bloomkini bloomkini

  • Home
  • Blog
  • About Us
  • Contacts
  • Sign up
  • Login

Privacy Policy

Home / Privacy Policy






Privacy Policy - BloomKini



1. Introduction

Welcome to BloomKini. We believe your privacy matters, and we're committed to being transparent about how we handle your personal information.

BloomKini is operated by a Swedish company and provides book summary services through our website (bloomkini.com) and mobile applications. This Privacy Policy explains what information we collect, why we collect it, how we use it, and what rights you have regarding your data.

This policy applies to all users worldwide, with specific provisions for individuals in the European Union (GDPR), California and other US states (CCPA/CPRA), Australia (Privacy Act 1988), and other jurisdictions.

By using BloomKini, you agree to the collection and use of information as described in this policy. If you don't agree with any part of this policy, please don't use our services.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our services, you voluntarily provide us with certain information:

Data Type Examples Purpose
Account Information Name, email address, password (encrypted) Account creation and authentication
OAuth Data Google account name, email, profile picture (if you sign in with Google) Simplified login process
Payment Information Billing name, payment tokens from Stripe/PayPal Processing subscriptions (we never store full card details)
Communication Data Messages you send to our support team Customer support and service improvement

2.2 Information Collected Automatically

When you use BloomKini, we automatically collect certain technical information:

Data Type Examples Purpose
Device Information Device type, operating system, browser type, screen resolution Optimizing app performance for your device
Usage Data Book summaries you read, time spent on pages, features you use Personalizing recommendations and improving content
Log Data IP address, access times, pages viewed, referral URLs Security monitoring and service analytics
Cookies & Tracking Session cookies, preference cookies, analytics cookies Maintaining your session and understanding user behavior

2.3 Information From Third Parties

We receive limited information from third-party services you choose to connect:

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google
  • Stripe/PayPal: Payment confirmation data and transaction IDs (but never your full payment card details)
  • Analytics Providers: Aggregated usage statistics from Google Analytics and Hotjar

What We Don't Collect: We do not collect sensitive personal information such as health data, financial account details (beyond payment tokens), government-issued ID numbers, or precise geolocation data. BloomKini is not intended for individuals under 18, and we do not knowingly collect information from children.

3. How We Use Your Information

We use the information we collect for specific purposes, always with a proper legal basis. Here's what we do with your data and why we're allowed to do it:

Purpose Legal Basis (GDPR) What This Means
Providing access to book summaries and app features Contract Performance We need this data to deliver the service you signed up for
Processing payments and managing subscriptions Contract Performance Essential for billing and subscription management
Personalizing book recommendations based on reading history Legitimate Interest Helps you discover relevant content; you can opt out
Sending transactional emails (password resets, receipts) Contract Performance Necessary communications about your account
Sending marketing emails about new features and books Consent Only if you've opted in; you can unsubscribe anytime
Analyzing usage patterns to improve our service Legitimate Interest Helps us understand what works and what needs improvement
Detecting fraud and ensuring platform security Legitimate Interest / Legal Obligation Protects you, other users, and our service
Responding to legal requests and enforcing our terms Legal Obligation Required by law in certain circumstances

Understanding Legal Bases

  • Contract Performance: Processing is necessary to fulfill our agreement with you
  • Legitimate Interest: We have a valid business reason, balanced against your privacy rights
  • Consent: You've given us explicit permission (you can withdraw this anytime)
  • Legal Obligation: We're required by law to process certain information

4. How We Share Your Information

We don't sell your personal information to anyone. We only share your data with trusted service providers who help us operate BloomKini, and only to the extent necessary.

Service Providers We Work With

Payment Processors

Who: Stripe, PayPal

What they receive: Billing name, email, payment information you provide directly to them

Why: To process your subscription payments securely. These companies have their own privacy policies and security standards (PCI-DSS compliant)

Hosting & Infrastructure

Who: Amazon Web Services (AWS Ireland)

What they receive: All data stored on our servers (account info, reading history, etc.)

