Legal

Privacy Policy

Last updated: May 19, 2026

Bloom Restaurant Solutions ("Bloom," "we," "us," or "our") provides restaurant operations software, including Bloom Admin, Bloom Point of Sale, Bloom BOH, and Bloom POS Server. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when restaurants, their authorized users, and visitors use our websites, applications, and related services (the "Services").

Our Role

Bloom primarily provides business-to-business software to restaurants and other hospitality businesses. When a restaurant uses Bloom to manage orders, staff, customers, payments, inventory, schedules, reports, or other operations, the restaurant is generally responsible for deciding what information is entered into Bloom and how it is used. In that context, Bloom acts as a service provider, processor, or similar vendor to the restaurant, except where we use information for our own business purposes described in this Policy.

If you are a guest, employee, contractor, supplier, or other person whose information was entered into Bloom by a restaurant, contact that restaurant first about privacy requests related to its records. We will support our customers in responding to legally required requests where appropriate.

Information We Collect and Process

We collect information needed to provide and operate Bloom. This may include:

• Account and user information, such as names, email addresses, roles, permissions, business affiliations, authentication identifiers, and invite or access status.
• Restaurant and business information, such as locations, departments, menus, products, inventory, suppliers, schedules, tax and receipt settings, and configuration settings.
• Operational data, such as orders, checks, sales records, register activity, payment metadata, customer records, loyalty or house-account information if enabled, time clock entries, prep tasks, inventory counts, invoices, uploaded invoice images, and reports.
• Device and app information, such as device identifiers, app version, operating system, browser type, IP address, diagnostics, crash information, audit logs, sync logs, and local network connectivity status.
• Communications and support information that users send to us, including feedback, support requests, onboarding information, demo requests, sales inquiries, and messages sent through our website or support channels.
• Billing and subscription information, such as plan, invoice, payment status, and transaction metadata processed by Bloom or our payment and billing providers.

Sources of Information

We may receive information from:

• customers, users, and website visitors who provide information directly to us;
• restaurants and their authorized users when they configure or operate the Services;
• devices, applications, browsers, local servers, logs, and sync workflows used with Bloom;
• service providers and integration partners, such as authentication, hosting, payment, billing, email, monitoring, support, and analytics providers; and
• public or business sources when needed for sales, support, fraud prevention, compliance, or account administration.

How We Use Information

We use information to:

• Provide, maintain, secure, and improve Bloom services.
• Authenticate users and enforce account, restaurant, and device permissions.
• Process restaurant workflows such as ordering, point of sale, reporting, scheduling, inventory, and invoice management.
• Troubleshoot issues, monitor performance, prevent abuse, and protect the reliability of our services.
• Communicate with customers about support, product updates, security, billing, onboarding, and service notices.
• Develop new features and improve product usability.
• Create aggregated or de-identified information that does not identify a particular person or restaurant.
• Comply with legal, tax, accounting, security, audit, and contractual obligations.

How We Share Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We may disclose information to:

• Authorized users within the same restaurant or business account, according to their permissions.
• Service providers that help us operate Bloom, such as cloud hosting, authentication, storage, analytics, diagnostics, email, and customer support providers.
• Accounting, reporting, or integration providers when a restaurant chooses to connect those services.
• Professional advisors, such as lawyers, accountants, auditors, insurers, and security consultants.
• Legal, regulatory, or safety authorities when required by law or necessary to protect rights, safety, security, or service integrity.
• Successors in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to appropriate confidentiality protections.

Government and Legal Requests

Government agencies, regulators, law enforcement, litigants, and other third parties seeking Customer Data must use proper legal process or another lawful channel accepted by Bloom. Bloom does not authorize any person or entity to obtain non-public Customer Data by bypassing authentication, misusing credentials, exploiting technical access, querying private systems directly, bypassing tenant isolation, or using any other backdoor or workaround.

