Privacy Policy

This Privacy Policy describes how Bloom (“we,” “us,” or “our”) handles personal information when you visit our marketing sites, create an account, or use our workspace product (collectively, the “Service”). We are committed to handling data responsibly and in line with this Policy and applicable law.

If you do not agree with this Policy, please do not use the Service. Where local law requires a different approach (for example, for residents of the EEA, UK, or certain U.S. states), we honor those requirements as described below.

Account and profile. When you sign up, we collect identifiers such as your email address, authentication provider identifiers, and optional profile details you choose to provide (for example, display name).

Workspace content. We store the projects, ideas, documents, messages, attachments, and similar content you create or upload so the Service can function and sync across your sessions.

Usage and device data. We may collect technical information such as browser type, device type, approximate location derived from IP address, timestamps, and product interactions (for example, feature usage and error logs) to operate, secure, and improve the Service.

Payments. If you purchase a paid plan, our payment processor receives payment details; we typically receive limited billing metadata (for example, subscription status and the last four digits of a card) rather than full card numbers.

Communications. If you contact us or submit feedback, we retain those messages and related contact information.

We use personal information to:

• Provide, maintain, and improve the Service, including AI-assisted features you invoke.
• Authenticate users, prevent fraud and abuse, and protect security.
• Process transactions and communicate about billing, service updates, and support.
• Analyze usage in aggregate or de-identified form to improve product quality and reliability.
• Comply with legal obligations and enforce our Terms of Service.

Where the GDPR or UK GDPR applies, we rely on one or more of the following: performance of a contract with you; legitimate interests that are not overridden by your rights (for example, securing the Service and improving features); consent where we expressly ask for it; and legal obligation.

When you use AI features, portions of your prompts, workspace context, and related content may be sent to model and infrastructure providers to generate responses. We work with vendors who contractually protect data and who generally do not use your content to train public models unless we clearly disclose otherwise. Retention on vendor systems is governed by their policies and our agreements; we minimize what we send to what is needed for the request.

We share personal information only as follows:

• Service providers (hosting, authentication, email, analytics, payment processing, AI inference) who process data on our instructions.
• Professional advisers, regulators, or law enforcement when required by law or to protect rights, safety, and security.
• A successor entity in a merger, acquisition, or asset sale, subject to this Policy or equivalent protections.

We do not sell your personal information as “sale” is defined under U.S. state privacy laws.

We retain information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. You may delete certain content or your account where the product provides controls; residual copies may persist in backups for a limited period before automatic deletion.

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and vendor diligence. No method of transmission or storage is completely secure; we encourage strong passwords and safe handling of credentials.

Depending on where you live, you may have rights to access, correct, delete, or export your personal information; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. Residents of certain U.S. states may have additional rights under local law (for example, California).

To exercise rights, use in-product settings where available or contact us as described below. We may need to verify your request before responding.

The Service is not directed to children under 13 (or the age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

We may process and store information in the United States and other countries where we or our vendors operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

We and our partners may use cookies, local storage, and similar technologies for session management, preferences, security, and analytics. You can control cookies through browser settings; disabling some cookies may affect functionality.

We may update this Policy from time to time. We will post the revised version with a new “Last updated” date and, where appropriate, provide additional notice (for example, by email or in-product message).

For privacy-related requests or questions, contact us using the support or feedback channel provided in the Bloom product or on our website. We will respond within the timeframes required by applicable law.