209.537-17.112%2016.452-4.207%206.927-6.431%2014.757-6.652%2023.512v48.025c0%2010.417%202.049%2019.525%206.145%2027.332s9.911%2013.876%2017.454%2018.193c7.532%204.317%2016.506%206.486%2026.924%206.486%207.201%200%2013.731-1.002%2019.612-2.995%205.869-1.993%2010.912-4.923%2015.119-8.81%204.206-3.876%207.367-8.645%209.47-14.294l74.616%202.158c-3.105%2016.728-9.889%2031.264-20.361%2043.62s-24.182%2021.937-41.129%2028.743c-16.947%206.816-36.559%2010.219-58.825%2010.219l.011.033z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='A'%3e%3cpath%20fill='%23fff'%20transform='translate(24%2024)'%20d='M0%200h892v345.161H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Privacy Policy
How we collect, use, and protect your information at Blue.
Last updated: April 12, 2026
1. Introduction
This Privacy Policy explains how Bloo, Inc. (“Blue”, “we”, “us”, or “our”) collects, uses, discloses, and protects information about you when you use our process management platform and related services (collectively, the “Service”).
This Privacy Policy applies to information we collect when you use our Service, visit our websites, or otherwise interact with us. By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person
- “Processing” means any operation performed on Personal Data
- “Data Controller” means the entity that determines the purposes and means of Processing
- “Data Processor” means an entity that Processes Personal Data on behalf of the Data Controller
- “User” means an individual who uses our Service
- “Customer” means the entity that has entered into an agreement with us
3. Information We Collect
3.1 Information You Provide
Account Information:
- Name and email address (required)
- Job title and phone number (optional)
- Company or organization name
- Profile picture (optional)
Payment Information:
- Billing name and address
- Payment method details (processed by Stripe - we only store last 4 digits)
- Tax identification numbers where required
Content and Files:
- Any content you create, upload, or share within the Service
- Files and attachments you add to projects
- Comments and communications within the platform
Support and Communications:
- Information you provide when contacting support
- Feedback and suggestions about our Service
- Testimonials and case studies (with your consent)
3.2 Information We Collect Automatically
Usage Data:
- Features you use and actions you take
- Time spent on different parts of the Service
- Search queries within the platform
- Performance metrics and error reports
Device Information:
- IP address and approximate location
- Browser type and version
- Operating system
- Device type and unique identifiers
- Language preferences
Log Data:
- Access times and dates
- Pages viewed and features accessed
- System activity and error logs
- Referral URLs
3.3 Information from Third Parties
- Information from integration partners (with your authorization)
- Publicly available information for verification purposes
4. Cookies and Tracking Technologies
We use only strictly necessary cookies to keep you logged in and maintain your session. We do not use analytics cookies, preference cookies, or any third-party tracking cookies.
Types of Cookies We Use:
- Essential Cookies: Required for authentication and session management
These cookies are strictly necessary for the Service to function. They cannot be disabled without preventing access to the Service.
5. How We Use Your Information
We use the information we collect to:
5.1 Provide and Maintain the Service
- Create and manage your account
- Provide customer support
- Process transactions and billing
- Send service-related communications
5.2 Improve and Develop the Service
- Analyze usage patterns and trends
- Test new features and improvements
- Fix bugs and technical issues
- Conduct research and analysis
5.3 Legal and Security Purposes
- Comply with legal obligations
- Protect against fraud and abuse
- Enforce our Terms of Service
- Protect our rights and property
5.4 Automated Content Analysis
We use artificial intelligence services (including Anthropic and OpenAI) to automatically scan files, content, and data stored on the Service for the following purposes:
- Terms of Service enforcement: Detecting content that violates our prohibited uses, including illegal content, malware, phishing, and spam, as defined in our Acceptable Use Policy
- Abuse detection: Identifying patterns of misuse, automated scraping, or other prohibited activities
- Compliance: Ensuring content complies with applicable laws and regulatory requirements
- Platform safety: Protecting the integrity of the Service and the safety of our users
Blue is not obligated to monitor Content, but has the right to access, review, and examine any Content stored on the Service, including file contents, for the purpose of operating the Service, ensuring compliance with our Terms of Service, and complying with applicable law. This includes both automated AI scanning and human review, at any time, without prior notice. AI systems flag potential violations; all enforcement decisions are made by humans.
We do not use Customer Data to train AI models without explicit consent.
File contents may be processed by third-party AI service providers (OpenAI, Anthropic) located within the European Union for scanning purposes. These providers are maintained in our Data Processing Agreement.
5.5 Communications
- Send product updates and announcements
- Provide tips and best practices
- Respond to your inquiries
- Send marketing communications (with consent)
6. Legal Basis for Processing
We process Personal Data on the following legal bases:
- (a) Contractual necessity: Processing required to deliver the Service, including account management, billing, and providing core platform functionality.