When we receive a legal request for Customer Data, we may review, challenge, narrow, or reject the request where appropriate. Unless legally prohibited or unless notice would create a security, safety, or fraud risk, we may notify affected customers before or after disclosing Customer Data in response to legal process.

Third-Party Services

Bloom uses third-party services to operate the platform. These may include Google Cloud Platform, Firebase Authentication, Firebase Hosting, Google Play services, Apple services, email providers, monitoring tools, and other infrastructure or support providers. These services may process information on our behalf according to their own terms and privacy commitments.

Transaction and Tender Records

Bloom may store operational transaction records such as tender labels, payment method names configured by a restaurant, sales totals, tips, refunds, receipts, register activity, and related reporting fields. Bloom does not process card payments and does not store full payment card numbers, card verification codes, PIN data, or other cardholder authentication data. Do not enter payment card numbers or other sensitive cardholder data into Bloom support messages, notes, free-text fields, or uploads.

Online Tracking and Do Not Track

Bloom's public website does not currently use third-party advertising cookies. Some service providers may process standard technical information, such as IP address, browser, device, referring page, and page-request logs, to host, secure, monitor, and improve the website and services. Because there is not a uniform industry standard for browser "Do Not Track" signals, Bloom does not currently respond to those signals.

Data Security

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, or disclosure. No system is completely secure, and we cannot guarantee absolute security.

Customers are responsible for configuring user permissions, protecting their devices and local networks, managing their own users, and promptly telling us about suspected unauthorized use of their Bloom account.

Data Retention

We retain information for as long as needed to provide Bloom services, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, and support legitimate business operations. Restaurant operational records may be retained according to the restaurant's configuration, legal requirements, and backup practices.

Retention periods vary by data type. For example, account and support records may be kept while an account is active and for a reasonable period afterward; security and audit logs may be kept to investigate abuse or protect the Services; and sales, register, tender records, invoices, tax records, and other restaurant ledger records may be retained for longer periods where needed for accounting, tax, audit, dispute, fraud-prevention, backup, or legal reasons.

Privacy Rights and Requests

Depending on where you live and how you interact with Bloom, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain disclosures of your personal information. You may also have the right not to receive discriminatory treatment for exercising applicable privacy rights.

Restaurants and authorized users may request access, correction, export, or deletion of applicable information by contacting us at support@bloomplatform.app. To request deletion, include the restaurant or business name, the account email address, and whether the request is for account deletion, deletion of specific data, or both.

When a deletion request is approved, we delete or de-identify account information and other applicable personal information from active systems where reasonably possible. Some information may need to be retained for legal, security, accounting, tax, audit, backup, dispute-resolution, fraud-prevention, or legitimate operational reasons. For example, point-of-sale sales records, register activity, tender records, tax reporting records, invoices, and related business ledger data may be retained when required for accounting, tax, reporting, or audit purposes.

We may need to verify your identity and authority before completing a request. If your request relates to information controlled by a restaurant customer, we may direct you to that restaurant or process the request according to that restaurant's instructions.

California and Similar State Privacy Disclosures

To the extent California or similar U.S. state privacy laws apply, the categories of personal information we may collect or process include identifiers, commercial information, internet or electronic network activity information, geolocation approximated from IP address or device/network context, employment or professional information, sensitive account credentials or precise information only where needed to provide and secure the Services, and inferences derived from product usage for support, security, analytics, or product improvement. We use, disclose, and retain these categories for the purposes described in this Policy.

We do not knowingly sell or share personal information of consumers under 16. We also do not use sensitive personal information to infer characteristics except as permitted by applicable law or as needed to provide and secure the Services.

Children

Bloom is intended for restaurants and business users. It is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13.

International Processing

Information may be processed and stored in countries where we or our service providers operate. Those countries may have privacy laws different from the laws where a user or restaurant is located.

Business Transfers

If Bloom is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate protections.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date above. Material changes may also be communicated through the product or by other reasonable means.

Contact

For privacy questions or requests, contact us at support@bloomplatform.app.