# Privacy Policy

Last updated: 11 June 2026

This Privacy Policy explains how your personal data is processed when you use Bluumme — both the mobile app (iOS, Android) and the website at https://bluumme.com. We comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

Emir Atay Metzer Str. 62 40476 Düsseldorf Germany Email: hello@bluumme.com

A Data Protection Officer is not required by law (Art. 37 GDPR, § 38 BDSG).

2. Data we process

2.1 Account data

When you sign up, we collect: email address, username, password (hashed), optional display name, optional profile picture.

For "Sign in with Apple": an anonymised Apple identifier, optional email (including Apple's private relay). For "Sign in with Google": email, name, profile picture URL if available.

2.2 Content

Photos, videos, captions, comments, likes, saved challenges, streak data and ranking data.

2.3 Location data (only with consent)

If you choose to attach a location to a post, we store the approximate coordinates of that post. You can revoke location access at any time in your device settings or in the app's settings.

2.4 Device and usage data

IP address (truncated in logs), device type, OS version, app version, language setting, crash reports, performance metrics, and pseudonymous product analytics events (e.g. "app opened", "post created" — see section 4.6).

2.5 Push notifications (only with consent)

If you enable notifications, we store a device-specific token in order to send you e.g. streak reminders or challenge updates.

2.6 Moderation and safety data

When you use the safety tools in the app we store the minimum data needed to act on them:

the reported id, the chosen reason category (spam, harassment, nudity, hate, or other), and a timestamp.

timestamp so we can hide content in both directions.

you accepted at sign-up so we know when re-acceptance is required.

2.7 Automated content filtering

At post creation we run a small profanity filter over captions and usernames that blocks universally recognised slurs in the languages we ship. No content is logged; only the rejection event is surfaced to you in the app.

2.8 Direct messages

If you choose to send a direct message (DM) to another Bluumme user, we store the following so the conversation can be delivered and shown to both participants:

or video reference).

DMs are transmitted over TLS (HTTPS) and stored encrypted at rest by our processor (Google Cloud / Firestore, AES-256 server-side encryption). They are not end-to-end encrypted — Bluumme staff can in principle access message contents in order to respond to lawful requests, abuse reports, or court orders. We do not read DMs for advertising, profiling, or model training, and we do not share their contents with third parties.

You can delete an individual message or an entire conversation at any time from within the app. Deleting your account also deletes all DMs you sent; DMs you received are removed from your view but remain in the recipient's inbox until they delete them (this mirrors how email works).

3. Purposes and legal bases

PurposeLegal basis
Providing the service (account, feed, posts, ranking)Art. 6(1)(b) GDPR — performance of a contract
Direct messages between usersArt. 6(1)(b) GDPR — performance of a contract
Location attached to postsArt. 6(1)(a) GDPR — consent
Push notificationsArt. 6(1)(a) GDPR — consent
Security, abuse prevention, moderationArt. 6(1)(f) GDPR — legitimate interest
Crash reports and performance analysisArt. 6(1)(f) GDPR — legitimate interest
First-party analytics — understanding how features are used (sign-ups, activation, retention) to improve the appArt. 6(1)(f) GDPR — legitimate interest
Compliance with legal obligations (e.g. deletion requests)Art. 6(1)(c) GDPR

4. Recipients and international data transfers

We use the following processors:

4.1 Google (Firebase)

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (with data processing also in the United States by Google LLC). Services used: Firebase Authentication, Firestore (database), Cloud Storage, Cloud Functions, Firebase Hosting. Legal basis for US transfer: EU-US Data Privacy Framework (DPF). Google is certified under the DPF. Privacy Policy: https://policies.google.com/privacy DPF entry: https://www.dataprivacyframework.gov

4.2 Apple (Sign in with Apple, App Store, Push)

Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Privacy Policy: https://www.apple.com/legal/privacy/

4.3 Website hosting

Firebase Hosting (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

4.4 Internal moderation alerting

New reports trigger an internal notification to the operator via a private Discord webhook so we can meet the 24-hour review commitment. The webhook receives the report id, reason category, and the public handle of the reported account — never private account information, post content beyond the public caption, or any personal data of the reporter beyond their public display name.

4.5 Crash reporting (Sentry)

Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. We use Sentry to collect crash reports and performance data so we can find and fix errors. Our Sentry project is configured for EU data residency — crash data is ingested and stored in the European Union (Germany). Crash reports may contain your internal user id, device information, and the app state at the time of the error — never your password or message contents. Legal basis for any residual US transfer: EU-US Data Privacy Framework (DPF); Sentry is certified under the DPF. Privacy Policy: https://sentry.io/privacy/

4.6 Product analytics (PostHog)

PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. We use PostHog Cloud EU to understand how Bluumme is used (e.g. how many users open the app, create posts, or come back after signing up) so we can improve the product. Events are stored on servers in the European Union (Frankfurt, Germany) and are linked only to a pseudonymous identifier — a random device id, or your internal user id once you are signed in. They are never linked to your name, email address, photos, or message contents, and we do not use this data for advertising or share it with third parties for their own purposes. You can object to this processing at any time (Art. 21 GDPR) via hello@bluumme.com; we will then delete your analytics profile. Legal basis for any residual US transfer: EU-US Data Privacy Framework (DPF); PostHog is certified under the DPF. Privacy Policy: https://posthog.com/privacy

We do not sell data to third parties. We do not share data with advertising networks.

5. Retention

DataRetention period
Active account dataAs long as your account exists
Posts, comments, likesAs long as your account exists or until you delete them
Direct messagesUntil you delete the message/conversation, or until either participant deletes their account
EULA acceptance timestamp + versionAs long as your account exists
Block recordsUntil you unblock the user or your account is deleted
Reports (post or user)12 months for abuse prevention
Data after account deletionUp to 30 days in backups, then irrevocably deleted
Server logs (truncated IP)14 days
Crash reports90 days
Product analytics events (pseudonymous)Up to 24 months, or until you object / request deletion

6. Your rights

Under the GDPR you have the right to:

To exercise these rights, contact hello@bluumme.com or use the in-app controls.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection authority, in particular:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) Kavalleriestraße 2-4, 40213 Düsseldorf, Germany https://www.ldi.nrw.de

7. Minors

Bluumme is intended for users aged 13 and over. In Germany, persons under 16 require parental consent under Art. 8 GDPR. We do not knowingly register children under 13.

8. Security

We use TLS for data in transit, Firebase default encryption for data at rest, hashed passwords (bcrypt via Firebase Auth), and restrict access to production data to the controller.

9. Cookies and tracking

The Bluumme app itself does not set cookies. The website uses only strictly necessary cookies (session, language preference). No advertising or analytics cookies are set without your explicit consent.

10. Automated decisions

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR. The ranking system is based on published posts and interactions but has no legal or similarly significant effect on you.

11. Apple Privacy Nutrition Label & Google Data Safety

The following summary corresponds to our declarations on the App Store and Google Play.

Data linked to your identity: email, username, photos, videos, profile information, location (if opted in). Data used for app functionality: all of the above plus crash data and performance data. Data used for first-party analytics: usage and interaction data (e.g. app opens, posts, follows, challenge participation) is processed on our behalf by PostHog on EU servers (see section 4.6), linked only to a pseudonymous identifier, to understand how features are used and to improve Bluumme. This data is never used for advertising and is never shared with third parties for their own purposes. Data used for advertising or cross-app tracking: none. Data sold or shared with brokers: none. Data retention: see section 5.

12. Changes to this Privacy Policy

We may update this Privacy Policy to reflect new legal requirements or changes to the service. We will announce material changes in the app and by email at least 14 days before they take effect.