Privacy Policy Bluur

Last updated: December 29, 2025

We care about the privacy and security of the data you entrust to us. This Privacy Policy sets out the rules for the collection, use and sharing of personal data in connection with your use of the Service. By using the Service, you accept these rules.

1. INTRODUCTION AND DEFINITION

For the purposes of this Privacy Policy:

Account means a unique account created for the purpose of accessing our Service or any part thereof;

Application means the software made available by the Company exclusively under a cloud-based model, accessible through a web browser, named Bluur;

The Company (referred to as the “Company” in this Agreement) refers to BTC Spółka z ograniczoną odpowiedzialnością, 38 1 Maja Street, 71-627 Szczecin, Poland;

Data Controller means the Company as a legal entity that, alone or jointly with others, determines the purposes and means of processing Personal Data in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy applies where we act as a Data Controller with respect to Personal Data;

Device means any device that allows access to the Service, such as a computer, mobile phone or digital tablet;

Personal Data means any information relating to an identified or identifiable natural person. For the purposes of the GDPR, Personal Data includes information such as a name, identification number, location data, online identifier, or one or more factors specific to a person’s physical, physiological, genetic, mental, economic, cultural or social identity;

• Service refers to the Application;

• Service Provider means any natural or legal person processing data on behalf of the Company. It refers to third-party companies or individuals engaged by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analysing how the Service is used. For the purposes of the GDPR, Service Providers are considered Data Processors;

• Third-Party Social Media Service means any website or social network through which a user may log in or create an account in order to use the Service;

• Usage Data means data collected automatically, whether generated through the use of the Service or originating from the Service infrastructure itself (for example, the duration of a page visit);

• You means the individual using the Service, or the company or other legal entity on whose behalf that individual uses the Service. For the purposes of the GDPR, You may be referred to as the Data Subject or User because You are the person using the Service.

2. WHAT INFORMATION DO WE COLLECT, WHY AND HOW IS IT USED?

We collect and use information in the following ways:

 

A. When you browse our website: https://bluur.ai

Personal Data we may collect: On our Website, we use analytics tools, cookies and log files that may collect Personal Data such as your IP address, unique identifiers, browsing history and your device parameters.

For what purpose: We use this information to analyse website usage trends, optimise performance and support our promotional activities. This allows us to provide a stable browsing environment tailored to the user.
Legal basis: Processing is based on the Company’s legitimate interest or on your voluntary consent expressed through browser settings or a cookie banner.

Consequences of not providing data: Failure to accept cookies may limit access to certain interactive elements of the website.

B. When you contact us through the form

Personal Data we may collect: Your first and last name, business email address, telephone number, company name and position. We also process any information contained in the body of your enquiry.

For what purpose: We use this data to answer your questions, send you informational materials and enable you to register for a free trial period. We also use it to establish a business relationship and provide technical support during the pre-purchase stage.

Legal basis: Processing is necessary to take steps at your request prior to entering into a contract or is based on the Company’s legitimate interest in handling correspondence.

Consequences of not providing data: Without this information, we will not be able to respond to your request for an offer.

C. When you create an account and use the Bluur Service

Personal Data we may collect: Authentication credentials, business contact details, company information and data concerning activity within the Application.

For what purpose: We process this data to provide the Service, manage your account, ensure security and authorise access. This data is also necessary to improve the Platform and provide technical support through the ticketing system or chat.

Legal basis: Performance of the Service agreement and fulfilment of legal obligations (for example, accounting obligations).

Consequences of not providing data: Failure to provide the data makes it impossible to create an account and use the Platform’s functionality.

D. As part of E-mail Marketing activities

Description of activities: The Company may use Personal Data to contact Users through newsletters, marketing materials and promotional information that may be of interest. You may unsubscribe at any time by clicking the link in an email or by contacting us directly.

Providers: We use the Mailerlite system (Privacy Policy: https://www.mailerlite.com/pl/legal/privacy-policy).

Legal basis: Processing is based on your voluntary consent.

Consequences of not providing Personal Data: If you do not provide the data or withdraw your consent, we will not be able to send you newsletters, information about new Service functionalities or promotional offers.

E. During payment processing

Description of activities: For paid services, payments are processed by third-party providers. The Company does not store or collect payment card data. This information is transferred directly to the payment processor in accordance with PCI-DSS standards. Providers: The main payment processor is Stripe (https://stripe.com/en-pl/privacy).

Legal basis: Processing is necessary for the performance of a contract to which you are a party and for compliance with the Data Controller’s legal obligations, in particular tax and accounting regulations.

Consequences of not providing Personal Data: Failure to provide the data necessary to process a payment will prevent the purchase of paid versions of the Service, the issuance of an invoice and the completion of the financial transaction.

