Privacy Policy

Effective May 18, 2026

This Privacy Policy describes how BLNDR ("BLNDR," "we," "us," or "our") collects, uses, and discloses information when you use the BLNDR service, including the BLNDR web application at blndr.io and the BLNDR app installed on Shopify or Square stores (collectively, the "Service").

By using the Service you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Information We Collect

1a. Information You Provide Directly

  • Account information — email address, password hash, display name, and optional profile fields you choose to provide.
  • Business / brand information — brand name, voice preferences, default oil buy sizes, default wax, formulas, and other configuration you set in Settings.
  • Operator-generated content — your recipes, blends, batch plans, inventory counts, container/wick/lid registries, notes, and similar content you create or upload.
  • Support communications — anything you send to admin@blndr.io or via in-app bug reports (including the screenshot you attach to a bug report, captured client-side at the moment you submit).
  • Payment information — billing email and last-four card digits as returned by Stripe. BLNDR never sees or stores full card numbers; payment processing is handled entirely by Stripe.

1b. Information from Connected Stores (Shopify / Square)

When you connect a Shopify or Square store to BLNDR, we request access to specific data through the platform's OAuth flow. The exact scopes are shown in the consent screen before you approve. For Shopify we currently request:

  • read_products — to match your existing product catalog against your BLNDR recipes
  • read_inventory and write_inventory — to read current stock levels and bump them as you commit batches
  • read_orders — to detect when sales occur so finished-goods inventory can decrement automatically
  • read_locations — to target inventory adjustments at the correct fulfillment location

BLNDR does not request access to your customers' names, email addresses, payment details, or addresses, and we do not store order-line-item customer fields. We process orders only to identify which of your product SKUs sold, in what quantity, at which location.

1c. Information Collected Automatically

  • Usage events — pages visited, features used, batch commits, AI feature calls, error reports. Used to operate the Service and improve product quality.
  • Device + network data — IP address, browser type, operating system, and a session cookie used to keep you signed in.
  • Performance + error telemetry — uncaught errors, slow requests, and basic page-timing data collected by Sentry and Vercel Analytics. These are scoped to debugging and aggregate metrics; they are not used for advertising.

2. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Sync inventory between BLNDR and your connected stores
  • Authenticate you and protect your account
  • Process payments and manage subscriptions
  • Generate AI-assisted content (blend descriptions, name suggestions, etc.) when you trigger those features
  • Respond to your questions and support requests
  • Diagnose errors and improve performance
  • Detect and prevent fraud, abuse, and violations of our Terms of Service
  • Send service-related email (transactional) and, where permitted, occasional product update emails (which you may opt out of)

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, UK, or Switzerland, we rely on the following legal bases:

  • Contract — to provide the Service you signed up for
  • Legitimate interests — to operate, secure, and improve the Service (balanced against your rights)
  • Consent — for optional features like marketing email (which you may withdraw at any time)
  • Legal obligation — to comply with applicable law

4. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with the following categories of recipients:

4a. Service Providers (Sub-processors)

BLNDR uses the following sub-processors to operate the Service:

  • Supabase — hosts our primary database (Postgres) and authentication. Data is encrypted at rest.
  • Vercel — hosts the BLNDR web application and runs serverless functions. Data is encrypted in transit (TLS).
  • Stripe — processes subscription payments and stores payment methods on its PCI-DSS Level 1 infrastructure.
  • Anthropic — provides the Claude API used for AI-assisted features. AI prompts may include your recipe contents at the moment a feature is invoked; outputs are returned to BLNDR and stored against your account. Anthropic does not train models on this data.
  • Resend — delivers transactional email (sign-up, password reset, support replies).
  • Sentry — captures uncaught errors and stack traces for debugging.

4b. Platforms You Connect

When you connect Shopify, Square, or another integration, we exchange data with those platforms as needed to operate the integration (e.g., push inventory updates). Their own privacy policies govern what those platforms do with data they collect about you separately.

4c. Legal and Safety

We may disclose information if required by law, subpoena, or court order, or where we believe disclosure is necessary to protect the rights, property, or safety of BLNDR, our users, or the public.

4d. Business Transfers

If BLNDR is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Shopify Merchant Data & GDPR Webhooks

BLNDR is a Shopify-integrated app. We comply with Shopify's mandatory GDPR webhooks:

  • customers/data_request — when a merchant's customer requests their data, Shopify notifies us. Because BLNDR does not store individual customer personal data (we only see SKU-level order data), we respond confirming that no customer-level personal data is held.
  • customers/redact — same rationale as above; we acknowledge the request, and because no customer-level data is stored, no deletion is required on our side.
  • shop/redact — fires 48 hours after a merchant uninstalls BLNDR. On receipt we delete all merchant data associated with that shop, including OAuth tokens, mapping configuration, snapshot history, and sync logs.
  • app/uninstalled — fires immediately on uninstall. We mark the connection inactive and revoke stored tokens so no further API calls are made on behalf of the shop.

6. Data Location & Retention

BLNDR data is stored in the United States (Supabase, Vercel, and our other sub-processors operate primarily in U.S. regions). We retain your information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account data — retained until you delete your account; certain records (e.g., billing) retained as required by tax law.
  • Operator content (recipes, batches) — retained until you delete it or your account.
  • Shopify shop data — deleted within 30 days of receiving a shop/redact webhook.
  • Logs & telemetry — retained up to 90 days, then aggregated or deleted.
  • Backups — encrypted backups may be retained up to 30 days beyond active deletion before rolling off.

7. Security

We use commercially reasonable safeguards to protect information, including TLS in transit, encryption at rest, access controls, audit logs, OAuth state-token CSRF protection on integration flows, HMAC-verified incoming webhooks, and least-privilege service-account credentials. No system is perfectly secure; if we discover a breach affecting your data we will notify you in accordance with applicable law.

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — ask us to delete your information (subject to legal-retention exceptions)
  • Portability — request an export of your data in a machine-readable format
  • Objection / restriction — object to or restrict certain processing
  • Withdraw consent — where processing is based on consent, withdraw it at any time
  • Lodge a complaint — with your local data protection authority

To exercise these rights, email admin@blndr.io. We respond within 30 days. We may need to verify your identity before fulfilling certain requests.

9. California Privacy Rights

If you are a California resident, you have additional rights under the CCPA/CPRA: the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" (we do not engage in either), and the right not to be discriminated against for exercising these rights. To exercise these rights, email admin@blndr.io.

10. Cookies & Similar Technologies

BLNDR uses a small number of cookies and local-storage entries strictly necessary to operate the Service:

  • Session authentication (sign-in)
  • OAuth state tokens (CSRF protection during integration installs)
  • Operator UI preferences (e.g., last-selected recipe, drawer collapsed state)

We do not use third-party advertising or cross-site tracking cookies. Vercel Analytics uses cookie-less measurement. Sentry uses a session ID only for grouping related error events.

11. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact admin@blndr.io and we will delete it.

12. International Transfers

BLNDR is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms approved by relevant regulators.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via in-app notice or email at least 30 days before taking effect. The "Effective" date at the top of this page reflects the most recent revision. Continued use of the Service after a change constitutes acceptance.

14. Contact

Questions, requests, or complaints regarding this Privacy Policy or our handling of your information should be sent to admin@blndr.io.