- (b) Legitimate interest: Processing for analytics and service improvement, security and fraud prevention, content scanning for Terms of Service enforcement, and platform safety. Our legitimate interests in maintaining a safe and compliant platform are balanced against users’ reasonable privacy expectations.
- © Consent: Processing for marketing communications where you have opted in.
- (d) Legal obligation: Processing required to comply with applicable law, including retention of tax and financial records.
For users in the European Economic Area, please see our GDPR Policy for additional detail on our legal basis for processing.
7. How We Share Information
We do not sell your Personal Data. We share information only in these circumstances:
7.1 With Your Consent
- When you explicitly authorize sharing
- For testimonials or case studies
- When you use third-party integrations
7.2 Service Providers
We share data with third-party service providers who assist us in operating and providing the Service, including providers of infrastructure, payments, communications, AI services, mobile platforms, monitoring, and integrations.
All service providers are contractually required to protect your data and use it only for specified purposes. A complete and current list of our subprocessors is maintained in our Data Processing Agreement.
7.3 Legal Requirements
We may disclose information if required by law:
- In response to valid legal process (warrant, subpoena, court order)
- To protect our rights, privacy, safety, or property
- To prevent fraud or illegal activity
- In connection with a merger or acquisition
8. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:
- Account Data: Retained while your account is active
- Usage Data: Retained for up to 2 years for analytics
- Support Tickets: Retained for 3 years for quality assurance
- Billing Records: Retained for 7 years for tax compliance
- Deleted Content: Removed from active systems within 90 days of deletion
- Backups: May persist for up to 90 days after deletion
9. Your Privacy Rights
9.1 Access and Portability
You have the right to:
- Access your Personal Data
- Receive a copy in a portable format
- Know what data we hold about you
9.2 Correction and Deletion
You have the right to:
- Correct inaccurate data
- Update incomplete information
- Request deletion of your data (“right to be forgotten”)
9.3 Restriction and Objection
You have the right to:
- Restrict Processing of your data
- Object to certain types of Processing
- Opt out of marketing communications
9.4 How to Exercise Your Rights
To exercise any of these rights:
- Email us at [email protected]
- Use in-app privacy controls where available
- We will respond within one month
9.5 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection supervisory authority. If you are in the EU or EEA, this is the data protection authority in your country of residence or place of work. For additional information on supervisory authorities, see our GDPR Policy.
10. US State Privacy Rights
10.1 California
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: What Personal Data we collect, use, and share
- Right to Delete: Request deletion of your Personal Data
- Right to Correct: Request correction of inaccurate Personal Data
- Right to Opt-Out: We do not sell Personal Data
- Right to Non-Discrimination: Equal service regardless of privacy choices
10.2 Other US States
Residents of other US states with applicable privacy laws — including Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, and Kentucky — may have similar rights under their respective state laws, including the right to access, delete, and correct your Personal Data, and the right to opt out of the sale of Personal Data. We do not sell Personal Data.
To exercise any US state privacy rights, contact [email protected].
11. International Data Transfers
All customer data is stored and processed within the European Union (Germany). All AI content scanning is performed using EU-based endpoints. Customer data is not transferred outside the EU for scanning purposes.
Limited operational data (such as support communications) may be transferred to the United States (our headquarters). For any transfers to countries without an adequacy decision, we use Standard Contractual Clauses (SCCs) as the transfer mechanism. We ensure appropriate safeguards are in place for all international transfers.
For EU residents, please see our GDPR Policy for specific information about transfers outside the EEA.
12. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption at rest and in transit (TLS/SSL)
- Access controls and authentication
- Regular security audits and testing
- Incident response procedures
- Employee training on data protection
While we strive to protect your information, no system is 100% secure. We encourage you to use strong passwords and protect your account credentials.
13. Children’s Privacy
Our Service is not directed to individuals under 18. We do not knowingly collect Personal Data from individuals under 18. If you believe we have collected data from such an individual, please contact us immediately.
14. Marketing Communications
We may send you marketing communications if you have:
- Opted in to receive them
- Not opted out after receiving them
- An existing business relationship with us
You can opt out anytime by:
- Clicking “unsubscribe” in any marketing email
- Updating your communication preferences in account settings
- Contacting [email protected]
15. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.
16. Changes to This Policy
Changes to this Privacy Policy are governed by Section 19 of our Terms of Service.
Your continued use after changes constitutes acceptance of the updated policy.
17. Data Protection Officer
While not formally required to have a Data Protection Officer, privacy inquiries can be directed to:
Emanuele Faja, CEOEmail: [email protected]
For privacy-related questions or to exercise your rights:
Email: [email protected]Subject Line: Privacy Request
We aim to respond to all privacy requests within one month.