🌿 bioloom← Back

Privacy Policy

Last updated: March 2026

1. Who We Are

Bioloom is a link-in-bio platform that helps creators share links, sell digital products, and grow their audience. This policy covers how we handle data for both creators (dashboard users who build and manage their Bioloom page) and visitors (people who view creator pages).

2. Data We Collect from Creators (Dashboard Users)

Data collected

  • Name and email address (required at signup)
  • Optional: phone number, avatar image
  • Stripe account details (if you enable payments or tips)
  • Custom domain information (if you connect one)

How we use it

  • Account management and service delivery
  • Security — login alerts and session management
  • Product updates and communications
  • Payment processing via Stripe

You can update or delete your information at any time through your account settings or by contacting privacy@bioloom.link.

3. Data We Collect from Page Visitors (End Users)

Data collected

  • IP address (used for geolocation — country and region only, not stored raw)
  • Device type and browser
  • Page views and link clicks
  • Referral source

How we use it

  • Analytics for creators: traffic sources, geo data, device breakdown
  • Fraud and bot detection

What we do NOT do

  • No third-party cookies
  • No cross-site tracking
  • No behavioral profiling
  • No selling of personal data

We use Cloudflare Analytics Engine for privacy-respecting analytics — no persistent identifiers, no fingerprinting.

4. Email & Subscriber Data

When visitors subscribe via an email gate or contact form on a creator page, their email address, optional phone number, and submission data are stored and made accessible to the page creator inside their Bioloom dashboard. Creators are responsible for their own compliance with applicable email marketing laws (CAN-SPAM, GDPR, CASL, etc.) when contacting their subscribers.

5. Payment Data

Product sales and tips are processed through Stripe. Bioloom does not store credit card numbers or raw payment credentials. Stripe handles PCI DSS compliance. Creator payout details are managed through Stripe Connect — Bioloom only stores a Stripe account ID reference.

6. Data Sharing

Bioloom does not sell personal data. We share data only with:

  • Infrastructure providers necessary for service delivery (Cloudflare, Google Cloud, MongoDB Atlas)
  • Stripe — for payment processing and creator payouts
  • Law enforcement or regulators — only as required by applicable law

7. Data Retention

  • Page view and link click analytics: 180 days (Pro), 28 days (Free)
  • Account data: duration of account + 30 days after deletion
  • Subscriber and contact form data: duration of account
  • Short link click data: duration of account

8. Your Rights

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion of your data
  • Export your data (GDPR data export available in dashboard settings)
  • Opt out of non-essential communications

To exercise these rights, contact privacy@bioloom.link or use your account settings.

9. CCPA & GDPR

Bioloom does not “sell” or “share” personal information as defined by the California Consumer Privacy Act (CCPA).

For EU residents, our legal basis for processing is contract performance (dashboard services you signed up for) and legitimate interest (aggregated analytics that help creators understand their audience).

10. Cookies

The Bioloom dashboard uses essential cookies only:

  • Session management — an httpOnly refresh token cookie
  • CSRF protection

No third-party tracking cookies are set by Bioloom. Creator pages do not set any cookies unless the creator has enabled GA4 or Meta Pixel integration (Pro feature). If a creator enables these integrations, their visitors are subject to Google’s and Meta’s respective privacy policies.

11. Security

  • Encryption in transit (TLS)
  • API keys hashed with SHA-256
  • JWT with token rotation
  • CSRF protection
  • Rate limiting
  • WAF protection via Cloudflare

12. Children’s Privacy

Bioloom is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@bioloom.link and we will delete it promptly.

13. Updates to This Policy

We may update this policy from time to time. Material changes will be communicated via the dashboard or email. Continued use of Bioloom after changes are posted constitutes acceptance of the revised policy.

14. Contact

For privacy inquiries, contact us at privacy@bioloom.link.

🌿 bioloom© 2026 Bioloom