Privacy Policy

Bloom Bot ("Company," "we," "us," or "our") respects your privacy and is committed to protecting any data associated with your use of our Services. This Privacy Policy ("Policy") explains how we may collect, use, disclose, and safeguard information when you use our Telegram-based cryptocurrency trading bot, our Manager dashboard at manager.bloombot.app, our browser extensions, and related services, including our website located at bloombot.app (collectively, the "Services").

This Policy is part of our Terms of Service, and by accessing or using our Services, you agree to both this Policy and the Terms of Service. If you do not agree with the terms of this Policy, please do not use our Services.

For the purposes of the General Data Protection Regulation ("GDPR") and other applicable data protection laws, the data controller is: Bloom Bot — support@bloombot.app

This Policy applies to information we may collect through our Services; in email, text, and other electronic communications between you and the Services; through mobile and desktop applications you download from the Services; and when you interact with our advertising and applications on third-party websites and services.

This Policy does not apply to information collected by us offline or through any other means not specified above, or by any third party, including through any application or content that may link to or be accessible from the Services.

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect data from individuals under 18. If you are under 18, do not use or provide any information on our Services.

If we learn we have collected or received data from an individual under 18 without appropriate consent, we will delete that information. If you believe we might have any information from or about an individual under 18, please contact us at support@bloombot.app.

5.1 Important Clarification on Data Collection

Other than the limited analytics and crash-monitoring data described in Section 6.5, Bloom Bot does not collect, store, or process personal data such as real names, physical addresses, dates of birth, gender, biometric data, government-issued identification numbers, financial account details, or any Special Categories of Personal Data.

However, we reserve the right to collect certain categories of data in the future, should it become necessary for the operation, improvement, or legal compliance of the Services. Any such change will be reflected in an updated version of this Policy, and your continued use of the Services after such update will constitute acceptance of the revised data practices.

5.2 Data We May Have Visibility Over

• Platform Identifiers: Usernames and user IDs from third-party platforms through which you access the Services, such as Telegram usernames, Telegram user IDs, Discord usernames, Discord user IDs, and similar public-facing identifiers. These are provided by the respective platforms and are not collected by us independently.
• Blockchain and Transaction Data: Publicly available on-chain data associated with your use of the Services, including wallet addresses, transaction hashes, transaction amounts, token types, timestamps, and other data recorded on public blockchain ledgers (such as Solana, Ethereum, and other EVM-compatible networks). This data is inherently public and accessible to anyone through blockchain explorers.
• Usage and Interaction Data: Basic data about how you interact with the Bot, such as commands used, features accessed, and session activity. This data is used solely for service improvement and troubleshooting purposes.

5.3 Data We Do Not Collect

• Real names, legal names, or aliases (unless voluntarily provided in support communications).
• Physical or mailing addresses.
• Dates of birth, age, or gender.
• Biometric data of any kind.
• Government-issued identification documents or numbers.
• Bank account details, credit card numbers, or traditional financial account information.
• Health, medical, genetic, or physiological data.
• Racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, or sexual orientation.
• Private keys, seed phrases, or wallet passwords. We do not store, have access to, or have the ability to recover your private keys or seed phrases.

5.4 Aggregated and Anonymous Data

We may derive aggregated, anonymized, or statistical data from usage patterns. Such data does not identify any individual user and is not considered personal data under applicable law.

6.1 Platform Interactions

When you interact with the Bot through Telegram, Discord, or other supported platforms, the respective platform may transmit your public-facing username and user ID to us as part of the standard operation of their APIs. We do not actively request or independently collect this information beyond what is necessary to deliver the Services.

6.2 Blockchain Data

Blockchain and transaction data is publicly available on distributed ledgers. When you execute transactions through the Services, the resulting on-chain data is recorded on the relevant blockchain network and is accessible to anyone. Our visibility over this data arises from the public nature of blockchain technology, not from any proprietary data collection mechanism.

6.3 Automated Technologies

As you interact with our Services, we may automatically record basic interaction data such as commands issued, timestamps, and feature usage. This data may be collected through server logs or similar technologies and is used solely for operational purposes.

6.4 Third Parties or Public Sources

We may have access to data from various third-party sources, including technical data from our analytics provider (see Section 6.5); blockchain data that is publicly available on distributed ledgers; and platform data transmitted through third-party APIs (e.g., Telegram Bot API).

6.5 Analytics and Crash Monitoring

We use PostHog, hosted in the European Union, to measure aggregate product usage across our web interfaces. The integration is configured to operate without cookies, without any form of browser storage, and without creating individual user profiles. Pageview events are attributed to a daily-rotated server-side hash that does not identify you and cannot be used to track you across sessions or sites. IP addresses are stripped client-side before transmission.