Why: To host our application and databases securely. AWS acts as a data processor under our instructions

Analytics & User Experience

Who: Google Analytics, Hotjar

What they receive: Anonymized usage data, device information, general location (city-level)

Why: To understand how people use BloomKini and identify areas for improvement. We've configured these tools to anonymize IP addresses

Authentication Services

Who: Google (OAuth)

What they receive: Confirmation when you use Google to sign in

Why: To verify your identity when you choose to sign in with Google

Email Communications

Who: Our email service provider

What they receive: Your email address and name

Why: To send you transactional emails and marketing communications (if you've opted in)

Other Sharing Scenarios

We may also share your information in these limited circumstances:

  • Legal Requirements: When required by law, court order, or government regulation
  • Safety & Fraud Prevention: To protect our users, investigate potential violations, or prevent harm
  • Business Transfers: If BloomKini is acquired or merged, your data would transfer to the new owner (you'd be notified)
  • With Your Consent: Any other sharing would only happen with your explicit permission

We Never Sell Your Data

BloomKini does not sell, rent, or trade your personal information to third parties for their marketing purposes. This applies to all users, including those in California (CCPA), Australia, and the EU.

5. International Data Transfers

BloomKini operates globally, and here's how we handle your data across borders:

Primary Data Storage

Our servers are located in the European Union (AWS Ireland). This means your data is primarily stored and processed within the EU, which has strong data protection laws.

Transfers Outside the EU

Some of our service providers (like Google Analytics and Hotjar) may process data in countries outside the EU, including the United States. When this happens, we ensure appropriate safeguards are in place:

  • ✓

    Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses (SCCs) with service providers, which are legal agreements that require them to protect your data according to EU standards.
  • ✓

    Adequacy Decisions: Where available, we rely on the European Commission's adequacy decisions that recognize certain countries as providing adequate data protection.
  • ✓

    Additional Safeguards: We conduct vendor assessments and implement technical measures like encryption to protect data in transit and at rest.

For Users Worldwide

Regardless of where you're located, we apply the same high standards of data protection. Users in Australia, the United States, and other countries outside the EU benefit from these same safeguards when their data is transferred internationally.

6. Data Retention and Deletion

We only keep your personal information for as long as necessary to provide our services and comply with legal obligations. Here's our retention approach:

Data Type Retention Period Reason
Account Information While your account is active + 30 days after deletion Allows account recovery in case of accidental deletion
Reading History While your account is active or until you clear it Enables personalized recommendations
Payment Records 7 years from the transaction date Tax and accounting legal requirements
Support Communications 3 years from the last interaction Customer service quality and dispute resolution
Analytics Data 26 months (Google Analytics default) Statistical analysis and service improvement
Marketing Consent Until you unsubscribe + 30 days Honoring your communication preferences

When You Delete Your Account

When you request account deletion, here's what happens:

  1. 1.

    Immediate deactivation: Your account is immediately deactivated, and you can no longer access BloomKini
  2. 2.

    30-day grace period: Your data is retained for 30 days in case you change your mind and want to recover your account
  3. 3.

    Permanent deletion: After 30 days, we permanently delete your account information, reading history, and preferences
  4. 4.

    Legal exceptions: We may retain certain data (like payment records) for longer periods when required by law

Note on Backups: Deleted data may persist in our backup systems for up to 90 days before being completely removed. These backups are kept in secure, isolated storage and are not used for any operational purposes.

7. Your Privacy Rights

You have significant control over your personal information. The specific rights available to you depend on where you live, but we offer strong privacy protections to all users.

