Privacy
Privacy policy.
How we handle personal data across our marketing site and the Bloop platform. Last updated: 18 July 2026.
This is a template. Have it reviewed by a qualified lawyer before relying on it. Placeholders in [brackets] need real values.
1. Who we are
This site and the Bloop platform are operated by [Bloop Ltd], a company registered in [England & Wales] under company number [company number], with its registered office at [company address]. Where this policy uses "we", "us" or "our", it means [Bloop Ltd].
For any privacy question you can reach us at privacy@bloophq.com. We are registered with the UK Information Commissioner's Office (ICO) under registration number [ICO registration number].
2. What we collect and why
Demo requests & enquiries
When you ask for a demo or get in touch, we collect the details you provide so we can respond and prepare for the conversation. This typically includes:
- Your name;
- Your work email address;
- Your organisation;
- Your role;
- The type of event you run;
- Expected capacity and event dates;
- Any message you send us.
We use this to reply, arrange and run a demo, and to follow up about Bloop. We keep a record of the correspondence so we can pick up where we left off.
Analytics
We measure how the marketing site is used with Plausible, a privacy-friendly, cookieless analytics tool. Plausible does not set cookies, does not collect personal data and does not track you across other sites. We see aggregate figures such as page views and referring sources, not individuals.
3. Lawful bases
Under the UK GDPR and EU GDPR, we rely on the following lawful bases:
- Legitimate interests — to respond to your enquiry, run demos, understand aggregate site usage and promote our business, balanced against your rights.
- Consent — where required, for example for optional marketing communications, which you can withdraw at any time.
- Contract — where handling your data is necessary to enter into or perform a contract with you or your organisation.
4. The Bloop platform — our role as processor
When your organisation uses the Bloop platform, the personal data held about attendees, staff, suppliers and crew is your customers' data. In that context the event organiser is the data controller and [Bloop Ltd] acts as a data processor, handling that data on the organiser's documented instructions and only to provide the service.
Our handling of customer data as a processor is governed by our data processing terms. See the terms of service and our data processing addendum (DPA) summary — request the current DPA at privacy@bloophq.com.
5. Sub-processors
To deliver the service we use a small set of established providers. Which are active depends on the features enabled:
- Resend — transactional email (magic links, invites, alerts).
- Twilio — SMS notifications.
- Stripe — card payments (catering and pay-online).
- Square — guest-list paywall, on the operator's own Square account.
- Google — Sheets and Drive integration, via a service account the operator connects.
- See Tickets — ticketing barcode sync and gate-scan register-back.
- Hosting, database & storage provider — the infrastructure Bloop runs on (for example Railway with MySQL) and the operator's chosen S3-compatible object storage.
6. Where your data is held
Structured data is held in MySQL, and documents and photos are held in S3-compatible object storage. Because operators choose their own storage bucket and database region, the location of platform data follows the operator's configuration — the applicable region is [region]. Marketing enquiry data is held in [location of marketing/CRM data].
7. How long we keep it
We keep personal data only as long as we need it for the purposes above, then delete or anonymise it. Indicative periods:
- Demo and enquiry records: [retention period, e.g. 24 months from last contact].
- Platform (processor) data: kept for the duration of the customer's contract and deleted or returned per the DPA, subject to [retention period].
- Aggregate, non-identifying analytics: [retention period].
8. Your rights
Under the UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you;
- Rectification of inaccurate or incomplete data;
- Erasure of your data in certain circumstances;
- Portability — to receive your data in a portable format;
- Object to, or restrict, certain processing, including direct marketing.
To exercise any of these, contact privacy@bloophq.com. Where we act as processor for platform data, we will refer your request to the relevant event organiser (the controller). You also have the right to complain to the ICO at ico.org.uk, or your local EU supervisory authority.
9. International transfers
Where personal data is transferred outside the UK or EEA, we put appropriate safeguards in place, such as the [UK International Data Transfer Agreement (IDTA) / EU Standard Contractual Clauses (SCCs), where applicable]. Details of the safeguards for a specific transfer are available on request.
10. Contact
Questions, requests or concerns about privacy? Email privacy@bloophq.com or write to us at [company address].