Privacy Policy

1. Data Controller

The data controller for personal data is Bloomwise SAS. For any questions regarding the protection of your data, you may contact us at contact@bloomwise.io.

2. Data Collected

In the course of using the Service, we collect the following categories of data:

• Identification data: name, surname, email address, password (encrypted)
• Billing data: payment information processed by our secure payment provider (we do not store your card numbers)
• Usage data: analyzed websites, tracked keywords, generated articles, audit history
• Technical data: IP address, browser type, operating system, pages visited, login timestamps
• Cookies: functional cookies necessary for the proper operation of the Service and analytics cookies (see section 7)

3. Purpose of Processing

Your personal data is processed for the following purposes:

• Provision and management of the Service (account creation, feature access, support)
• Billing and subscription management
• Service improvement and new feature development
• Service-related communications (notifications, updates, security alerts)
• Compliance with legal and regulatory obligations

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

• Contract performance: data necessary for providing the Service
• Legitimate interest: Service improvement, security, fraud prevention
• Legal obligation: retention of billing data
• Consent: analytics cookies and marketing communications

5. Data Sharing

Your personal data is never sold to third parties. It may be shared with:

• Technical subcontractors: hosting, payment processing, email services, only to the extent necessary for providing the Service
• AI providers: data necessary for the service (site URLs, keywords, text content) is transmitted to our artificial intelligence providers for content generation and analysis
• Competent authorities: in case of legal obligation

List of subprocessors:

• Supabase (AWS, European Union) — hosting and database
• OpenAI (United States) — AI content generation
• Anthropic (United States) — AI analysis and synthesis
• DataForSEO (Estonia, European Union) — SEO data and keywords
• Resend (United States) — transactional email delivery

6. Data Retention

Your data is retained for the following periods:

• Account data: for the duration of your registration, then 3 years after account deletion
• Billing data: 10 years in accordance with accounting obligations
• Technical data and logs: 12 months
• Cookies: 13 months maximum

7. Cookies

The Service uses cookies for:

• Strictly necessary cookies: authentication, security, session preferences
• Analytics cookies: audience measurement and Service improvement (with your consent)

On your first visit, a consent banner lets you accept or reject non-essential cookies. You can change your choice at any time by clearing the "bloomwise-cookie-consent" cookie in your browser settings. Refusing analytics cookies does not affect the functioning of the Service.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction. Passwords are encrypted, communications are secured via HTTPS, and data access is restricted to authorized personnel.

9. International Transfers

Your account and usage data is hosted within the European Union (Supabase/AWS). Some strictly necessary data (text content submitted to AI providers, transactional emails) may be transferred to the United States to OpenAI, Anthropic and Resend. These transfers are covered by appropriate safeguards: European Commission Standard Contractual Clauses (SCCs) and EU–US Data Privacy Framework (DPF) certification where applicable.

10. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request the deletion of your data
• Right to portability: receive your data in a structured, readable format
• Right to object: object to the processing of your data on legitimate grounds
• Right to restriction: request restriction of processing in certain cases
• Right to withdraw consent: withdraw your consent at any time for consent-based processing

To exercise these rights, contact us at contact@bloomwise.io. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).