7.1 Rights for EU Users (GDPR)

If you're in the European Union, you have these rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct any inaccurate or incomplete information
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, commonly used format to transfer to another service
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing at any time (where consent is the legal basis)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your rights

7.2 Rights for California Users (CCPA/CPRA)

If you're a California resident, you have these rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we've collected
  • Right to Delete: Request deletion of your personal information (with certain exceptions)
  • Right to Opt-Out of Sale: We don't sell personal information, but you have the right to opt out if we ever did
  • Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: We don't collect sensitive personal information as defined by CPRA

7.3 Rights for Australian Users

If you're in Australia, you have these rights under the Privacy Act 1988:

  • Right to Access: Request access to your personal information
  • Right to Correction: Request correction of inaccurate, incomplete, or outdated information
  • Right to Complain: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
  • Right to Know: Understand why we collect your information and how we use it

7.4 Rights for All Other Users

Regardless of where you're located, we extend similar privacy rights to all BloomKini users:

  • Access and review your personal information
  • Update or correct your account details
  • Delete your account and associated data
  • Opt out of marketing communications
  • Export your reading history and preferences

How to Exercise Your Rights

To exercise any of these rights, you can:

  • ✓

    Email us: Send a request to privacy@bloomkini.com
  • ✓

    Use your account settings: Many actions (like updating info or deleting your account) can be done directly in your BloomKini account
  • ✓

    Contact support: Reach out through our in-app support feature

We'll respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests to protect your privacy.

No Fees: Exercising your privacy rights is free. We won't charge you for accessing your data, making corrections, or deleting your account.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on BloomKini. Here's what you need to know:

What Are Cookies?

Cookies are small text files stored on your device when you visit our website or use our app. They help us remember your preferences and understand how you use our service.

Types of Cookies We Use

Cookie Type Purpose Duration Can You Opt Out?
Strictly Necessary Enable core functionality like logging in and maintaining your session Session (deleted when you close your browser) No - required for the service to work
Functional Remember your preferences (like language, theme, font size) Up to 1 year Yes - but you'll lose personalized settings
Analytics Help us understand how you use BloomKini (Google Analytics, Hotjar) Up to 2 years Yes - you can disable in cookie settings
Authentication Keep you logged in when you return to BloomKini Up to 30 days Yes - but you'll need to log in each visit

Third-Party Tracking

We use these third-party services that may place cookies on your device:

  • Google Analytics: Tracks how visitors interact with our website (anonymized IP addresses)
  • Hotjar: Records heatmaps and user session recordings to understand user behavior (personally identifiable information is masked)
  • Google OAuth: Enables sign-in with your Google account
  • Stripe/PayPal: Facilitates secure payment processing

Managing Your Cookie Preferences

You have several options to control cookies:

  • ✓

    Cookie Banner: When you first visit BloomKini, you can accept or reject non-essential cookies
  • ✓

    Account Settings: Adjust cookie preferences in your BloomKini account settings
  • ✓

    Browser Settings: Most browsers let you block or delete cookies. Check your browser's help section for instructions
  • ✓

    Do Not Track: We respect browser Do Not Track signals for analytics cookies

Impact of Blocking Cookies: If you disable all cookies, some features of BloomKini may not work properly. Strictly necessary cookies are required for the service to function.

9. Security Measures

We take the security of your personal information seriously and implement industry-standard measures to protect it:

Technical Security Measures

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (Transport Layer Security)
  • Encryption at Rest: Your data stored on our servers is encrypted using AES-256 encryption
  • Password Protection: Passwords are hashed using bcrypt with salt, making them unreadable even to our team
  • Secure Payment Processing: We use PCI-DSS compliant payment processors (Stripe, PayPal) and never store full credit card details
  • Regular Security Audits: Our systems undergo regular security assessments and vulnerability testing
  • Firewall Protection: Our infrastructure is protected by enterprise-grade firewalls

Organizational Security Measures

  • Access Controls: Only authorized personnel have access to personal data, on a need-to-know basis
  • Employee Training: Our team receives regular privacy and security training
  • Data Processing Agreements: All third-party service providers sign agreements committing to data protection standards
  • Incident Response Plan: We have procedures in place to detect, respond to, and notify you of security breaches
  • Regular Backups: Your data is backed up regularly to prevent loss, with backups stored securely and encrypted

What You Can Do to Stay Secure

Security is a shared responsibility. Here's how you can protect your account:

  • Use a strong, unique password for your BloomKini account
  • Enable two-factor authentication if available
  • Never share your password with anyone
  • Log out when using shared or public devices
  • Keep your email account secure (it's used for password recovery)
  • Report any suspicious activity to security@bloomkini.com

Data Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours (as required by GDPR) via email and through a notice on our website. We'll explain what happened, what data was affected, and what steps we're taking to address the issue.

