">
Legal · Document 01 of 04

Privacy Policy.

Last updated: April 23, 2026

The short version: we only collect what we need to run Bloomzy, we don't sell your data, we don't train AI on your content, and you can delete everything at any time.

Una nota

Spanish version coming soon.

Our legal pages are currently available only in English. We're working on professionally translated versions for our Spanish-speaking community. In the meantime, please read the English version below, or contact us at hello@bloomzy.ai if you have questions in Spanish.

01

Who we are

Bloomzy is operated by MindEssence Nutrition LLC d/b/a Bloomzy, a Florida limited liability company ("we", "our", "us"). We are the data controller for personal information collected through this service. Our service is available at bloomzy.ai.

Questions? Write us at hello@bloomzy.ai.

02

What we collect

We collect only what we need to provide the service:

  • Account info: email address and name provided via email signup or Google OAuth.
  • Brand kit: logo, colors, fonts, and brand voice you upload or configure.
  • Content: photos, videos, and text you upload to create posts.
  • Usage data: which features you use, session timestamps, error logs.
  • Social tokens: OAuth tokens for Instagram, Facebook, YouTube, X (Twitter), and TikTok — stored encrypted.
  • Payment data: handled entirely by Stripe. We never see or store your card details.
03

How we use your data

  • To generate captions, carousels, reels, and content using Bloomzy AI.
  • To post content to your connected social accounts on your behalf, when you approve.
  • To process video, apply filters, add logos, transcribe audio for subtitles.
  • To improve the service (aggregated and anonymized, never individual).
  • Note: We never use Google user data for service improvement, even in aggregated or anonymized form, beyond the Limited Use scope described in Section 12.
  • To send transactional emails (welcome, receipts, password reset, post failures).
  • We never use your content to train AI models.
  • We never sell your data to third parties.
04

Third-party services we use

Each service below receives only the data it needs to do its specific job:

  • Supabase — database and file storage for your account, brand kit, and uploaded media (EU and US regions).
  • Anthropic — AI caption, carousel, and content generation. We send prompts and brand voice. They do not train on your data.
  • Stability AI — AI-powered image editing and enhancement.
  • Photoroom — background replacement for product photos.
  • Cloudinary — video processing, color grading, and visual filter application.
  • OpenAI Whisper — automatic transcription of reel audio for subtitle generation.
  • Railway — cloud hosting infrastructure (US-based).
  • Stripe — payment processing. We never store credit card numbers.
  • Resend — transactional email delivery.
  • n8n — workflow automation for scheduled posting to your connected platforms.
  • Sentry — anonymized error logging to detect bugs. No personal data.
  • Crisp — live chat support, only active if you initiate a conversation.
  • Google Fonts — typography preview requests when browsing fonts in Brand Kit.

Social media platforms. We use official APIs to publish content on your behalf:

