Data Privacy & Security Policy
Effective Date: 2025 | Version 3.0
At BloomStreet AI, we take data privacy seriously. This document explains how we handle the data you provide to us, how we protect it, and what we will never do with it. Our goal is to give you complete confidence that using BloomStreet AI is safe for you and your customers.
1. Our Core Privacy Promise
What BloomStreet AI Will Never Do
✓ We do not collect, store, or retain any Personally Identifiable Information (PII) of your customers.
✓ We do not sell, share, or license your data or your customers' data to any third party.
✓ We do not use your business data to train AI models.
✓ We do not access your data outside of delivering the services you have subscribed to.
✓ We do not retain your data after your subscription ends beyond the period required by law.
2. What Data Does BloomStreet AI Use?
BloomStreet AI operates as an agentic AI platform. To deliver its services, it processes data that you — our business customer — provide directly. This data falls into two categories:
2.1 Your Business Data (Provided by You)
- Customer and lead contact records you upload or connect to our platform
- Email communications routed through our email reading agent
- Customer transaction history and purchase records you share with us
- Content briefs, business descriptions, and preferences for content generation
2.2 Operational Data (Generated by BloomStreet AI)
- AI-generated follow-up sequences, marketing copy, and upsell recommendations
- Agent activity logs for performance monitoring and troubleshooting
- Aggregated, anonymized usage metrics to improve platform reliability
We do not independently collect data from your customers. All customer data flows from you to us — never the other way around.
3. How We Handle PII
BloomStreet AI is designed with a PII-minimization architecture. This means:
| Category | Our Commitment |
|---|---|
| Email Addresses | Processed transiently to execute agent tasks. Not stored in identifiable form after task completion. |
| Customer Names | Used only as reference labels within your account. Never extracted or indexed as standalone data. |
| Phone Numbers | Processed only if you provide them for follow-up sequences. Not retained independently. |
| Transaction Data | Used to power upsell and cross-sell recommendations within your account only. Never shared or benchmarked against other accounts. |
| Lead Information | Stored within your account environment only. Accessible only by you and agents acting on your behalf. |
4. Infrastructure & Security
BloomStreet AI is built on Amazon Web Services (AWS), one of the world's most trusted and secure cloud infrastructures. Our infrastructure complies with AWS security standards and best practices.
4.1 AWS Security Standards
- AWS is certified under SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS
- Data is encrypted at rest using AES-256 encryption
- Data is encrypted in transit using TLS 1.2 or higher
- AWS infrastructure is monitored 24/7 with automated threat detection
4.2 Access Controls
- Your data is logically isolated within your account environment
- Access to customer data is restricted to authorized BloomStreet AI personnel on a need-to-know basis
- All internal access to customer data is logged and auditable
- Multi-factor authentication is enforced for all BloomStreet AI administrative access
4.3 Data Residency
Your data is stored and processed within AWS data centers. BloomStreet AI does not transfer your data outside of your designated AWS region without your explicit consent.
5. Data Ownership
You own your data. Always. BloomStreet AI operates as a data processor — we act on your instructions to deliver AI-powered services. We do not claim any rights to your data or your customers' data.
- You may export your data at any time
- You may request deletion of your data at any time
- Upon termination of your subscription, your data will be permanently deleted within 30 days unless you request an export
6. Third-Party Integrations
BloomStreet AI may integrate with third-party tools (such as email providers or CRM platforms) as directed by you. In these cases:
- We only connect to systems you explicitly authorize
- We request only the minimum permissions necessary to perform the required task
- We do not share your data with integration partners beyond what is required to execute the specific task
- Third-party platforms you connect are subject to their own privacy policies, which we encourage you to review
7. AI Model Usage
BloomStreet AI uses large language models (LLMs) to power its AI agents. We want to be transparent about how your data interacts with these models:
- Your data is never used to train or fine-tune AI models
- Data submitted to AI models for task execution is processed transiently and is not retained by the model provider beyond the scope of the request
- We work only with AI providers whose data processing agreements are compatible with our privacy commitments
8. Your Rights
Depending on your location and applicable law, you may have the right to:
- Access the data we hold about your business
- Correct inaccurate data
- Request deletion of your data
- Request a portable copy of your data
- Restrict or object to certain types of processing
To exercise any of these rights, contact us at privacy@bloomstreet.ai. We will respond within 30 days.
9. Compliance
BloomStreet AI is committed to operating in compliance with applicable data protection laws. Our infrastructure and data handling practices are aligned with:
- General Data Protection Regulation (GDPR) principles — for customers operating in or serving individuals in the European Union
- California Consumer Privacy Act (CCPA) — for customers operating in California
- AWS compliance certifications including SOC 2 Type II
As BloomStreet AI processes data on your behalf, you remain the data controller for your customers' information. We act solely as your data processor.
10. Updates to This Policy
We may update this policy from time to time as our platform evolves. We will notify you of any material changes by email at least 30 days before they take effect. Continued use of BloomStreet AI after that date constitutes acceptance of the updated policy.
Questions About This Policy?
We welcome questions and conversations about our privacy practices. Reach out to us at:
Email: kushala@bloomstreet.ai
Website: www.bloomstreet.ai
We believe transparency builds trust — and trust is the foundation of everything we build.
© 2025 BloomStreet AI | Confidential