Privacy Policy

This Privacy Policy ("Policy") describes how Blooio ("Blooio," "we," "us," "our") collects, uses, discloses, and otherwise processes your information when you access or use our website, applications, APIs, and services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree with our practices, please do not use the Service.

This Policy is governed by the laws of the United States. Blooio operates in the United States, and the Service is intended for U.S. users.

We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("Personal Information"). The categories of Personal Information we collect include:

• Identifiers— your name, email address, phone number, and account credentials.
• Message data— the full content of text messages sent and received through the Service; phone numbers of senders and recipients; timestamps; delivery and read status; attachments (images, videos, files); and associated metadata.
• Shared contact details— contact information that participants choose to share in a conversation, such as a name and profile photo, which we may associate with the relevant contact record and process as described in this Policy.
• Commercial information— records of products or services purchased, obtained, or considered, and billing history.
• Internet and device activity— IP address, browser type, device identifiers, browsing activity on our website, and information about your interaction with the Service.
• Geolocation data— approximate location derived from IP address (or more precise location if you enable it on your device).
• Other information you provide— support requests, survey responses, and anything else you voluntarily share with us.

We use your information for the following purposes:

• Providing the Service— operating, maintaining, and delivering the messaging, dashboard, analytics, and API features you use.
• Account and billing— creating and managing your account, processing payments, and sending account and transactional notices.
• Product improvement and development — understanding how the Service is used, fixing issues, building new features, and training and improving the models and systems used to run the Service.
• Analytics and research— measuring Service performance, generating aggregated and de-identified analytics, and conducting internal research.
• Security, fraud, and abuse prevention — detecting, investigating, and preventing spam, abuse, unauthorized access, fraud, and violations of our Terms.
• Marketing and communications— sending promotional messages and offers about our own products and services (you can opt out at any time), and measuring the effectiveness of our own marketing campaigns.
• Legal and compliance— complying with legal obligations, enforcing our Terms, and responding to lawful requests from government authorities.

We share your information with the following categories of recipients for the purposes identified:

• Service providers and subprocessors — vendors and contractors that help us operate the Service (for example, cloud hosting, payment processing, email delivery, messaging infrastructure, analytics, and customer support). See our Subprocessors page for the current list.
• Affiliates and successors— our corporate affiliates, and any successor to our business in connection with a merger, acquisition, sale of assets, financing, or reorganization.
• Advertising and analytics partners — providers that help us measure and market our own products and services (for example, Google Analytics, Microsoft Clarity, Meta Conversions API). These partners may receive limited information about your interaction with our website.
• Government and law enforcement— where required by law, legal process (such as a subpoena or warrant), or where we believe disclosure is necessary to protect our rights, the rights of our users, or the public.
• With your direction— third parties to whom you direct us to send information (for example, when you install an integration with a CRM or workflow platform).

We do not sell your Personal Information for money. Some of the sharing described above (for example, sharing with advertising partners) may be considered a "sale" or "sharing" under the CCPA/CPRA. See the California Privacy Rights section for your opt-out rights.

We and our partners use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities, preferences, and device. These technologies are used to operate and secure the Service, measure usage and marketing effectiveness, and remember your preferences.

Most browsers allow you to control cookies through their settings; disabling cookies may affect your experience with the Service. Some browsers send a "Do Not Track" (DNT) signal. Because there is no industry consensus on how to interpret DNT signals, we currently do not respond to them. We will honor Global Privacy Control (GPC) signals as a valid opt-out of "sale" and "sharing" to the extent required by applicable state privacy law.

We use third-party analytics and marketing services — such as Google Analytics and Meta's Conversions API — to collect, monitor, and analyze information about your use of the Service. These third parties may use cookies and similar technologies to gather information about your activities across different websites and services.

We retain Personal Information for as long as needed to provide the Service and fulfill the purposes described in this Policy, subject to our legal obligations. Specific retention practices include:

• Account information— retained for the life of your account and for up to three (3) years after account closure, for dispute resolution, audit, and record-keeping purposes.
• Message content and metadata— retained while your account is active to power your dashboard, history, and analytics. Upon account closure, message content is deleted or anonymized within ninety (90) days, unless retention is required for legal, security, or compliance reasons. Enterprise customers who have enabled the storage opt-out described in Section 2 have shorter retention.
• Billing and tax records— retained for at least seven (7) years to comply with U.S. tax and financial record-keeping requirements.
• Security and access logs— retained for up to ninety (90) days in their raw form, and longer in aggregated or de-identified form.
• Aggregated and de-identified data — may be retained indefinitely and used for any purpose permitted by law.