F. When you use third-party social media services

Description of activities: The Company allows you to create an account and log in to the Service through third-party social media services such as Google, Microsoft and Apple. If you choose to register or grant access to your account on such a service, we may collect Personal Data associated with that account, in particular your first and last name and email address.

Additional information: You may also provide us with additional information through the settings of your account on a third-party service. By providing such information and Personal Data during registration or otherwise, you consent to the Company’s use, sharing and storage of that information and Personal Data in accordance with the rules described in this Privacy Policy.

Legal basis: Processing is based on your voluntary decision to use a third-party authentication method (performance of a contract or taking steps at your request prior to entering into a contract).

Consequences of not providing Personal Data: If you choose not to link your account to a third-party service, logging in with Google, Microsoft or Apple will not be possible, and registration will require the traditional method using an email address and password.

3. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

User data is processed at the Company’s operational offices in the Republic of Poland and at locations within the European Union. For the purposes of payment processing and invoicing, data, solely to the extent necessary, may be processed outside the EEA.

Disclosure of Personal Data

Under certain circumstances, the Company may be required to disclose your Personal Data if required by law or in response to valid requests from public authorities (for example, a court or government agency).

• Law enforcement authorities

In certain cases, the Company may be required to disclose Personal Data if required by applicable law or if a valid request is made by public authorities, such as courts or government agencies.

• Other legal requirements

The Company may disclose Personal Data in good faith if it considers that doing so is necessary for the purpose of:

• Complying with a legal obligation,

• Protecting and defending the rights or property of the Company,

• Preventing or investigating potential irregularities related to the Service,

• Protecting the personal safety of users of the Service or the general public,

• Protecting against legal liability.

4. SCOPE OF PERSONAL DATA COLLECTED

Personal Data

We collect data that you provide to us directly when using the Service. For example, data is collected when you register for the Service, create an account, fill in a form, participate in interactive features of the Service, contact customer support or otherwise communicate with us. The types of information we may collect include, but are not limited to:

• Email address,

• First and last name,

• Telephone number,

• Entity name, address and billing details,

• Address, province, postal code and city,

• Any other information you choose to provide to us.

Personal Data is never sold, rented, shared or used in any manner other than as necessary to provide the Service. If you do not provide the information required to provide the Service, access to certain features of the Service or to the entire Service may be restricted.

The Company discloses Personal Data only to those employees, contractors and affiliates who:

a) require access to such information in order to process it on your behalf and on behalf of the Company,

b) have undertaken in writing to observe confidentiality rules at a level no less stringent than that set out in this Privacy Policy.

Usage Data

Usage Data is collected automatically when you use the Service. It may include, among other things, information such as your device’s IP address, browser type and version, the pages of the Service you visit, the time and date of your visit, the time spent on individual pages, unique device identifiers and other diagnostic data.

When accessing the Service using a mobile device, the following information may also be collected automatically:

• type of mobile device used,

• unique identifier of the mobile device,

• IP address of the mobile device,

• operating system of the mobile device,

• type of web browser on the mobile device,

• unique device identifiers and other diagnostic data.

5. HOW DO WE SECURE YOUR PERSONAL DATA?

The Company makes every effort to protect the information provided by applying appropriate physical, electronic and organisational security measures designed to protect Personal Data against loss, unauthorised access, alteration or disclosure, regardless of where or how it is stored. Protecting Personal Data is a priority for the Company; however, no method of transmitting data over the Internet or system for storing information can guarantee complete security. Despite the use of reasonable safeguards, complete protection against potential threats cannot be guaranteed.

6. HOW DO WE STORE YOUR PERSONAL DATA?

The Company retains Personal Data for the period necessary to fulfil the purposes for which it was collected, in accordance with this Privacy Policy. In some cases, a longer retention period may be required or permitted, for example in order to:

• fulfil legal or contractual obligations,

• conduct audits and investigations,

• enforce agreements and resolve disputes.

Usage Data is retained for a shorter period, unless it is used to enhance security, improve the functionality of the Service or there is a legal obligation to retain it for longer.

The criteria for determining the data retention period include:

• Period necessary to provide the Service – data is retained for as long as necessary to provide access to the Service and fulfil the related purposes.

• Account activity – if there is no activity for a specified period under the free plan, the data may be deleted; the account may also be deactivated upon request.

• Legal and regulatory requirements – data may be retained for a longer period if required by applicable laws or data retention regulations.

The Company is not responsible for storing information provided by users or for content made available through the Service. The User is responsible for backing up their data and content related to the Service.

7. YOUR RIGHTS UNDER THE GDPR

We respect the privacy of Personal Data and provide you with the opportunity to exercise the following rights:

• Right of access to your Personal Data – you have the right to obtain information about the Personal Data we process and to receive a copy of it.

• Right to rectification – if your Personal Data is incomplete or incorrect, you have the right to have it corrected or completed without undue delay.

