Legal
Privacy Policy
Last updated: July 1, 2026
Bloom Restaurant Solutions ("Bloom," "we," "us," or "our") provides restaurant operations software, including Bloom Admin, Bloom Point of Sale, Bloom BOH, and Bloom POS Server. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when restaurants, their authorized users, and visitors use our websites, applications, and related services (the "Services"). Additional commitments for restaurant-owned data are described in our Customer Data Protection Addendum.
Our Role
Bloom primarily provides business-to-business software to restaurants and other hospitality businesses. When a restaurant uses Bloom to manage orders, staff, customers, payments, inventory, schedules, reports, or other operations, the restaurant is generally responsible for deciding what information is entered into Bloom and how it is used. In that context, Bloom acts as a service provider, processor, or similar vendor to the restaurant, except where we use information for our own business purposes described in this Policy. Restaurants retain ownership of their Customer Data as described in our Terms of Service and Customer Data Protection Addendum.
If you are a guest, employee, contractor, supplier, or other person whose information was entered into Bloom by a restaurant, contact that restaurant first about privacy requests related to its records. We will support our customers in responding to legally required requests where appropriate.
Information We Collect and Process
We collect information needed to provide and operate Bloom. This may include:
- Account and user information, such as names, email addresses, roles, permissions, business affiliations, authentication identifiers, and invite or access status.
- Restaurant and business information, such as locations, departments, menus, recipes, preparation methods, costing, product data, inventory, suppliers, purchasing records, schedules, tax and receipt settings, and configuration settings.
- Operational data, such as orders, checks, sales records, register activity, payment metadata, customer records, loyalty or house-account information if enabled, time clock entries, prep tasks, inventory counts, invoices, uploaded invoice images, and reports.
- Device and app information, such as device identifiers, app version, operating system, browser type, IP address, diagnostics, crash information, audit logs, sync logs, and local network connectivity status.
- Mobile app content and permission-related information, such as photos or images a user chooses to attach, camera captures, microphone recordings where a voice feature is used, local network and Wi-Fi connection information, device location or network context where required for local device discovery, and foreground service or notification status needed for POS and server reliability.
- Communications and support information that users send to us, including feedback, support requests, onboarding information, demo requests, sales inquiries, and messages sent through our website or support channels.
- Billing and subscription information, such as plan, invoice, payment status, and transaction metadata processed by Bloom or our payment and billing providers.
Mobile App Permissions and Local Device Access
Bloom mobile applications request only the permissions needed for the workflows available in that application. The specific permissions requested may vary by app, device, operating system, and enabled feature.
- Bloom BOH may use camera or photo access so authorized users can capture or attach supplier invoices, purchase order documents, inventory images, or related operational records.
- Bloom Admin may use camera, photo, or microphone access when authorized users attach product or inventory images or record voice input for supported Bloom AI workflows.
- Bloom POS may use local network, Wi-Fi, foreground service, wake lock, and notification permissions to discover and connect to the local Bloom server, printers, and other restaurant devices, and to keep POS connectivity reliable during service.
- Bloom POS Server may use local network, Wi-Fi, location-related, foreground or background service, wake lock, notification, and device restart permissions to run local server, printer discovery, device discovery, and sync workflows for the restaurant. These permissions are used for restaurant operations and local connectivity, not for advertising or tracking a user's movements.
Some device access is processed locally on the device or on a restaurant's local network. When Bloom transmits information to Bloom-hosted services or service providers, we use it for the purposes described in this Policy.
Sources of Information
We may receive information from:
- customers, users, and website visitors who provide information directly to us;
- restaurants and their authorized users when they configure or operate the Services;
- devices, applications, browsers, local servers, logs, and sync workflows used with Bloom;
- service providers and integration partners, such as authentication, hosting, payment, billing, email, monitoring, support, and analytics providers; and
- public or business sources when needed for sales, support, fraud prevention, compliance, or account administration.
How We Use Information
We use information to:
- Provide, maintain, secure, and improve Bloom services.
- Authenticate users and enforce account, restaurant, and device permissions.
- Process restaurant workflows such as ordering, point of sale, reporting, scheduling, inventory, and invoice management.
- Troubleshoot issues, monitor performance, prevent abuse, and protect the reliability of our services.
- Communicate with customers about support, product updates, security, billing, onboarding, and service notices.
- Develop new features and improve product usability.
- Create aggregated or de-identified information that does not identify a particular person or restaurant.
- Comply with legal, tax, accounting, security, audit, and contractual obligations.
We do not use a customer's non-public recipes, formulas, prep methods, costing, supplier pricing, vendor lists, purchasing history, margins, or proprietary operating procedures to operate, advise, benefit, or compete with that customer through another restaurant, food business, consultant, vendor, or Bloom-affiliated restaurant.
How We Share Information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We also do not sell Customer Data. We may disclose information to:
- Authorized users within the same restaurant or business account, according to their permissions.
- Service providers that help us operate Bloom, such as cloud hosting, authentication, storage, analytics, diagnostics, email, and customer support providers.
