1. Who we are
Bloomly ("we", "us", "our") is a trading name operated by David Levy, a sole trader registered in England and Wales. We provide AI-powered marketing and automation tools for local businesses via bloomlyai.co.uk and app.bloomlyai.co.uk.
Contact: hello@bloomlyai.co.uk
2. What data we collect
We collect the following types of personal data:
- Contact information — name, email address, phone number, business name
- Account information — email address and login credentials for your Bloomly dashboard
- Payment information — processed securely via Stripe; we do not store card details
- Usage data — how you use our platform, features accessed, session data
- Communications — messages sent via our contact form or email
- Client data — data your business collects via Bloomly tools (leads, appointments, contacts)
3. How we use your data
We use your data to:
- Provide and maintain the Bloomly service
- Process payments and manage your subscription
- Send you onboarding and support communications
- Improve the platform based on usage patterns
- Comply with legal obligations
- Send service updates and important account notices
We will only send you marketing communications if you have given explicit consent. You can opt out at any time.
4. Legal basis for processing
We process your data under the following lawful bases (UK GDPR):
- Contract — processing necessary to provide the service you've signed up for
- Legitimate interests — improving our service and communicating with existing customers
- Consent — for marketing communications and non-essential cookies
- Legal obligation — where required by law
5. Who we share data with
We do not sell your personal data. We share data only with trusted third-party services required to operate Bloomly:
- GoHighLevel — our underlying CRM and automation platform (data processed in the US; standard contractual clauses apply)
- Stripe — payment processing (PCI-DSS compliant)
- Google Workspace — email and communications
- Netlify — website hosting
- Formspree — contact form processing
All third-party processors are bound by data processing agreements and are required to protect your data.
6. Data retention
We retain your personal data for as long as your account is active, plus a reasonable period thereafter for legal and business purposes. Account data is deleted within 90 days of account closure upon request. Payment records are retained for 7 years as required by HMRC.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to processing
- Data portability — receive your data in a portable format
- Withdraw consent at any time
To exercise any of these rights, email hello@bloomlyai.co.uk. We will respond within 30 days.
8. Cookies
Our website uses essential cookies required for the site to function. We do not currently use tracking or advertising cookies. If this changes, we will update this policy and request your consent.
9. Security
We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), two-factor authentication on all admin accounts, and restricted access to personal data.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website. The date at the top of this page shows when it was last updated.
11. Complaints
If you have concerns about how we handle your data, please contact us first at hello@bloomlyai.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Questions about your privacy?
Email us at hello@bloomlyai.co.uk and we'll get back to you within a few hours. We're a real team — not a chatbot.