Privacy Policy

Effective: February 26, 2026 · Last updated: February 26, 2026

Blossom ("we," "our," or "us") operates the Blossom mobile application and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Blossom application. Please read this Privacy Policy carefully. By accessing or using the Service, you agree to the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect information in several ways when you use the Service.

1.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name, email address, phone number, and password. If you register as a beauty technician or business owner, we also collect professional information such as your business name, service offerings, pricing, portfolio images, and professional credentials.
• Profile Information: Information you add to your profile, including profile photos, bio, social media links, brand name, tagline, and location preferences.
• Booking Data: When you book an appointment, we collect details about the service requested, the selected technician, appointment date and time, and any notes or special requests you provide.
• Messages: Content of messages you send and receive through the in-app messaging feature, including text and any images shared.
• Reviews and Ratings: Reviews, ratings, and feedback you submit about technicians and services.
• Payment Information: When you make a payment or receive payouts, your payment details are collected and processed by our third-party payment processor, Stripe. We do not store your full credit card number, debit card number, or bank account number on our servers. We receive from Stripe a limited set of payment data, including the last four digits of your card, card brand, and transaction amounts, for record-keeping and customer support purposes.
• Business Information: If you register as a business owner, we collect information about your business including business name, address, number of technicians, and subscription plan details.

1.2 Information Collected Automatically

• Device Information: We collect information about the device you use to access the Service, including device model, operating system and version, unique device identifiers, and mobile network information.
• Location Information: With your consent, we collect your approximate location to help you find nearby beauty professionals and salons. You may disable location services through your device settings at any time. The app will continue to function but will not be able to provide location-based recommendations.
• Usage Data: We collect information about how you interact with the Service, including pages and features accessed, search queries, technicians viewed, bookings made, and the dates and times of your visits.
• Push Notification Tokens: If you opt in to push notifications, we collect your device push notification token to deliver booking confirmations, appointment reminders, messages, flash sale alerts, and other Service-related notifications. Push notification tokens are managed through the Expo push notification service.
• Log Data: Our servers automatically record information when you access the Service, including your IP address, browser type, referring/exit pages, and timestamps.

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party service (e.g., Apple Sign-In, Google Sign-In), we receive your name, email address, and profile picture as permitted by that service.
• Payment Processor: Stripe provides us with limited transaction data, payout status, and account verification information for technicians and business owners using Stripe Connect.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To create and manage your account, process bookings, facilitate communication between clients and technicians, and deliver the core functionality of the platform.
• Process Payments: To process transactions for services booked through the platform, manage platform membership subscriptions, distribute payouts to technicians and business owners, and calculate loyalty points and rewards.
• Personalize Your Experience: To show you relevant beauty professionals based on your location, preferences, and past activity, and to customize content and recommendations.
• Communication: To send you booking confirmations, appointment reminders, message notifications, flash sale alerts, membership updates, and other Service-related communications.
• Loyalty and Rewards: To track and award loyalty points for bookings, reviews, and purchases, and to manage your membership tier and associated benefits.
• Improve the Service: To analyze usage patterns, diagnose technical issues, and develop new features and improvements to the platform.
• Safety and Security: To detect and prevent fraud, abuse, and security incidents, to verify technician and business owner identities, and to enforce our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. Information Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

3.1 With Other Users

• Clients and Technicians: When you book an appointment, the technician receives your name, contact information, and booking details. When a technician accepts your booking, you receive their name, location, and service details. Messages sent through the platform are visible to both parties in the conversation.
• Public Profiles: Technician profiles, including name, portfolio, reviews, ratings, and service offerings, are publicly accessible on the platform and via public web profile links (Blossom Links). Clients' first names and review content are visible on technician profiles.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Stripe: Payment processing, subscription management, and payout distribution. Stripe's use of your information is governed by the Stripe Privacy Policy.
• Expo (Expo Application Services): Push notification delivery and app update distribution. Expo's use of your information is governed by the Expo Privacy Policy.
• SendGrid: Transactional email delivery (booking confirmations, account notifications, password resets). SendGrid's use of your information is governed by the Twilio Privacy Policy.
• Cloud Hosting Providers: Our backend infrastructure is hosted on cloud services that store and process data on our behalf, subject to appropriate data processing agreements.

3.3 For Legal Reasons

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or governmental request.
• Protect and defend the rights or property of Blossom.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users of the Service or the public.

3.4 Business Transfers

If Blossom is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the app before your information becomes subject to a different privacy policy.

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL.
• Secure password hashing using industry-standard algorithms.
• Authentication tokens with expiration and secure storage on device (via Expo SecureStore).
• Role-based access controls to limit data access to authorized personnel and services.
• Regular security reviews of our codebase and infrastructure.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes (e.g., transaction records for tax compliance, which may be retained for up to 7 years).

Booking history, transaction records, and review content may be retained in anonymized form for analytics and platform improvement purposes after account deletion.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

You may request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used format within 30 days of your request.

6.2 Correction

You may update or correct your personal information at any time through your account settings in the app, or by contacting us directly.

6.3 Deletion

You may request deletion of your account and associated personal information by contacting us at the email address below. Upon receiving your request, we will delete your information in accordance with our data retention practices described in Section 5.

6.4 Opt-Out of Communications

• Push Notifications: You may disable push notifications at any time through your device settings or within the app.
• Marketing Emails: You may unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email. Note that you may still receive transactional emails related to your account and bookings.

6.5 Location Data

You may disable location services for the Blossom app through your device settings at any time. Disabling location services will not affect your ability to use the app but will limit location-based features.

6.6 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. As stated above, we do not sell personal information.

6.7 European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

7. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child under 13 has provided us with personal information, please contact us immediately at the email address below. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information promptly.

Users between the ages of 13 and 17 may use the Service only with the involvement and consent of a parent or legal guardian.

8. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through the app. We are not responsible for the content, privacy policies, or practices of third-party services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.

Where required, we use appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, providing additional notice through the app or via email. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@blossom.app

12. Consent

By using the Blossom application, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.