- Accounting, reporting, or integration providers when a restaurant chooses to connect those services.
- Professional advisors, such as lawyers, accountants, auditors, insurers, and security consultants.
- Legal, regulatory, or safety authorities when required by law or necessary to protect rights, safety, security, or service integrity.
- Successors in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to appropriate confidentiality protections.
Government and Legal Requests
Government agencies, regulators, law enforcement, litigants, and other third parties seeking Customer Data must use proper legal process or another lawful channel accepted by Bloom. Bloom does not authorize any person or entity to obtain non-public Customer Data by bypassing authentication, misusing credentials, exploiting technical access, querying private systems directly, bypassing tenant isolation, or using any other backdoor or workaround.
When we receive a legal request for Customer Data, we may review, challenge, narrow, or reject the request where appropriate. Unless legally prohibited or unless notice would create a security, safety, or fraud risk, we may notify affected customers before or after disclosing Customer Data in response to legal process.
Third-Party Services
Bloom uses third-party services to operate the platform. These may include Google Cloud Platform, Firebase Authentication, Firebase Hosting, Google Play services, Apple services, email providers, monitoring tools, and other infrastructure or support providers. These services may process information on our behalf according to their own terms and privacy commitments.
Transaction and Tender Records
Bloom may store operational transaction records such as tender labels, payment method names configured by a restaurant, sales totals, tips, refunds, receipts, register activity, and related reporting fields. Bloom does not process card payments and does not store full payment card numbers, card verification codes, PIN data, or other cardholder authentication data. Do not enter payment card numbers or other sensitive cardholder data into Bloom support messages, notes, free-text fields, or uploads.
Online Tracking and Do Not Track
Bloom's public website does not currently use third-party advertising cookies. Some service providers may process standard technical information, such as IP address, browser, device, referring page, and page-request logs, to host, secure, monitor, and improve the website and services. Because there is not a uniform industry standard for browser "Do Not Track" signals, Bloom does not currently respond to those signals.
Data Security
We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, or disclosure. No system is completely secure, and we cannot guarantee absolute security.
Customers are responsible for configuring user permissions, protecting their devices and local networks, managing their own users, and promptly telling us about suspected unauthorized use of their Bloom account.
Data Retention
We retain information for as long as needed to provide Bloom services, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, and support legitimate business operations. Restaurant operational records may be retained according to the restaurant's configuration, legal requirements, and backup practices.
Retention periods vary by data type. For example, account and support records may be kept while an account is active and for a reasonable period afterward; security and audit logs may be kept to investigate abuse or protect the Services; and sales, register, tender records, invoices, tax records, and other restaurant ledger records may be retained for longer periods where needed for accounting, tax, audit, dispute, fraud-prevention, backup, or legal reasons.
Account and Data Deletion
Restaurants and authorized users may request deletion of an app account or applicable personal information by contacting us at support@bloomplatform.app. To help us process the request, include the restaurant or business name, the account email address, the Bloom app or service involved, and whether the request is for account deletion, deletion of specific data, or both.
When a deletion request is approved, we delete or de-identify account information and other applicable personal information from active systems where reasonably possible. Some information may need to be retained for legal, security, accounting, tax, audit, backup, dispute-resolution, fraud-prevention, or legitimate operational reasons. For example, point-of-sale sales records, register activity, tender records, tax reporting records, invoices, and related business ledger data may be retained when required for accounting, tax, reporting, or audit purposes.
Privacy Rights and Requests
Depending on where you live and how you interact with Bloom, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain disclosures of your personal information. You may also have the right not to receive discriminatory treatment for exercising applicable privacy rights.
Restaurants and authorized users may request access, correction, export, or deletion of applicable information by contacting us at support@bloomplatform.app. To request deletion, include the restaurant or business name, the account email address, and whether the request is for account deletion, deletion of specific data, or both.
More information about account deletion and data deletion requests is described in the Account and Data Deletion section above.
We may need to verify your identity and authority before completing a request. If your request relates to information controlled by a restaurant customer, we may direct you to that restaurant or process the request according to that restaurant's instructions.
California and Similar State Privacy Disclosures
To the extent California or similar U.S. state privacy laws apply, the categories of personal information we may collect or process include identifiers, commercial information, internet or electronic network activity information, geolocation approximated from IP address or device/network context, employment or professional information, sensitive account credentials or precise information only where needed to provide and secure the Services, and inferences derived from product usage for support, security, analytics, or product improvement. We use, disclose, and retain these categories for the purposes described in this Policy.
We do not knowingly sell or share personal information of consumers under 16. We also do not use sensitive personal information to infer characteristics except as permitted by applicable law or as needed to provide and secure the Services.
Children
Bloom is intended for restaurants and business users. It is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13.
International Processing
Information may be processed and stored in countries where we or our service providers operate. Those countries may have privacy laws different from the laws where a user or restaurant is located.
Business Transfers
If Bloom is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate protections.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date above. Material changes may also be communicated through the product or by other reasonable means.
Contact
For privacy questions or requests, contact us at support@bloomplatform.app.