Full name

Email address

Display name (username)

Profile photo or avatar

Password (for email-based accounts; stored in hashed form only)

Social sign-in tokens (we do not store your social media passwords)

Shipping address (street address, city, state/province, postal code, country)

Phone number (if required for delivery)

Your payment card details (card number, expiration, CVC) are collected and processed directly by Stripe. Blidz does not store your full card details on our servers.

If you pay via Apple Pay, Google Pay, or Cash App, Stripe receives a payment token and relevant transaction information from the respective provider on your behalf. Blidz does not receive or store your underlying card or bank details from these services—only the tokenized payment confirmation and transaction metadata provided by Stripe.

We receive and store from Stripe: a truncated card identifier (last four digits), card brand, billing address, transaction records, subscription status, and billing cycle information.

PayPal: Your PayPal email address

Gift Cards (via Tremendous): Your email address for gift card delivery

Bank/Debit (via Stripe Global Payouts): Bank account number, routing number, debit card details, and related identity verification information as required by Stripe

Crypto (via Stripe Global Payouts): Crypto wallet address and related identity verification information as required by Stripe

Products browsed, purchased, and saved

Order details (items, prices, order status, shipping status)

Team-Up and Join deal participation (hosting, joining, deal status)

Payout Balance transactions (earnings, conversions, withdrawals)

Blidz Points activity (earning, conversion, expiration)

Season Level progression

Membership tier and subscription history

Support communications: Emails, in-app messages, and other correspondence you send to us

AI Companions chat: When you use the AI Companions feature, we collect your typed messages and display name. This data is stored on our servers and transmitted to Google Cloud (Vertex AI) for processing. See Section 6 for full details.

Device identifiers (device ID, and advertising ID only if you have granted consent via your device's tracking permission prompt, such as Apple's App Tracking Transparency)

Device type, model, operating system, and version

App version

IP address

Approximate geolocation (derived from IP address)

Browser type and version (for web access)

Language and timezone settings

Network information (Wi-Fi vs. cellular)

Pages and screens viewed, time spent on each

Features used, taps, clicks, and navigation paths

Search queries within the App

Referral sources (how you arrived at the Service)

Session duration and frequency

Crash logs and performance data

Social sign-in providers (Facebook, Google, Apple): Name, email, and profile photo, as authorized by you during sign-in

Stripe: Payment verification results, billing address, and fraud signals

PayPal: Payout confirmation status

AppsFlyer: Attribution and install data for marketing campaigns

Creating and maintaining your account

Processing purchases, subscriptions, and Team-Up/Join deals

Processing payouts via PayPal, gift cards, or Stripe Global Payouts

Managing Blidz Points, Season Levels, and Payout Balance

Facilitating order fulfillment and shipping (by transmitting your shipping address to the merchant fulfilling your order)

Providing customer support

Customizing your experience (e.g., recommended deals, relevant content)

Analyzing usage patterns to improve features and performance

Conducting A/B testing and product development

Debugging and fixing technical issues

Detecting and preventing fraud, abuse, and unauthorized access

Verifying identity for payout eligibility

Enforcing our Terms of Service and other policies

Complying with legal obligations, including tax reporting, anti-money-laundering requirements, and law enforcement requests

Administering the geo-targeting of jurisdiction-specific features (e.g., subscription disclosures required by New York or California law), using your Stripe billing address as the primary signal and IP geolocation as a fallback

Sending transactional messages (order confirmations, shipping updates, payment receipts, subscription reminders, membership renewal notices)

Sending service alerts (policy updates, security notifications, account-related notices)

Sending marketing and promotional communications (deal notifications, feature announcements), subject to your opt-out preferences

Sending push notifications (transactional and, with your consent, promotional)

Stripe — Payment info, billing address, identity verification data — for payment processing, subscription management, fraud prevention, and global payouts

PayPal — PayPal email, payout amount — for payout processing

Tremendous — Email address, gift card value — for gift card payout delivery

Google Cloud (Vertex AI) — AI Companion chat messages, display name — for AI response generation (see Section 6)

Amplitude — Device ID, user ID, usage events, IP address — for product analytics

Google Analytics — Device ID, usage events, IP address — for web and app analytics

AppsFlyer — Device ID, advertising ID, install data, IP address — for marketing attribution and campaign measurement

Merchant partners — Shipping name, shipping address, order details — for order fulfillment and delivery

Email service provider — Email address, name — for transactional and marketing emails

Comply with applicable law, regulation, legal process, or enforceable governmental request

Enforce our Terms of Service, including investigation of potential violations

Detect, prevent, or address fraud, security issues, or technical problems

Protect the rights, property, or safety of Blidz, our users, or the public

Your display name and avatar

The product you are purchasing and its price

Deal status (active, completed, expired)

Cookies and local storage: Small data files placed on your device to maintain session state, remember preferences, and keep you logged in.