  • Meta (Instagram & Facebook) — We use the Meta Graph API and Instagram Content Publishing API to publish posts, images, carousels, reels, and stories to your connected Facebook Page and Instagram Professional account on your behalf. We request the following permissions: pages_manage_posts, instagram_content_publish, pages_read_engagement, instagram_basic, pages_show_list, and business_management. We do not access your personal Facebook profile, private messages, friends list, or ad accounts. OAuth tokens are stored encrypted and used solely to publish content you have explicitly approved in Bloomzy. You can revoke access at any time from Bloomzy Settings or from your Facebook Business Integrations settings. Our use of Meta Platform Data complies with the Meta Platform Terms and Meta Developer Policies.
  • X (Twitter) — We use the X (Twitter) API to publish tweets, threads, and image posts to your connected X account on your behalf. Bloomzy authenticates via OAuth 1.0a, which grants read and write access to your account as configured in our X Developer App settings. We do not access your direct messages, followers list, or analytics. OAuth tokens are stored encrypted and used solely to publish content you have explicitly approved in Bloomzy. You can revoke access at any time from Bloomzy Settings or from your X Connected Apps settings. Our use complies with the X Developer Agreement and Policy.
  • YouTube — We use the YouTube API Services to upload videos and YouTube Shorts to your channel on your behalf. We request the youtube.upload scope to publish videos and the youtube.readonly scope to retrieve your channel name for display in Bloomzy Settings. We do not modify or delete your existing YouTube videos, playlists, comments, subscribers, or analytics. OAuth tokens are stored encrypted and used solely to publish content you have explicitly created and approved in Bloomzy. You can revoke Bloomzy's access at any time from your Bloomzy Settings page or from your Google Account permissions page. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. By using Bloomzy's YouTube integration, you also agree to the YouTube Terms of Service. Google's Privacy Policy is available at https://policies.google.com/privacy. Bloomzy does not use any data obtained through the YouTube API to train AI or machine learning models.
  • TikTok — We use the TikTok Content Posting API to publish videos to your connected TikTok account on your behalf. We request the user.info.basic and video.publish scopes. The user.info.basic scope is used solely to retrieve your TikTok username, display name, and avatar to confirm which account is connected. The video.publish scope is used solely to post content you have explicitly approved in Bloomzy to your TikTok profile via the Direct Post endpoint. Before each post, Bloomzy queries the TikTok creator_info endpoint to retrieve your account’s current posting permissions (available privacy levels, interaction settings, and maximum video duration) to render compliant publishing options. We do not access your existing TikTok videos, analytics, followers, comments, or direct messages. OAuth tokens are stored encrypted in our database and used solely to publish content you have explicitly approved. You can revoke access at any time from Bloomzy Settings or from your TikTok app under Settings → Security → Manage app permissions. Our use complies with the TikTok Developer Terms of Service, the TikTok Music Usage Confirmation, and where applicable, the TikTok Branded Content Policy.
05

Temporary video processing

When you upload a reel, our server temporarily processes the video using ffmpeg to apply your chosen effects (music mixing, subtitle burning, hook overlays, zoom crops, filters). Processed files are uploaded to Supabase Storage and the temporary server files are deleted immediately after processing completes.

06

Data retention

We retain your data for as long as your account is active. When you delete your account, all your data is permanently deleted within 30 days. You can request deletion at any time via hello@bloomzy.ai or from the data deletion page.

07

Your rights

You have the right to access, correct, export, or delete your personal data at any time. For users in the EU (GDPR) or California (CCPA), these rights are protected by law. Contact us at hello@bloomzy.ai and we'll respond within 72 hours.

08

Cookies & tracking

We use session cookies only — no tracking or advertising cookies. We do not use Google Analytics or any third-party analytics services. Our Meta Pixel is used for conversion tracking on marketing pages only (the landing page, pricing), not inside the app itself.

09

Security

All OAuth tokens and sensitive data are encrypted at rest. Database communications use TLS. Access to production infrastructure is limited and logged. We use Sentry to monitor for security issues and errors.

10

Children's privacy

Bloomzy is designed for adults running small businesses. We do not knowingly collect information from anyone under 18 years old. If you believe a minor has created an account, please contact us and we will delete it promptly.

11

Changes to this policy

We'll notify active users by email if we make material changes to this policy. Minor edits (typo fixes, clarifications) may be made without notice, but the "last updated" date at the top will always reflect the most recent change.

12

Google API Services Disclosure

Bloomzy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: (a) we only use Google user data to provide and improve the features you use in Bloomzy; (b) we do not transfer Google user data to third parties except as necessary to provide the service, as required by law, or with your explicit consent; (c) we do not use Google user data for advertising purposes; (d) we do not allow humans to read your Google user data except with your consent, for security investigation, to comply with law, or when aggregated and anonymized for internal operations; and (e) we do not use Google user data to train generalized or non-personalized AI/ML models.

13

Contact us

MindEssence Nutrition LLC d/b/a Bloomzy
476 Riverside Ave., Jacksonville, FL 32202
Email: hello@bloomzy.ai

© 2026 Bloomzy™ · Made by someone who uses it.