This Privacy Policy explains how Blomm Group LLC ("Blomm", "we", "us", "our") collects, uses, stores, and shares personal information when you use the Blomm service at app.blomm.io and our marketing site at blomm.cloud (together, the "Service").
Blomm is a software tool that helps Amazon sellers identify physical-retail businesses likely to be a fit for their products and run automated cold-email outreach to those businesses. We are not affiliated with Amazon.com, Inc. or its affiliates.
Quick contact
Questions, data-rights requests, or anything else: email partners@blomm.io. Postal mail: Blomm Group LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA.
1. Information we collect
1.1 Information you provide directly
- Account data: name, email address, sign-in identifier — provided when you sign up via our authentication provider.
- Payment data: billing details are collected and stored by our payment processor. Blomm receives only customer / subscription / invoice identifiers; we do not receive or store full card numbers.
- Product data: Amazon product URLs you submit, product descriptions, fulfillment type, and any custom business-type or campaign settings you configure.
- Communications: messages you send us by email or through the Service.
1.2 Information collected automatically
- Usage data: pages viewed inside the app, actions taken, timestamps, and basic device / browser metadata (user agent, locale).
- Authentication cookies: a session cookie set by our authentication provider so you stay signed in. This is essential to operate the Service and is not used for advertising or cross-site tracking.
1.3 Information collected from third parties on your behalf
- Amazon product information: when you submit an Amazon product URL, we retrieve publicly available product page data (title, brand, description, images, ASIN). If you later authorize Amazon Attribution access, we may also retrieve Amazon Attribution conversion data via the Amazon Advertising API (with your explicit OAuth consent).
- Business contact information: on your instruction, we use third-party scraping infrastructure to retrieve publicly available business names, addresses, websites, phone numbers, and contact emails from Google Maps for the cities and business categories you select. This data is stored on our infrastructure as part of your campaign records.
2. How we use information
- To operate the Service: create your account, run product analysis, generate business-category suggestions, run lead scraping, send outreach emails on your behalf, track replies, and surface reporting in your dashboard.
- To bill you and manage your subscription, including handling refunds and disputes.
- To send transactional notifications about your account, campaigns, and the Service itself.
- To respond to your support requests.
- To improve the Service: diagnose bugs, evaluate feature performance, and prevent abuse.
- To comply with legal obligations and enforce our Terms of Service.
Outreach emails sent on your behalf. When we send commercial outreach on a customer's behalf, every email identifies Blomm.io as the sender on behalf of the named Amazon seller, includes Blomm Group LLC's physical postal address, and contains a clear one-click "unsubscribe here" link in the footer. Unsubscribe requests are processed in real time (typically within minutes of the click) and are honored permanently across all current and future Blomm seller outreach. We do not require recipients to log in, create an account, or provide any additional information to opt out.
We do not sell personal information. We do not use your data or your customers' data to train general-purpose AI models. We do not run third-party advertising trackers on the Service.
3. Third-party data processors
We rely on third-party service providers ("subprocessors") to operate the Service. Each one processes only the data necessary for its function. We do not authorize any subprocessor to use your data for its own purposes. Our subprocessors operate in the following categories:
- User authentication and session management
- Payment processing and subscription billing
- Database hosting (United States, with row-level security)
- Workflow automation
- Public-web data retrieval (Google Maps business listings + Amazon product pages, on your instruction only)
- AI categorization of product descriptions and email-copy generation
- Cold-email delivery infrastructure
- Transactional email delivery
- Application hosting and CDN
Where you authorize Amazon access, we use Amazon's Advertising API and Amazon Attribution to retrieve only the data necessary to deliver the Service to you (Attribution tag identifiers, click and conversion counts). We do not share Amazon customer data with any party other than Amazon's own services and your own account view inside Blomm.
A current named list of subprocessors is available on request at partners@blomm.io. We will notify customers in advance of any material change to that list.
4. Legal basis for processing (EEA / UK)
- Contract: processing necessary to deliver the Service you subscribe to.
- Legitimate interests: securing the Service, preventing fraud and abuse, and improving product quality, where those interests are not overridden by your rights.
- Legal obligation: tax, accounting, and lawful-request compliance.
- Consent: when you explicitly connect a third-party account (such as Amazon Seller) we rely on your OAuth consent for that specific scope.
