BloomBoardBack to Home

BloomBoard Privacy Policy

Last Updated: November 16, 2025

Introduction

BloomBoard (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect about users of the BloomBoard SaaS application (“Service”), how we use and share that information, and your rights regarding your information.

BloomBoard is intended for florist businesses and not for children. We do not knowingly collect personal information from anyone under 18.

Information We Collect

Account Information

  • Name
  • Email
  • Business details
  • Login credentials (passwords stored hashed)

Billing Information

Handled securely by our payment processor; we do not store full credit card numbers.

User Content

Content you upload or create in BloomBoard (text, images, project data) is stored to operate the service. We do not access or use this except to provide the service.

Usage & Analytics Data

Collected via PostHog:

  • IP address
  • Device/browser info
  • Page views, clicks, heatmaps, session recordings
  • All text inputs are masked

Logs & Communications

Standard server logs and communications via Postmark.

How We Use Information

  • To provide and maintain the service
  • To process payments
  • To send transactional emails
  • To improve and analyze the platform
  • To enable AI features via OpenAI (inference only)
  • For debugging and security
  • To comply with legal obligations

Cookies

Used only for:

  • Authentication
  • Preferences
  • Basic analytics (no advertising cookies)

How We Share Information

We do not sell your data.

We share only with:

  • Service providers (Fly.io, AWS, Neon, Sentry, Postmark, img.ly, OpenAI, PostHog)
  • Legal authorities when required
  • Successors in business transfers
  • With your consent

Third-Party Services

Fly.io

Hosts our backend infrastructure.

AWS S3 & CloudFront

Stores media uploads and serves static assets.

Neon

Hosts our PostgreSQL database.

Sentry

Receives error logs (no sensitive data intentionally sent).

Postmark

Sends transactional emails.

img.ly

Image editing SDK (all processing on-device; only export counts sent).

OpenAI

Receives prompts/content for inference.
Does not train models on API data.

PostHog

Analytics; IP-based geolocation; all text masked.

Data Retention

We retain:

  • Account data while account is active
  • User content until deleted
  • Analytics data in aggregated form
  • Communication logs for a limited period
  • Backup data temporarily

You may request account deletion or data export at any time.

Your Rights

  • Access & export your data
  • Correct your data
  • Request deletion
  • Object to certain processing
  • Additional rights depending on your jurisdiction (GDPR/CCPA)

Contact us to exercise these rights.

International Transfers

Your data may be stored or processed outside your country (e.g., U.S.).
We use Standard Contractual Clauses, DPA agreements, and industry-standard safeguards.

Data Security

  • Encryption in transit and at rest
  • Strict access controls
  • Monitoring and intrusion detection
  • Secure coding practices
  • Incident response procedures

No system is 100% secure; use a strong password.

Changes to This Policy

We may update this Policy. Changes will be announced via the app or email.

Contact Us

support@bloomboard.io
For privacy-related inquiries or data requests.