In the Manager dashboard we additionally capture client-side crash reports so we can monitor service reliability, relying on the legitimate interest basis of Article 6(1)(f) GDPR. Before transmission, crash payloads are automatically scrubbed of wallet addresses, transaction hashes, authentication tokens, email addresses, and similar identifiers. We do not use any of this data for advertising, profiling, cross-site tracking, or automated decision-making.

Our web-based interfaces do not set tracking cookies and do not write analytics data to browser storage (localStorage, sessionStorage, or IndexedDB). Session cookies may be used where strictly necessary to keep you authenticated; these are first-party, scoped to our domain, and are not used for tracking or profiling.

The Bot itself, as a Telegram or Discord-based service, does not use cookies.

• To Provide Services: Facilitate your use of the Services, including processing commands, executing transactions through Third-Party Services, and providing customer support.
• Service Improvement: Analyze usage patterns and interaction data to improve the functionality, performance, and reliability of the Services.
• Security: Detect, prevent, and investigate fraudulent, unauthorized, or malicious activity.
• Reliability and Analytics: Measure aggregate product usage and capture sanitized crash reports to maintain and improve the reliability of the Services, as described in Section 6.5. This processing relies on our legitimate interest under Article 6(1)(f) GDPR and does not involve profiling or advertising.
• Legal Compliance: Comply with applicable legal and regulatory obligations, if and when required.
• Refund Processing: Investigate and process refund requests in accordance with our Refund Policy, including verification of transaction data on public blockchain ledgers.
• Communications: Respond to your support requests, inquiries, or feedback.

We do not use any data for marketing, advertising, profiling, or automated decision-making purposes.

• Legal and Regulatory Authorities: When required by law, court order, or governmental request, or when necessary to comply with applicable legal processes.
• Service Providers: With third-party service providers who assist in the operation of the Services, subject to appropriate contractual safeguards ensuring they do not use the data for their own purposes. Current providers include: PostHog (EU Cloud) for aggregate product analytics and crash monitoring, and our hosting and infrastructure providers.
• Business Transfers: In connection with a merger, acquisition, sale, or reorganization of all or part of our business.
• Fraud Prevention: When necessary to investigate or prevent fraudulent or malicious activity.

We do not sell, rent, or trade any user data to third parties for marketing or commercial purposes.

Our analytics and crash-monitoring data is processed by PostHog on infrastructure located within the European Union and is not transferred outside the European Economic Area ("EEA"). To the extent any other data is transferred to and processed in countries outside the EEA, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including through the use of Standard Contractual Clauses or other approved transfer mechanisms.

We implement reasonable technical and organizational measures to protect any data we may access or collect from unauthorized access, alteration, disclosure, or destruction. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

We retain data only for as long as reasonably necessary to fulfill the purposes described in this Policy, including to comply with any legal, accounting, or reporting requirements.

Blockchain data, by its nature, is permanently recorded on public ledgers and cannot be deleted or modified by us or any party.

Depending on your jurisdiction and applicable data protection laws, you may have certain rights regarding data associated with your use of the Services. To the extent any such rights apply, they may include:

• Access: Request information about any data we hold that is associated with you.
• Correction: Request correction of inaccurate data.
• Erasure: Request deletion of data, subject to legal retention requirements and the inherent immutability of blockchain records.
• Restriction: Request restriction of processing.
• Objection: Object to processing on certain grounds.
• Data Portability: Request transfer of data in a structured, commonly used, machine-readable format.
• Withdraw Consent: Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us atsupport@bloombot.app.

We do not use any data for automated decision-making processes that produce legal effects or similarly significant effects on you.

Our Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies or practices. We encourage you to review the privacy policies of any third-party services you interact with.

Our Services do not respond to Do Not Track ("DNT") signals. DNT is a preference you can set in your browser to inform websites that you do not want to be tracked.

We may update this Policy from time to time, including to reflect changes in our data practices. We will notify you of any significant changes by posting the new Policy on this page and updating the "Last Modified" date. If we begin collecting new categories of data, this Policy will be updated accordingly prior to or concurrently with such collection. Your continued use of the Services after any changes indicates your acceptance of the updated Policy.

If you have any questions or concerns about this Policy or our data practices, please contact us: support@bloombot.app

You are responsible for ensuring that any information you voluntarily provide to us (for example, in support communications) is accurate and current. You are also responsible for understanding that blockchain transactions are publicly recorded and immutable.

This Policy is drawn up in English. If it is translated into any other language, the English version shall prevail in the event of any inconsistencies or discrepancies.