Privacy Policy

Last updated: 1 March 2026

Rebloomr ("we", "us", or "our") is operated as a sole trader based in Japan. This Privacy Policy explains what personal data we collect when you use Rebloomr at rebloomr.com, how we use it, and your rights regarding that data.

1. What data we collect

• Account data: Your email address and a securely hashed password, collected when you create an account.
• Blog content: URLs and article text you provide or that we crawl from your connected blog, used solely to generate your social content.
• Generated content: Images, captions, and carousels we create for you, stored so you can access them later.
• Usage data: Basic counts of actions taken (e.g. images generated) used to enforce plan limits.
• Preferences: Settings you configure within the app, such as brand colours and company description.

2. How we use your data

• To provide and operate the Rebloomr service.
• To generate social content from your blog articles using third-party AI services (see Section 4).
• To send transactional emails (e.g. account confirmation, password reset) via our authentication provider.
• To enforce usage limits and, in future, process payments.

We do not sell your data. We do not use your content to train AI models.

3. Legal basis for processing (GDPR)

If you are located in the European Economic Area, we process your data on the following bases:

• Contract: Processing necessary to provide the service you've signed up for.
• Legitimate interests: Preventing fraud and ensuring service security.

4. Third-party services

We use the following sub-processors to deliver the service:

• Supabase (supabase.com) — database, authentication, and file storage. Data is stored in the EU (AWS eu-west-1) by default.
• Google (Gemini API) — AI image generation. Your article content is sent to Google's API to generate images. See Google's Privacy Policy.
• OpenAI — AI text generation. Your article content may be sent to OpenAI's API. See OpenAI's Privacy Policy.
• Render (render.com) — cloud hosting provider.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

6. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (you can update your email in Account Settings).
• Delete your account and associated data.
• Export your data in a portable format.
• Object to processing in certain circumstances.

To exercise any of these rights, email us at privacy@rebloomr.com. We will respond within 30 days.

7. Cookies

We use a single session cookie to keep you logged in. We do not use advertising or tracking cookies.

8. Security

Passwords are never stored in plain text — they are handled entirely by Supabase Auth. All data is transmitted over HTTPS. We apply reasonable technical measures to protect your data, though no system is completely secure.

9. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the revised policy.

10. Contact

For any privacy-related questions or requests, please contact us at privacy@rebloomr.com.