Privacy Policy

1. Introduction

This policy explains what data StackBloom ("we," "our," or "us") collects, why we collect it, who we share it with, and what rights you have over it. We comply with GDPR.

2. Information We Collect

Personal Information

We collect information that you provide directly to us:

• Name and email address
• Payment information (processed securely by Stripe/PayPal)
• Account credentials (passwords are hashed and encrypted)
• Profile information (photo, company name, phone number)
• Communication preferences and notification settings
• Support requests and correspondence

Product-Specific Data

Depending on which StackBloom products you use, we may collect:

• Forms: Form submissions, field data, file uploads, webhook configurations
• PDF Suite: Uploaded PDFs, annotations, editing history, shared document links
• E-Sign: Documents for signature, signer information, audit logs
• Scheduling: Calendar data, availability settings, booking information, Google Calendar connections
• Monitor: Website URLs, monitoring configurations, uptime data, alert settings
• HealthBloom: Patient information, appointment records, medical practice data (HIPAA-protected)
• Proposals: Proposal content, client information, version history
• Automations: Workflow configurations, integration credentials (encrypted), execution logs
• TableBloom: Restaurant information, reservation data, table configurations
• InboxBridge: Email routing rules, message logs, auto-responder templates
• Live Chat: Conversation history, visitor information, knowledge base content
• URL Shortener: Original URLs, custom domains, click analytics, QR codes
• Email Signature: Signature design data, social media links, contact information

Usage Information

We automatically collect certain information when you use our services:

• Device information (type, OS, browser, screen resolution)
• IP address and geographic location data
• Usage patterns, feature adoption, and user preferences
• Performance metrics and error logs
• Cookies and similar tracking technologies
• Referral sources and campaign attribution

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Process your purchases and payments
• Send you product updates and important notices
• Provide customer support
• Improve our products and services
• Detect and prevent fraud or abuse
• Comply with legal obligations
• Send marketing communications (with your consent)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Payment Processors: Stripe, PayPal for secure payment processing
• Cloud Services: AWS S3 for file storage, Heroku for hosting
• AI Services: OpenAI for AI-powered features
• Email Services: Resend, SendGrid for transactional emails
• SMS Services: Twilio for SMS notifications
• Google Services: Calendar API, OAuth authentication, Analytics
• Analytics Providers: To improve our services and user experience
• Legal Authorities: When required by law or legal process
• Business Transferees: In case of merger, acquisition, or asset sale

All third parties are bound by confidentiality agreements and data protection requirements.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted using TLS 1.3 (SSL/HTTPS)
• Encryption at Rest: Sensitive data encrypted in our PostgreSQL database
• Password Security: Passwords hashed using bcrypt with strong salting
• Payment Security: PCI DSS Level 1 compliant (via Stripe and PayPal)
• Access Controls: Role-based access control (RBAC) and multi-factor authentication
• Regular Audits: Security audits, vulnerability scanning, and penetration testing
• Infrastructure: Hosted on secure Heroku infrastructure with managed PostgreSQL and Redis
• File Storage: Secure cloud storage with AWS S3
• API Security: Rate limiting, API key authentication, and request validation
• HIPAA Compliance: HealthBloom data stored with additional HIPAA-compliant safeguards

6. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Opt-out of certain data processing
• Right to Withdraw Consent: Revoke consent at any time

To exercise these rights, contact us at: privacy@stackbloom.io

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Account data is retained while your account is active. After account deletion, we retain minimal data for legal and security purposes for up to 7 years as required by law.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze usage and improve our services
• Provide personalized experiences
• Measure marketing effectiveness

See our Cookie Policy for more details.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and GDPR compliance.

10. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform. The "Last Updated" date indicates when changes were made.

12. Contact Us

For privacy-related questions or to exercise your rights:

• Email: privacy@stackbloom.io
• Data Protection Officer: dpo@stackbloom.io
• Contact Form: stackbloom.io/contact