Limitation of Liability: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security, but we commit to using industry-best practices to protect your data.

10. Children’s Privacy and Parental Controls

BloomKini offers content suitable for all ages, including children's book summaries and activities. We take children's privacy very seriously and comply with COPPA (Children's Online Privacy Protection Act), GDPR, and other international children's privacy laws.

Account Requirements by Age

  • Ages 13-17: May create accounts with verifiable parental or guardian consent
  • Ages 18+: May create accounts independently
  • Under 13: Cannot create their own accounts, but parents/guardians may create a family account and supervise usage

Parental Consent for Children (Under 18)

If you're under 18 and want to use BloomKini, we require verifiable parental consent before collecting any personal information. Here's how it works:

  1. 1.

    During signup, you'll be asked to provide a parent or guardian's email address
  2. 2.

    We'll send your parent/guardian a consent request explaining what information we collect and how we use it
  3. 3.

    Your parent/guardian must provide consent before your account becomes active
  4. 4.

    Parents can revoke consent at any time, which will delete the child's account

Information We Collect from Children

For users under 18, we only collect the minimum information necessary to provide our services:

Information Type What We Collect Purpose
Account Information Username (no real name required), email, age range, parent's email Account creation and parental communication
Reading Activity Book summaries viewed, reading preferences Providing age-appropriate recommendations
Technical Data Device type, browser type (no precise location) Service functionality and security

What we DO NOT collect from children:

  • Full name (usernames only)
  • Photographs or videos
  • Precise geolocation data
  • Social security numbers or government IDs
  • Phone numbers
  • Any information beyond what's necessary for the service

Parental Rights and Controls

Parents and guardians have full control over their children's accounts and can:

  • ✓

    Review Information: Request to see all personal information we've collected from your child
  • ✓

    Refuse Further Collection: Tell us to stop collecting information from your child
  • ✓

    Delete Account: Request deletion of your child's account and all associated data
  • ✓

    Modify Settings: Adjust privacy settings and content preferences for your child's account
  • ✓

    Monitor Activity: View your child's reading history and activity

To exercise these rights, email us at parents@bloomkini.com with proof of parental relationship.

Children’s Data Sharing and Protection

  • We never sell children's personal information
  • We never share children's data with third parties for marketing purposes
  • We only share children's data with service providers essential for operating BloomKini (hosting, payment processing) under strict confidentiality agreements
  • Children's accounts have additional security protections and cannot be made public
  • We apply the same data retention policies to children's accounts (see Section 6)

If We Discover Unauthorized Child Account

If we discover that a child under 13 has created an account without parental consent, we will:

  1. 1.

    Immediately suspend the account
  2. 2.

    Contact the parent/guardian (if contact information is available)
  3. 3.

    Request verifiable parental consent within 14 days
  4. 4.

    Delete the account and all data if consent is not received

Contact Us About Children’s Privacy

For any questions or concerns about how we handle children's information:

  • Parents/Guardians: parents@bloomkini.com
  • Privacy Questions: privacy@bloomkini.com

Legal Compliance: This policy complies with COPPA (Children's Online Privacy Protection Act - US), GDPR Article 8 (EU), and similar children's privacy laws worldwide including Australian Privacy Principles.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Handle Updates

  • ✓

    Notification: For material changes that significantly affect your rights, we'll notify you via email and/or a prominent notice on our website at least 30 days before the changes take effect
  • ✓

    Effective Date: The "Last Updated" date at the top of this policy will always reflect when changes were made
  • ✓

    Your Choice: If you don't agree with the updated policy, you can delete your account before the changes take effect
  • ✓

    Continued Use: By continuing to use BloomKini after changes take effect, you accept the updated Privacy Policy

Types of Changes We Might Make

Updates may include:

  • Adding new features or services that require different data processing
  • Complying with new privacy laws or regulations
  • Clarifying existing practices for better transparency
  • Changing third-party service providers
  • Improving security measures

Reviewing Previous Versions

You can request previous versions of this Privacy Policy by contacting us at privacy@bloomkini.com. We maintain archives of all policy versions.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, we're here to help.

