BleeckerBleeckerTerms & Conditions

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Bleecker ("we," "us," or "our") operates the website located at bleecker.ai and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or use our Service. We are committed to protecting your privacy in accordance with applicable data protection laws worldwide, including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act, Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable regulations.

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Data Controller

For the purposes of the GDPR and other applicable data protection laws, Bleecker is the data controller responsible for your personal data. If you have questions about how your data is processed, you may contact us at sofi@bleecker.ai.

3. Information We Collect

3.1 Information You Provide

  • Account and Authentication Data: When you sign in or authenticate using our one-time passcode (OTP) system, we collect your phone number and/or email address to deliver the OTP and verify your identity. We do not store passwords — authentication is handled exclusively through time-limited, single-use codes sent to your registered contact method.
  • Contact Information: When you submit forms (such as "Ask Bleecker," contact requests, or meeting requests), we may collect your name, email address, phone number, company name, and job title.
  • Communications: Any messages, questions, or feedback you send us through the Service.

3.2 Information Collected Automatically

  • Usage Data: We collect information about how you access and use the Service, including your IP address, browser type, device type, operating system, referring URLs, pages visited, and the dates and times of your visits.
  • Analytics Data: We use Vercel Analytics to collect anonymized performance and usage metrics to improve our Service.
  • Cookies and Similar Technologies: We use essential cookies required for the Service to function. We do not use advertising or tracking cookies. See Section 9 for more details.

3.3 Information We Do Not Collect

We do not collect or store passwords, payment information, government-issued identification numbers, biometric data, or sensitive personal data categories as defined under the GDPR (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation).

4. Authentication and One-Time Passcodes (OTP)

Our Service uses a passwordless authentication system based on one-time passcodes (OTPs). Here is how it works and how your data is handled:

  • How OTP Works: When you sign in, we send a unique, time-limited code to your registered phone number (via SMS) or email address. This code is valid for a short period and can only be used once.
  • Data Stored: We store your phone number and/or email address for the purpose of delivering OTPs and identifying your account. We do not store the OTP codes themselves after they have been used or have expired.
  • Security: OTP-based authentication eliminates the risks associated with password storage and reuse. Each code is cryptographically generated and transmitted securely.
  • SMS and Email Delivery: OTP codes may be delivered through third-party service providers. These providers process your phone number or email address solely for the purpose of delivering the authentication code and are bound by their own privacy policies and our data processing agreements.
  • Session Management: After successful OTP verification, a session token is created and stored locally on your device. This token is used to maintain your authenticated session and does not contain your personal information.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service
  • To authenticate your identity through our OTP system
  • To respond to your inquiries and fulfill your requests
  • To send you administrative communications related to your use of the Service
  • To analyze usage patterns and improve the Service
  • To detect, prevent, and address technical issues or security threats
  • To comply with legal obligations

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary to provide you with the Service you have requested (e.g., OTP delivery for authentication).
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service, provided these interests do not override your rights.
  • Consent: Where you have given explicit consent, such as when submitting optional forms.
  • Legal Obligation: Where processing is required to comply with a legal obligation.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

  • Service Providers: We work with trusted third-party providers who assist in operating our Service, including hosting (Vercel), database management (MongoDB), analytics, and OTP delivery services. These providers are contractually obligated to protect your data and process it only as instructed.
  • Legal Requirements: We may disclose your information if required to do so by law, or in response to valid requests by public authorities (e.g., a court order or government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats to safety.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards in accordance with applicable law, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all third-party providers
  • Ensuring that recipients maintain adequate security measures

9. Cookies and Tracking Technologies

We use only essential cookies that are strictly necessary for the Service to function, such as session cookies for authentication. We do not use cookies for advertising, retargeting, or cross-site tracking purposes.

You can configure your browser to refuse cookies, but this may affect your ability to use certain features of the Service.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Authentication Data: Phone numbers and email addresses associated with your account are retained for the duration of your account. OTP codes are automatically deleted after use or expiration.
  • Form Submissions: Contact and inquiry data is retained for up to 24 months, unless you request earlier deletion.
  • Analytics Data: Anonymized analytics data may be retained indefinitely as it cannot be used to identify you.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Opt-Out of Communications: Unsubscribe from non-essential communications at any time.

Additional Rights Under GDPR (EEA, UK, Switzerland)

  • Restriction of Processing: Request that we limit the processing of your data in certain circumstances.
  • Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Objection: Object to the processing of your personal data based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority.

Additional Rights Under CCPA (California Residents)

  • Right to Know: Request details about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, with certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • No Sale of Personal Information: We do not sell personal information as defined by the CCPA.

Additional Rights Under LGPD (Brazil Residents)

  • Confirmation and Access: Confirm whether we process your data and access it.
  • Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data.
  • Data Portability: Request portability of your data to another service provider.

To exercise any of these rights, please contact us at sofi@bleecker.ai. We will respond to your request within 30 days (or sooner if required by applicable law).

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Secure, encrypted database storage
  • Regular security assessments and monitoring
  • Access controls limiting data access to authorized personnel only
  • Passwordless authentication (OTP) to eliminate password-related vulnerabilities

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

13. Children's Privacy

Our Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at sofi@bleecker.ai.

14. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through a notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bleecker

New York, NY

Email: sofi@bleecker.ai

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

© 2026 Bleecker. All rights reserved.

Privacy PolicyTerms & Conditions