Privacy policy

Last Updated: February 12, 2026

1. Introduction and Scope

BloomBook LLC ("BloomBook," "we," "us," "our") values the trust you place in us when you share your personal information. This Privacy Policy describes how we collect, use, disclose, and protect Personal Data obtained from users of our website, mobile applications (iOS and Android), and any related services (collectively, the "Service").

The Service operates as a global marketplace that connects buyers ("Customers" or "Buyers") with independent florists and gift sellers ("Sellers" or "Vendors"). BloomBook acts solely as an intermediary platform; we do not control, manage, or operate delivery logistics, which remain the exclusive responsibility of each Seller.

The Service also provides features that allow users to digitize and preserve flowers they receive through unique claim codes, build digital memories of gifted bouquets, and share these memories with others through the BloomBook app.

This Privacy Policy applies to all users of the Service, including registered account holders, guest users who make purchases without creating an account, Sellers, and Recipients. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree, please do not use the Service.

This Privacy Policy is incorporated by reference into our Terms of Use. For users in specific jurisdictions, additional rights and obligations may apply, including under the General Data Protection Regulation (GDPR) for users in the European Economic Area, UK, and Switzerland; the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA) for California residents; and the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) for users in Mexico. Please refer to Section 8 for jurisdiction-specific provisions. If you have any questions, please contact us at .

2. Definitions

Personal Data: any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, payment information, location data, and online identifiers.
Processing: any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or destruction.
Customer (Buyer): a user who purchases flowers, gifts, or other items through the Service. This includes both registered users and guest users.
Guest User: a user who makes a purchase or uses certain features of the Service without creating an account.
Seller (Vendor): an independent florist or gift shop that offers and sells items through the Service. Sellers are solely responsible for order preparation and delivery.
Recipient: the individual designated by the Customer to receive the ordered items, when the Customer is not the recipient themselves.
Claim Code: a unique alphanumeric code associated with a flower order that allows a Recipient to digitally claim and preserve a record of the flowers they received through the BloomBook app.
Digital Memories: digital records, photos, messages, and metadata associated with flowers received or sent, stored within the user's BloomBook app profile.
Digital Collectible: a virtual collectible item, badge, or digital asset generated within the BloomBook ecosystem when a Recipient redeems a Claim Code or when certain milestones are achieved. Digital Collectibles are part of BloomBook's proprietary system, have no monetary value, and are the exclusive property of BloomBook.
Service: all pages of the BloomBook website, the BloomBook mobile applications (iOS and Android), and any affiliated platforms or services operated by BloomBook LLC.

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when using the Service. The specific information depends on how you interact with us:

Registered Account Users

Account registration data: name, email address, username, password.
Profile information: full name, date of birth, phone number, profile photo, preferred language.
Transaction data: billing and delivery addresses, order details, and Recipient contact information.
Digital Memories content: photos, personal dedications and messages written for Recipients, notes, and other content you create or upload.
Claim Code interactions: codes you generate, share, or redeem.
Communications: messages with customer support, messages between Buyers and Sellers, reviews and ratings.

Guest Users

Transaction data: name, email address, phone number, billing and delivery addresses, and Recipient contact information.
Payment information: as processed by our third-party payment providers.
Communications: messages with customer support related to guest orders.

Sellers

Business information: business name, business address, tax identification number, bank account or payment details.
Identity verification documents: government-issued identification as required for verification.
Product and storefront data: product listings, images, descriptions, pricing, and availability.
Communications: messages with Buyers, customer support, and the BloomBook team.

Recipients

Contact and delivery information: name, delivery address, phone number (as provided by the Buyer).
Claim Code redemption data: when a Recipient claims flowers through the app.
Digital Memories content: photos, messages, and other content associated with received bouquets.
Digital Collectible data: type of collectible received, date of generation, and associated order metadata.
Personal dedications and messages: text written by the Buyer as a dedication or personal message.

Recipients' Personal Data is initially provided to us by the Buyer in connection with placing an order. BloomBook processes this data on the basis of legitimate interests (for order fulfillment) and, where applicable, contract performance. Buyers represent and warrant that they have obtained any necessary authorization from the Recipient before providing the Recipient's Personal Data to BloomBook.