Privacy Inquiries

Email: privacy@bloomkini.com
Data Protection Officer (DPO): For GDPR-related inquiries, contact our DPO at dpo@bloomkini.com
Security Issues: Report security concerns to security@bloomkini.com
General Support: support@bloomkini.com

Response Time

We aim to respond to all privacy inquiries within:

  • General questions: 5 business days
  • Data access requests: 30 days (as required by GDPR)
  • Security incidents: Within 24 hours

Regulatory Authorities

You have the right to lodge a complaint with a data protection authority. Here are the relevant authorities for different regions:

  • EU/EEA: Your local Data Protection Authority or the Swedish Authority for Privacy Protection (IMY) - www.imy.se
  • United Kingdom: Information Commissioner's Office (ICO) - www.ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
  • California: California Privacy Protection Agency - www.cppa.ca.gov

Company Information

Company Name: BloomKini AB
Registered in: Sweden
Website: bloomkini.com

Thank You for Reading

We appreciate you taking the time to understand how we protect your privacy. Your trust is important to us, and we're committed to being transparent about our data practices.

If anything in this policy is unclear or if you have suggestions for how we can improve our privacy practices, please don't hesitate to reach out to us at privacy@bloomkini.com.

Happy reading!
The BloomKini Team


bloomkini bloomkini
Norrbäcksgatan 30, Malmö, Sweden
Monday - Friday: 8 am - 17:00 pm
  • Home
  • Classes
  • About Us
  • Contacts
  • Privacy Policy
  • Terms of Service
Bloomkini © 2026 / All Rights Reserved

Table of Contents

×
  • 1. Introduction
  • 2. Information We Collect
    • 2.1 Information You Provide Directly
    • 2.2 Information Collected Automatically
    • 2.3 Information From Third Parties
  • 3. How We Use Your Information
      • Understanding Legal Bases
  • 4. How We Share Your Information
    • Service Providers We Work With
      • Payment Processors
      • Hosting & Infrastructure
      • Analytics & User Experience
      • Authentication Services
      • Email Communications
    • Other Sharing Scenarios
  • 5. International Data Transfers
      • Primary Data Storage
    • Transfers Outside the EU
    • For Users Worldwide
  • 6. Data Retention and Deletion
    • When You Delete Your Account
  • 7. Your Privacy Rights
    • 7.1 Rights for EU Users (GDPR)
    • 7.2 Rights for California Users (CCPA/CPRA)
    • 7.3 Rights for Australian Users
    • 7.4 Rights for All Other Users
    • How to Exercise Your Rights
  • 8. Cookies and Tracking Technologies
    • What Are Cookies?
    • Types of Cookies We Use
    • Third-Party Tracking
    • Managing Your Cookie Preferences
  • 9. Security Measures
    • Technical Security Measures
    • Organizational Security Measures
    • What You Can Do to Stay Secure
  • 10. Children’s Privacy and Parental Controls
    • Account Requirements by Age
    • Parental Consent for Children (Under 18)
    • Information We Collect from Children
    • Parental Rights and Controls
    • Children’s Data Sharing and Protection
    • If We Discover Unauthorized Child Account
    • Contact Us About Children’s Privacy
  • 11. Changes to This Privacy Policy
    • How We Handle Updates
    • Types of Changes We Might Make
    • Reviewing Previous Versions
  • 12. Contact Information
    • Privacy Inquiries
    • Response Time
    • Regulatory Authorities
    • Company Information
  • Thank You for Reading
→ Index