SDKs (Software Development Kits): Integrated within our App by analytics and attribution providers (Amplitude, Google Analytics, AppsFlyer) to collect usage data, device identifiers, and attribution information.

Pixel tags/web beacons: Used in emails and on the Site to track open rates and engagement.

Strictly Necessary: Core functionality including authentication, session management, and security (e.g., login cookies, CSRF tokens)

Analytics: Understanding how users interact with the Service to improve it (e.g., Amplitude, Google Analytics)

Marketing/Attribution: Measuring the effectiveness of advertising campaigns and attributing installs (e.g., AppsFlyer)

Cookie consent (Site): We display a cookie-consent banner on the Site. You may accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in the Site footer.

Mobile device controls: You can limit tracking on your mobile device through your device's privacy settings (e.g., "Limit Ad Tracking" on iOS, "Opt out of Ads Personalization" on Android).

Browser controls: Most browsers allow you to block or delete cookies via settings.

Your typed messages and display name are sent to Google Cloud (Vertex AI) to generate AI responses.

Your conversation history is stored on Blidz servers to enable continuity and personalization of your Companion interactions.

Is processed in accordance with the Google Cloud Privacy Notice and our data processing agreement with Google

Is not used by Google to train its general AI models

Is not used by Google for advertising purposes

Is not retained by Google beyond what is necessary to generate a response, subject to Google Cloud's standard data processing commitments

Opt-in consent: Before any data is transmitted to Google Cloud, you will be asked to explicitly grant permission within the App.

Withdraw consent: You may withdraw your consent at any time via Settings → AI Features. Upon withdrawal, your messages will no longer be sent to Google Cloud, and you will lose access to the Companions feature.

Deletion: You may request deletion of your stored conversation history by contacting legal@blidz.com.

Account information: Duration of your account, plus up to 30 days after deletion request

Transaction and order records: 7 years from transaction date (for tax, legal, and dispute resolution purposes)

Payment information (stored by Stripe): Per Stripe's retention policies; truncated card data retained by Blidz for the duration of your account

Payout records: 7 years from payout date (tax and regulatory compliance)

AI Companion conversations: Duration of your account, or until you request deletion

Analytics and usage data: Up to 24 months from collection, then aggregated or deleted

Device and technical data: Up to 24 months from collection

Marketing communication preferences: Duration of your account

Support communications: 3 years from resolution of the inquiry

Access the personal information we hold about you

Correct inaccurate personal information

Delete your account and data via in-app settings (Profile → Settings → Account Deletion) or by contacting support@blidz.com

Opt out of marketing emails by using the "unsubscribe" link in any marketing email or adjusting your notification settings in the App

Withdraw consent for AI Companions via Settings → AI Features

Manage cookie preferences via our Site cookie settings

Your Blidz account will be permanently deleted and cannot be recovered

All personal data associated with the account will be deleted, except as required by law (see retention schedule above)

All ongoing orders will be cancelled and refunded

All accumulated rewards, Payout Balance, and monetary benefits will be forfeited and cannot be retrieved

Blidz Points and Season Level progress will be forfeited

EU Standard Contractual Clauses (SCCs) approved by the European Commission

UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as applicable

Other lawful transfer mechanisms as required

Stripe — United States — Payment processing, payouts

PayPal — United States — Payout processing

Tremendous — United States — Gift card payouts

Google Cloud (Vertex AI) — United States — AI Companion processing

Amplitude — United States — Analytics

AppsFlyer — United States / Israel — Marketing attribution

Encryption of data in transit (TLS/SSL) and at rest

Hashing of passwords (we never store passwords in plain text)

Role-based access controls for internal systems

Regular security assessments and monitoring

Payment card data handled exclusively by PCI-DSS-compliant processors (Stripe)

Transactional communications: Order confirmations, shipping updates, payment receipts, subscription and renewal notices, payout confirmations, failed payment alerts, and account security alerts. These are necessary for the operation of the Service and generally cannot be opted out of.