We employ administrative, technical, and physical security measures designed to safeguard your Personal Information. Despite our security protocols, no method of data transmission over the Internet or electronic storage can be guaranteed to be 100% secure. While we strive to protect your data using commercially reasonable means, we cannot provide an absolute assurance of security.

In the event of a data breach affecting your Personal Information, we will notify affected users as required by applicable state data-breach notification law (including California Civil Code § 1798.82 and analogous statutes in other U.S. states). Notifications will be made by email or by other means permitted by law.

Regardless of your state of residence, you can:

• Access and update your account information through your dashboard;
• Delete your account by emailing info@blooio.com;
• Opt out of marketing emails by clicking the unsubscribe link in any marketing email or by contacting us;
• Manage cookies in your browser settings.

Residents of certain states have additional rights under their state privacy laws. We describe California rights in detail below; if you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or another state with an applicable privacy law, we will honor equivalent rights to the extent required by that law. To exercise any of these rights, contact us at privacy@blooio.com.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), gives you the following rights regarding your Personal Information:

• Right to know. You can request the specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes, and the categories of third parties with whom we share it.
• Right to delete. You can request that we delete the Personal Information we hold about you, subject to legal exceptions.
• Right to correct. You can request that we correct inaccurate Personal Information.
• Right to opt out of sale or sharing. You can direct us not to "sell" or "share" (as defined by the CCPA) your Personal Information, including for cross-context behavioral advertising.
• Right to limit use of sensitive PI. You can direct us to use or disclose the categories of sensitive Personal Information identified in Section 2 only for purposes allowed under the CCPA.
• Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Categories of Personal Information.In the preceding 12 months, we have collected the categories of Personal Information listed in Section 2 for the business purposes described in Section 3. The categories we share with the recipients described in Section 4 include identifiers, commercial information, internet/device activity, and geolocation. We have not sold Personal Information for monetary consideration in the preceding 12 months. Certain sharing with advertising and analytics partners may constitute a "sale" or "sharing" under the CCPA; see your opt-out rights below.

How to submit a request. You may submit a request to know, delete, correct, opt out of sale/sharing, or limit use of sensitive PI using either of the following methods:

• Email us at privacy@blooio.com with the subject "California Privacy Request."
• Complete the request form linked from our Service or contact us at privacy@blooio.com to receive alternative submission instructions.

We will verify your identity before fulfilling a request by matching the information you provide with what we have on file. An authorized agent may submit a request on your behalf if they provide signed written permission from you, and we may require you to verify your identity directly with us. We will honor Global Privacy Control (GPC) signals as a valid opt-out of sale and sharing to the extent required by applicable state privacy law.

Do Not Sell or Share My Personal Information. To opt out of the sale or sharing of your Personal Information, email privacy@blooio.com with the subject "Do Not Sell or Share."

Shine the Light.California Civil Code § 1798.83 permits California residents to request a list of third parties to which we have disclosed Personal Information for the third parties' direct marketing purposes in the preceding calendar year. To make such a request, contact us at the email above.

When you send messages using the Service, we necessarily process information about the recipients of those messages, including phone numbers and message content. Recipients have not signed up for the Service directly. We process information about recipients only to:

• Deliver the messages you send;
• Provide you with conversation history, delivery status, and dashboard features;
• Operate, secure, and improve the Service (including detecting and preventing spam and abuse);
• Comply with legal obligations.

Recipients may also choose to share contact information with a sender through the Service, such as a name or profile photo. Where they do, we process and store that information consistent with this Policy.

You represent and warrant in our Terms of Service that you have all required consents from message recipients before using the Service to contact them.

If you are a recipient of a message sent through the Service and wish to stop receiving messages from a particular sender, the most effective method is to contact that sender directly and ask to be removed from their contact list. If you believe messages sent to you violate the law or our Terms, or if you wish to report abuse, contact us at abuse@blooio.com.

The Service is not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected Personal Information from a child under 13 without verifiable parental consent, we will delete that information in accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501 et seq.). If you believe we have collected Personal Information from a child under 13, please contact us at privacy@blooio.com.

We may update this Privacy Policy from time to time. For material changes, we will provide notice on this page and, where appropriate, by email, at least thirty (30) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

By using the Service, you consent to the collection, use, and sharing of your information as described in this Policy. If you do not agree, please do not use the Service.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Privacy requests and questions: privacy@blooio.com
• General support: info@blooio.com
• Security issues: security@blooio.com
• Enterprise and data-processing inquiries: enterprise@blooio.com
• Report abuse by a Blooio user or message sender: abuse@blooio.com