Payment Information

Payment processing is handled entirely by our third-party payment service providers. We do not collect or store full credit card numbers, debit card numbers, or bank account details. We may receive transaction confirmations, partial card information (e.g., last four digits), and billing addresses for record-keeping and fraud prevention.

3.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

Device and browser information: IP address, operating system, browser type and version, device model, device identifiers, screen resolution, and language settings.
Usage data: pages and screens visited, features used, time spent, click and tap data, search queries, and referring URLs.
Location data: approximate location inferred from your IP address. If you enable location services on your device, we may collect precise geolocation data to provide location-based features such as finding nearby Sellers.
App-specific data: app version, crash reports, performance data, and push notification interactions.
Cookies and similar technologies: as described in Section 10 of this Policy.

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Social login providers (e.g., Google, Facebook, Apple) when you register or log in via a third-party account.
Payment processors and fraud prevention services.
Analytics providers (e.g., Google Analytics, Firebase, Adjust).
Advertising platforms for targeted advertising.

4. How We Use Your Information

4.1 Service Delivery and Operations

Creating and managing your account (for registered users).
Processing and facilitating orders, including sharing necessary information between Buyers, Sellers, and Recipients.
Enabling guest checkout and processing guest purchases.
Generating and managing Claim Codes for flower digitization.
Enabling the creation, storage, and sharing of Digital Memories.
Generating, managing, and revoking Digital Collectibles in connection with Claim Code redemptions.
Facilitating payments and refunds through our payment processors.
Providing customer support and responding to inquiries.

4.2 Service Improvement

Analyzing usage patterns to improve the Service across web and mobile.
Developing new features, products, and services.
Conducting research, testing, and troubleshooting.
Personalizing your experience and content recommendations.
Analyzing anonymized and aggregated user-generated content using artificial intelligence and machine learning technologies to identify trends, improve product recommendations, enhance the Service, and develop new features.

4.3 Communications

Sending transactional messages: order confirmations, Claim Code notifications, delivery updates, and receipts.
Sending service-related notifications and administrative messages.
Sending marketing and promotional communications (with your consent, where required by law).
Push notifications on mobile devices (which you may disable in your device settings).

4.4 Safety, Security, and Compliance

Detecting and preventing fraud, abuse, and security incidents.
Verifying Seller identities and business information.
Enforcing our Terms of Use and other policies.
Complying with applicable laws, regulations, and legal processes.
Protecting the rights, property, and safety of BloomBook, our users, and the public.

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

Contract Performance: processing necessary to fulfill our contractual obligations to you, including processing orders, managing your account, generating Claim Codes, and enabling Digital Memories.
Consent: processing based on your explicit consent, such as marketing emails, push notifications, and cookies for advertising. You may withdraw consent at any time.
Legitimate Interests: processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, analytics, and direct marketing, provided these interests are not overridden by your fundamental rights.
Legal Obligations: processing necessary to comply with applicable laws and regulations.

6. Information Sharing and Disclosure

6.1 Between Buyers and Sellers

As part of the transaction process, we share necessary information between Buyers and Sellers to facilitate order fulfillment. This includes the Buyer's name, delivery address, Recipient details, and any special instructions. Sellers receive only the information strictly necessary to prepare and deliver the order.

6.2 Claim Code Recipients

When a Buyer places an order that includes a Claim Code, the Buyer may write a personal dedication or message for the Recipient. Upon redemption of the Claim Code, the Recipient receives: (a) a Digital Collectible representing the flowers received; (b) a Digital Memory that includes the Buyer's personal dedication or message; and (c) any photos or content the Recipient subsequently uploads.

6.3 Service Providers

We engage third-party service providers to perform functions on our behalf, including payment processing, cloud hosting and data storage, communications services, analytics and advertising platforms, fraud prevention and identity verification, and customer support tools.

6.4 Legal and Regulatory Disclosure

We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable law, respond to a subpoena or court order, protect our rights or property, prevent fraud or abuse, or protect the safety of our users or the public.