Service communications: Changes to our Terms of Service, Privacy Policy, or other policies; service interruptions or updates.

Marketing communications: Promotional offers, deal notifications, new feature announcements, and similar marketing messages. You may opt out of marketing communications at any time via your in-app notification settings or by using the "unsubscribe" link in any marketing email.

Push notifications: Transactional push notifications are enabled by default. Marketing push notifications require your consent. You may manage push notification preferences via your device settings or in-app settings.

A. Identifiers: Name, email, username, device ID, IP address, social sign-in ID. Sources: you, sign-in providers, automatic collection. Purpose: account operations, fraud prevention, analytics.

B. Personal Information (Cal. Civ. Code § 1798.80): Name, address, phone number, payment card (last 4 via Stripe). Sources: you, Stripe. Purpose: order fulfillment, payment processing.

C. Protected Classifications: Not intentionally collected.

D. Commercial Information: Purchase history, products browsed, membership tier, Payout Balance, Points activity. Sources: you, automatic collection. Purpose: service delivery, rewards program.

F. Internet/Electronic Activity: Browsing history within the Service, search queries, interactions with features. Source: automatic collection. Purpose: analytics, product improvement.

G. Geolocation Data: Approximate location from IP address, billing address. Sources: automatic collection, Stripe. Purpose: compliance geo-targeting, analytics.

H. Sensory Data: Not collected.

I. Professional/Employment: Not collected.

J. Education Information: Not collected.

K. Inferences: Usage preferences, engagement patterns. Source: derived from usage data. Purpose: personalization, product improvement.

L. Sensitive Personal Information: Account log-in credentials (email + password); financial account info (PayPal email, bank/debit for payouts); precise geolocation (billing address via Stripe). Sources: you, Stripe. Purpose: account access, payout processing, compliance.

Right to Know / Access: Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.

Right to Delete: Request that we delete personal information we have collected from you, subject to certain exceptions (e.g., legal retention requirements).

Right to Correct: Request that we correct inaccurate personal information.

Right to Opt Out of Sale/Sharing: You may opt out of the sale or sharing of your personal information. As stated above, we do not sell or share personal information for advertising. If this practice changes, we will update this Policy and provide an opt-out mechanism.

Right to Limit Sensitive Personal Information: Request that we limit the use and disclosure of your sensitive personal information to what is necessary to provide the Service.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Right to Data Portability: Request a copy of your personal information in a portable, readily usable format.

Right to Appeal: If we decline your privacy request, you may appeal our decision by contacting us at legal@blidz.com.

Email: legal@blidz.com

In-App: Profile → Settings → Privacy

Account creation and service delivery — Performance of contract (Art. 6(1)(b))

Payment and payout processing — Performance of contract (Art. 6(1)(b))

Order fulfillment (sharing address with merchants) — Performance of contract (Art. 6(1)(b))

Fraud prevention and security — Legitimate interests (Art. 6(1)(f))

Analytics and product improvement — Legitimate interests (Art. 6(1)(f))

Compliance with legal obligations (tax, AML) — Legal obligation (Art. 6(1)(c))

Marketing communications — Consent (Art. 6(1)(a)) or legitimate interests, where permitted

AI Companions (data sent to Vertex AI) — Consent (Art. 6(1)(a))

Non-essential cookies and tracking — Consent (Art. 6(1)(a))

Access your personal data (Art. 15)

Rectify inaccurate data (Art. 16)

Erase your data ("right to be forgotten") (Art. 17), subject to legal retention obligations

Restrict processing of your data (Art. 18)

Data portability — receive your data in a structured, machine-readable format (Art. 20)

Object to processing based on legitimate interests or for direct marketing (Art. 21)

Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3))

Lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner's Office (ICO), or your EU Member State data protection authority)

Request access to the personal information we hold about you (APP 12)

Request correction of inaccurate, out-of-date, or misleading information (APP 13)

Complain about our handling of your personal information

Access the personal information we hold about you

Challenge the accuracy and completeness of your personal information and request amendments

Withdraw consent for certain processing

File a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca

Update the "Effective Date" and "Last Updated" date at the top of this Policy

Notify registered users via email

Post a notice within the App