This Privacy Policy explains how Blomm Group LLC ("Blomm", "we", "us", "our") collects, uses, stores, and shares personal information when you use the Blomm service at app.blomm.io and our marketing site at blomm.cloud (together, the "Service").
Blomm is a software tool that helps Amazon sellers identify physical-retail businesses likely to be a fit for their products and run automated cold-email outreach to those businesses. We are not affiliated with Amazon.com, Inc. or its affiliates.
Quick contact
Questions, data-rights requests, or anything else: email partners@blomm.io. Postal mail: Blomm Group LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA.
1. Information we collect
1.1 Information you provide directly
- Account data: name, email address, sign-in identifier — provided when you sign up via our authentication provider.
- Payment data: billing details are collected and stored by our payment processor. Blomm receives only customer / subscription / invoice identifiers; we do not receive or store full card numbers.
- Product data: Amazon product URLs you submit, product descriptions, fulfillment type, and any custom business-type or campaign settings you configure.
- Communications: messages you send us by email or through the Service.
1.2 Information collected automatically
- Usage data: pages viewed inside the app, actions taken, timestamps, and basic device / browser metadata (user agent, locale).
- Authentication cookies: a session cookie set by our authentication provider so you stay signed in. This is essential to operate the Service and is not used for advertising or cross-site tracking.
1.3 Information collected from third parties on your behalf
- Amazon product information: when you submit an Amazon product URL, we retrieve publicly available product page data (title, brand, description, images, ASIN). If you later authorize Amazon Attribution access, we may also retrieve Amazon Attribution conversion data via the Amazon Advertising API (with your explicit OAuth consent).
- Business contact information: on your instruction, we use third-party scraping infrastructure to retrieve publicly available business names, addresses, websites, phone numbers, and contact emails from Google Maps for the cities and business categories you select. This data is stored on our infrastructure as part of your campaign records.
2. How we use information
- To operate the Service: create your account, run product analysis, generate business-category suggestions, run lead scraping, send outreach emails on your behalf, track replies, and surface reporting in your dashboard.
- To bill you and manage your subscription, including handling refunds and disputes.
- To send transactional notifications about your account, campaigns, and the Service itself.
- To respond to your support requests.
- To improve the Service: diagnose bugs, evaluate feature performance, and prevent abuse.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell personal information. We do not use your data or your customers' data to train general-purpose AI models. We do not run third-party advertising trackers on the Service.
3. Third-party data processors
We rely on third-party service providers ("subprocessors") to operate the Service. Each one processes only the data necessary for its function. We do not authorize any subprocessor to use your data for its own purposes. Our subprocessors operate in the following categories:
- User authentication and session management
- Payment processing and subscription billing
- Database hosting (United States, with row-level security)
- Workflow automation
- Public-web data retrieval (Google Maps business listings + Amazon product pages, on your instruction only)
- AI categorization of product descriptions and email-copy generation
- Cold-email delivery infrastructure
- Transactional email delivery
- Application hosting and CDN
Where you authorize Amazon access, we use Amazon's Advertising API and Amazon Attribution to retrieve only the data necessary to deliver the Service to you (Attribution tag identifiers, click and conversion counts). We do not share Amazon customer data with any party other than Amazon's own services and your own account view inside Blomm.
A current named list of subprocessors is available on request at partners@blomm.io. We will notify customers in advance of any material change to that list.
4. Legal basis for processing (EEA / UK)
- Contract: processing necessary to deliver the Service you subscribe to.
- Legitimate interests: securing the Service, preventing fraud and abuse, and improving product quality, where those interests are not overridden by your rights.
- Legal obligation: tax, accounting, and lawful-request compliance.
- Consent: when you explicitly connect a third-party account (such as Amazon Seller) we rely on your OAuth consent for that specific scope.
5. Data retention
We retain account and billing data for as long as your account is active and for up to 7 years after closure to satisfy financial-record and tax obligations. Campaign-related data (product analyses, business contacts you've scraped, emails sent) is retained while your account is active and for up to 90 days after deletion request, after which it is permanently deleted from our active systems. Backups are rotated within 35 days.
6. Your rights
Depending on where you live (including but not limited to the EEA, UK, California, Virginia, Colorado, Connecticut, Utah), you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information ("right to be forgotten") subject to our legal retention obligations.
- Port your information to another service in a structured, machine-readable format.
- Restrict or object to certain processing.
- Withdraw consent at any time where processing relies on consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email partners@blomm.io. We respond within 30 days. We do not discriminate against you for exercising your rights.
California residents (CCPA / CPRA): we do not sell or share personal information for cross-context behavioral advertising. The categories of personal information described in Section 1 cover the CCPA-required categories.
7. Cookies
We use only essential cookies to operate the Service — primarily the authentication session cookie set by our authentication provider. We do not use third-party analytics, advertising, or tracking cookies. Because no consent is required for strictly essential cookies under EU ePrivacy guidance, we do not show a cookie banner. If we add non-essential cookies in the future, we will obtain consent first.
8. Security
We use TLS everywhere, Postgres row-level security on multi-tenant tables, short-lived access tokens for third-party connections, and least-privilege keys for service-role operations. Backups are encrypted at rest. We restrict employee access to production data to the smallest necessary number of personnel.
No system is perfectly secure. If you believe your account has been compromised, contact partners@blomm.io immediately.
9. International data transfers
Blomm is established in the United States, and our primary infrastructure (database, application hosting, workflow automation, payment processing, email delivery, AI services) operates from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
10. Children
The Service is intended for businesses. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information to us, contact partners@blomm.io and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top and, for material changes, notify you by email or in-product notice. Continued use of the Service after a change constitutes acceptance of the updated policy.
12. Contact
For any privacy-related question, complaint, or data-rights request:
- Email: partners@blomm.io
- Postal mail: Blomm Group LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA
- Legal entity: Blomm Group LLC (Wyoming, USA)