Privacy Policy
Last updated: 11 July 2026
This Privacy Policy explains what personal data Bloopo collects when you use bloopo.ai and our hosted service at mcp.bloopo.ai, why we collect it, and the choices and rights you have. Bloopo is operated from Lithuania and, for the purposes of the EU General Data Protection Regulation (GDPR), acts as the controller of your personal data. We keep this short and honest.
1. What we collect
- Account data — your email address and a securely hashed version of your password. We never store your password in plain text.
- Purchase records — when you buy credits, our payment processor Stripe handles the card transaction. Bloopo never sees or stores your full card number. We keep records such as the amount paid, the credits granted, and a Stripe reference for accounting and support.
- Credit and usage data — your credit balance and a ledger of usage events (which operation ran, when, and how many credits it cost) so we can meter the Service and show you your history.
- Your creations — the prompts you send and the images, video, voice, and music you generate, so you can view and download them.
- Basic technical data — things like your IP address and request logs, used for security, debugging, and preventing abuse.
2. How we use your data
- To provide the Service — run your generation requests, store your creations, and let you download them.
- To meter credits and process purchases through Stripe.
- To provide support and respond to your requests.
- To keep the Service secure — detect and prevent fraud, abuse, and technical problems.
- To meet legal and accounting obligations.
Our legal bases under the GDPR are: performing our contract with you (running the Service and processing purchases), our legitimate interests (security and abuse prevention), and compliance with legal obligations (such as tax and accounting). We do not sell your personal data, and we do not use your prompts or creations to train our own models.
3. Processors and sub-processors
We rely on a small set of trusted providers to run the Service:
- Stripe — payment processing.
- Supabase — our database, storing account data, the credit ledger, and usage events.
- Google Cloud — runs the AI models (Imagen, Gemini, Veo, Cloud Text-to-Speech) that generate your content; your prompts and generated assets are processed there.
- Railway — hosting for the Bloopo server, and Cloudflare for content delivery and security.
- Meta — ad measurement via the Meta Pixel (see our Cookie Policy).
- Object storage — for the files you generate.
Each provider processes data only as needed to deliver its part of the Service and under its own security and privacy commitments.
4. Cookies
Signing in uses a single session cookie that keeps you logged in — never for advertising. Separately, we use the Meta Pixel to measure whether our ads on Meta platforms work; it loads when you visit the site. The full list of cookies, what they do, and their lifetimes is in our Cookie Policy. You can view, block, or delete cookies from your browser settings at any time, and manage the ads you see through your Meta ad preferences.
5. Data retention
We keep your account data, credit ledger, and creations for as long as your account is active so the Service works as you'd expect. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must keep certain records longer — for example, purchase and tax records we're legally required to retain. Backups are rotated and expire on a normal schedule.
6. Your rights
Because we operate under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct data that's inaccurate.
- Delete your data ("right to be forgotten").
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where we rely on it, and to lodge a complaint with your data protection authority (in Lithuania, the State Data Protection Inspectorate).
To exercise any of these rights — including deleting your account and data — email blooper@bloopo.ai from your account address. We'll respond within the timeframes the law requires.
7. Security
We protect your data with encryption in transit (HTTPS), hashed passwords, access controls, and scoped credentials for our providers. No system is perfectly secure, but we work to keep your data safe and will notify you and the relevant authority where the law requires it if a breach affects you.
8. Children
Bloopo is not intended for children. You must be at least 16 years old (or the minimum age of digital consent where you live) to use the Service. We don't knowingly collect data from children under that age; if we learn we have, we'll delete it.
9. International data transfers
Some of our providers (such as Stripe and Google Cloud) may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an adequacy decision — to protect your data.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you.
11. Contact
Bloopo is operated from Lithuania. For any privacy question, or to request access, export, or deletion of your data, email blooper@bloopo.ai.
Questions? Email blooper@bloopo.ai.