• Right to object to data processing – you have the right to object to the processing of data where it is based on our legitimate interest.

• Right to erasure of Personal Data – you have the right to request the erasure of your Personal Data (the “right to be forgotten”) where there is no longer a legal basis for its continued processing.

• Right to data portability – you have the right to receive your Personal Data in a structured, commonly used format and the right to transmit that data to another controller.

• Right to withdraw consent – you have the right to withdraw your consent to the processing of Personal Data at any time, without affecting the lawfulness of processing carried out before its withdrawal.

If you have any questions about the legal basis for processing your Personal Data or wish to exercise your rights, please contact us.

To exercise your rights, contact us. You may need to confirm your identity before your request is fulfilled. You also have the right to lodge a complaint with the data protection supervisory authority.

8. COOKIE POLICY

Cookies are small text files sent by a web server and stored on the User’s end device (for example, a computer, tablet or smartphone). They allow the information contained in them to be read only by the server that created them. Cookies identify the User in order to tailor website content and advertisements to their individual needs and preferences.

Purposes of storing and accessing cookies:

The Owner uses Cookies to ensure an appropriate standard of convenience when using the Website. The data is used for the following purposes:

Personalisation – Remembering selected settings (for example, font size, colour version and language preferences) and adapting the content of subpages to the User’s needs.

• Authentication and session – Maintaining the User’s session after login, so that there is no need to enter a login and password on every subpage.

• Technical optimisation – Recognising the User’s end device in order to display the website correctly and ensure effective and trouble-free navigation.

• Analytics and Statistics – Monitoring and checking how Users use the Website (for example, through Google Analytics). The collected data is used to optimise activities and improve the operation of the Website within the company.

• Marketing and Profiling: Providing the User with personalised advertising content and conducting remarketing activities.

Cookie management and consent

Default settings: Please note that software used to browse websites (a browser) often allows Cookies to be stored on the end device by default.

Right to change: The User may change Cookie settings at any time, for example by blocking their automatic handling or requesting information each time they are placed on the device.

Impact on the operation of the Website: Changing the settings constitutes an objection, which may cause difficulties in using the Website. Completely disabling Cookies does not prevent content from being viewed, but it may block access to features that require login.

No configuration changes: Stored Cookies do not cause any configuration changes to the User’s end device or the software installed on it.

Managing cookies in browsers:

If you do not consent to the use of cookies, you can modify your browser settings. Below are links to instructions for the most popular browsers: ·
· Firefox
· Chrome
· Microsoft Edge
· Opera
· Safari

9. PRINCIPLES OF PERSONAL DATA PROCESSING (GDPR PRINCIPLES)

The Data Controller processes Personal Data in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), while protecting the rights and freedoms of data subjects.

The Data Controller ensures that Personal Data is:

• processed lawfully, fairly and transparently,

• collected for specified, explicit and legitimate purposes,

• adequate, relevant and limited to what is necessary,

• accurate and, where necessary, kept up to date,

• kept for no longer than is necessary,

• processed in a manner that ensures an appropriate level of security, including protection against unauthorised access, loss or destruction.

The Data Controller applies technical and organisational measures appropriate to the nature, scope, context and purposes of data processing and to the risk of infringement of the rights or freedoms of natural persons.

10. AUTHORISED PERSONS AND ENTRUSTMENT OF DATA PROCESSING

Personal Data may be accessed only by persons authorised by the Data Controller or entities to which the Data Controller has entrusted data processing under data processing agreements, in accordance with Article 28 of the GDPR.

Persons processing Personal Data act only on the instructions of the Data Controller and are obliged to maintain confidentiality.

11. AUTOMATED PROCESSING AND PROFILING

Personal Data may be processed by automated means, including profiling, only to the extent permitted by law.

Profiling may be used for the purpose of:

• improving the functionality of the Service,

• personalising content,

• optimising marketing communications.

The User has the right to object at any time to the processing of data for marketing or profiling purposes by contacting the Data Controller.

12. VOLUNTARY PROVISION OF DATA

Providing Personal Data is, as a rule, voluntary; however, in some cases it is necessary in order to:

• enter into or perform a contract,

• use certain functionalities of the Service,

• receive a response to an enquiry or have a request handled.

Failure to provide data may result in the inability to fulfil the above purposes.

13. GOVERNING LAW AND APPLICATION OF LEGAL PROVISIONS

This Privacy Policy is governed by the laws of the Republic of Poland.

In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply, in particular the provisions concerning the protection of Personal Data and the provision of electronic services.

14. CONTACT

For matters concerning privacy and the exercise of your rights, please contact our Data Protection Officer:

E-mail: [email protected]

Address: BTC Sp. z o.o., 38 1 Maja Street, 71-627 Szczecin, Poland.

This Privacy Policy is reviewed and updated regularly. Any significant change will be announced on our website.