6.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

7. International Data Transfers

BloomBook operates globally. Your information may be transferred to and processed in the United States, where our servers and principal offices are located, as well as in other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as our primary transfer mechanism.

8. Your Rights and Choices

8.1 All Users

Regardless of your location, you have the following options:

Access and export your personal data through your account settings (registered users).
Edit or update your personal information at any time.
Delete your account and associated data (most data removed within 30 days; complete deletion may take up to 90 days due to backup systems).
Opt out of marketing emails by clicking the "unsubscribe" link or adjusting your account settings.
Manage push notification preferences in your mobile device settings.
Control cookie preferences through your browser settings or our cookie consent tool.
Manage Digital Memories visibility and sharing settings within the app.

8.2 EEA, UK, and Swiss Residents (GDPR Rights)

If you reside in the European Economic Area, United Kingdom, or Switzerland, you additionally have the right to request access to and a copy of your personal data, request rectification of inaccurate or incomplete data, request erasure, request restriction of processing, request data portability, object to processing based on legitimate interests, withdraw consent at any time, and lodge a complaint with your local data protection authority.

8.3 California Residents (CCPA/CPRA Rights)

If you are a California resident, the CCPA and CPRA provide you with the Right to Know, Right to Correct, Right to Delete, Right to Opt-Out of Sale/Sharing, and Right to Non-Discrimination. BloomBook does not sell your personal information as defined by the CCPA.

8.4 Mexican Residents (LFPDPPP)

If you reside in Mexico, the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) grants you specific ARCO rights (Acceso, Rectificación, Cancelación y Oposición).

Access (Acceso): you have the right to know what Personal Data we hold about you.
Rectification (Rectificación): you have the right to request the correction of your Personal Data when it is inaccurate, incomplete, or not up to date.
Cancellation (Cancelación): you have the right to request the deletion of your Personal Data.
Opposition (Oposición): you have the right to oppose the processing of your Personal Data for specific purposes.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion or inactivity, we retain data according to our retention schedule (generally 36 months for Customers, Guest Users, and Recipients; 60 months for Sellers). We may also retain information as necessary to comply with legal obligations, resolve disputes, and enforce agreements.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant advertising:

Essential: required for the Service to function properly, including authentication, security, and shopping cart functionality.
Analytics: help us understand how users interact with the Service (e.g., Google Analytics, Firebase).
Advertising: used to deliver relevant advertisements and measure campaign performance.
Preference: remember your settings, language, and personalization choices.

11. Children's Privacy

The Service is not directed to children. We apply age restrictions based on applicable law: under 13 in the United States (COPPA), under 16 in the EEA/UK/Switzerland (GDPR), and under 18 in Mexico (LFPDPPP). If we become aware that we have collected personal information from a child below the applicable threshold without appropriate consent, we will take steps to delete such information promptly.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL) and at rest, regular security assessments, role-based access controls, and secure password storage using industry-standard hashing algorithms.

13. Third-Party Links and Services

The Service may contain links to third-party websites, services, social media platforms, or payment providers. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

14. Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects or similarly significant effects on you without human intervention.

15. Communications

By creating an account, making a purchase, or redeeming a Claim Code, you may receive transactional and service-related messages, marketing communications (email, with your opt-in consent), marketing SMS messages (with your separate express consent), transactional SMS messages, and push notifications (which you may disable in your device settings).

16. Intermediation and Seller Responsibility

BloomBook operates exclusively as an intermediary platform connecting Buyers with independent Sellers. BloomBook does not produce, store, handle, or deliver any physical products. The preparation, quality, and delivery of orders are the sole responsibility of the respective Seller.

17. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you by posting a notice on the Service, sending an email to the address associated with your account, displaying an in-app notification, or through other appropriate channels.

18. Legal Disclaimer

The Service is provided "AS-IS" and "AS-AVAILABLE" without warranties of any kind, express or implied. This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law principles.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company: BloomBook LLC

Address: 8 The Green, Ste B, Dover, DE 19904, USA

Email:

Thank you for trusting BloomBook with your information.