5. Data retention
We retain account and billing data for as long as your account is active and for up to 7 years after closure to satisfy financial-record and tax obligations. Campaign-related data (product analyses, business contacts you've scraped, emails sent) is retained while your account is active and for up to 90 days after deletion request, after which it is permanently deleted from our active systems. Backups are rotated within 35 days.
Suppression list (unsubscribed recipients). When a recipient clicks the unsubscribe link in any Blomm-sent email, or asks us to remove them by emailing partners@blomm.io, we record that opt-out in a suppression list and retain it indefinitely. Once a recipient opts out, that decision persists permanently and is automatically applied to all current and future Blomm seller outreach — across every campaign and every seller on the platform. The minimum personal information we keep to honor a suppression entry is the email address; we do not need additional identifiers to maintain it. You can request a copy of (or removal of) your suppression-list entry by emailing partners@blomm.io, but removing a suppression entry is not the same as consenting to receive further outreach.
6. Your rights
Depending on where you live (including but not limited to the EEA, UK, California, Virginia, Colorado, Connecticut, Utah), you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information ("right to be forgotten") subject to our legal retention obligations (including GDPR Article 17).
- Port your information to another service in a structured, machine-readable format.
- Restrict or object to certain processing (including GDPR Article 21).
- Withdraw consent at any time where processing relies on consent.
- Lodge a complaint with your local data protection authority.
If you received a Blomm outreach email and want to opt out:
- Click the "unsubscribe here" link in the footer of any Blomm-sent email. This is the fastest path: it processes in real time and applies permanently to all Blomm seller outreach.
- If the unsubscribe link is missing or not working, email partners@blomm.io with the subject line "Unsubscribe" and we will remove you manually within 1 business day.
- You may also exercise your GDPR Article 17 ("right to erasure") right by emailing partners@blomm.io.
To exercise any of these rights, email partners@blomm.io. We respond within 30 days. We do not discriminate against you for exercising your rights.
California residents (CCPA / CPRA): we do not sell or share personal information for cross-context behavioral advertising. The categories of personal information described in Section 1 cover the CCPA-required categories.
7. Cookies
Blomm uses cookies to operate the Service. The table below lists every cookie we set today, organized by category. Strictly necessary cookies are required to deliver the Service and do not require consent under EU ePrivacy guidance. Optional categories (functionality, analytics, marketing) are off by default and only enabled if you explicitly accept them in the cookie banner.
| Cookie name | Category | Purpose | Retention | Set by |
|---|---|---|---|---|
__session |
Strictly necessary | Authentication session — keeps you signed in to the Blomm app. | Session | Clerk (authentication provider) |
sidebar:state |
Strictly necessary | Remembers whether you collapsed or expanded the sidebar; set only after you interact with the sidebar toggle (user-action). | 7 days | Blomm app |
__cf_bm |
Strictly necessary | Cloudflare bot management on third-party CDN assets (fonts, Tailwind). Required for security and is set by the CDN provider, not Blomm. | 30 minutes | Cloudflare (CDN provider) |
cc_cookie |
Strictly necessary | Stores your cookie consent decision so the banner does not re-appear on every visit. | 12 months | Blomm (vanilla-cookieconsent) |
| (none today) | Functionality / Analytics / Marketing | None today. Will be disclosed here before any non-essential cookie is set. | — | — |
You can change your consent decision at any time via the Manage cookies link in the footer of any page.
8. Security
We use TLS everywhere, Postgres row-level security on multi-tenant tables, short-lived access tokens for third-party connections, and least-privilege keys for service-role operations. Backups are encrypted at rest. We restrict employee access to production data to the smallest necessary number of personnel.
No system is perfectly secure. If you believe your account has been compromised, contact partners@blomm.io immediately.
9. International data transfers
Blomm is established in the United States, and our primary infrastructure (database, application hosting, workflow automation, payment processing, email delivery, AI services) operates from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
10. Children
The Service is intended for businesses. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information to us, contact partners@blomm.io and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top and, for material changes, notify you by email or in-product notice. Continued use of the Service after a change constitutes acceptance of the updated policy.
12. Contact
For any privacy-related question, complaint, or data-rights request:
- Email: partners@blomm.io
- Postal mail: Blomm Group LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA
- Legal entity: Blomm Group LLC (Wyoming, USA)