📃Privacy Policy

Last updated and effective date: July 10, 2023

Blueberry Protocol Foundation., for itself and each of their respective affiliates (together, "Bloom", “Blueberry”, “we”, “us,” “our”), is committed to protecting individual privacy and maintaining the trust of users of the defi lending and borrowing protocol that we developed. (“Users”). It is important to us that we provide transparency regarding our collection, use, and disclosure of the personal information of Users. Personal information as used in this Privacy Policy (this “Policy”) includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

To help us meet our commitment to protecting your personal information, we have created this Policy. This Policy governs data protection matters across the Bloom protocol currently available at https://bloom.garden (the “Protocol”). This Privacy Policy, along with our Terms of Use, form an integral and binding part of our relationship with you.

By providing personal information to us or by using our Protocol, you agree to our collection, use, disclosure, and storage of personal information as described in this Privacy Policy. This Policy describes how we use, share, and protect the personal information of individuals who use our Protocol. It also describes your rights and choices regarding the use, access to, and correction of personal information.

  1. What Our Privacy Policy Covers

    This Policy describes how we use, share, and protect the personal information of our Users. It also describes the rights and choices regarding use, access to, and correction of personal information available. Our websites may include links to websites and/or applications operated and maintained by third-parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. We encourage you to review the privacy practices of those third-parties.

  2. What Personal Information We Collect The types of personal information we obtain about you depends on how you interact with us and our products and services. When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can be associated with you. The following are the categories and specific types of personal information that we collect:

    Personal Identifiers

    Including your email, social media handles, such as your Discord username and Twitter username or other similar identifiers.

    Device Information and Other Unique Identifiers

    Including browser type, screen resolution, IP address, unique device identifiers or similar unique identifiers.

    Internet or Other Network Activity

    Including website(s) visited before browsing our website, how long you spend on a page or screen, navigation paths between pages or screens, date and time of use, pages viewed and links clicked.

  3. How We Collect Personal Information We collect personal information about you from various sources. For example, we collect and obtain information:

    Directly from you

    We collect personal information that you voluntarily submit to us, such as when you use our website or Protocol or contact us.

    Using cookies and other automatic data collection technologies

    When you visit our websites, use our Protocol or services, we or third-parties we work with automatically collect certain information using technologies such as cookies, web server logs, and other data collection tools. For more information, please see "Cookies and Similar Tracking Technologies"

    From Social Media

    If you interact with us on social media in connection with Blueberry, we collect information that you share with us, or that the social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.

    From Other Sources

    For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.

  4. Cookies and Tracking Technologies We and our third-party service providers (such as advertising and analytics providers) use cookies and other similar tracking technologies (collectively, “tracking technologies”) to gather information when you interact with our website and Protocol. Some tracking technologies help us maintain the security of our websites and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. These tracking technologies are “required” because we need them for the websites to work properly. We don’t provide the option to opt-out of these tracking technologies, but you can remove these “required” tracking technologies by modifying your browser settings. Please note, some features of our websites may not be available to you as a result.

    We permit third-parties to use tracking technologies on our website and Protocol for analytics to understand how visitors interact with our website and Protocol. For example, we use Google Analytics to evaluate website traffic and usage data to help us improve our products and services. For more information about how Google collects and processes data visit https://policies.google.com/technologies/partner-sites.

    For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/, and for Adobe please visit https://www.adobe.com/privacy/opt-out.html.

  5. How We Use Personal Information In general, personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your personal information in the following ways:

    Providing Services

    We use your personal information to provide the Protocol and services.

    Communicating With You

    We use your personal information to communicate with you, such as to send security or maintenance advisories, respond to and/or follow-up on your requests, inquiries, issues or feedback.


    We use personal information to conduct research and analytics, including to improve our services; to understand how you interact with our Protocol.

    Security and Fraud Prevention

    We use personal information to detect, investigate, prevent, and take action against potential malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights or property of Blueberry and our users, employees, or others.

    Legal Obligations

    We use personal information to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.

    Core Business Functions

    We use personal information to support core business functions, including to maintain records related to business process management; loss and fraud prevention, and to collect amounts owing to us; and to provide and maintain the functionality of our Protocol, including identifying and repairing errors or problems.

  6. How We Share Personal Information We disclose personal information only to the third-parties as indicated below, in addition to any specified disclosures described elsewhere in this Policy:

    Business Affiliates

    We may share your personal information with our business affiliates, including any affiliated companies, subsidiaries or sister companies. Our business affiliates process personal information as our service providers, where necessary to provide the Protocol and services that you have requested, including to administer our Protocol, or in other circumstances with your consent or as permitted or required by law.

    Business Transfers

    We may disclose personal information to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Blueberry’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal information held by Blueberry are among the assets to be transferred.

    Law Enforcement and Legal Request

    We may disclose personal information to comply with applicable legal and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.

    Enforcement of Legal Rights

    We may disclose personal information to the extent they are necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you or others, including enforcing our Terms of Use and any other agreements (such as for billing and collection purposes and fraud prevention).

  7. Personal Information of Minors We do not knowingly collect personal information from children under the age of eighteen (18) without authorization by a holder of parental responsibility. If you believe that we may have collected personal information from or about a child under the age of eighteen (18) without such authorization, please contact us at info@blueberry.garden.

  8. How We Protect Personal Information We take the protection of your personal information seriously. Blueberry employees who have access to your personal information are made aware of the importance of keeping it confidential. We care about the security of the information and use various administrative, and technological safeguards to preserve the integrity and security of all information collected through our Protocol.

    However, no data security measures can guarantee complete security; we also depend on you to take common sense steps to ensure your personal information remains secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Protocol. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Protocol.

  9. How Long We Retain Personal Information In general, we retain your personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In the event that you make a verifiable request to delete your personal information and no exceptions apply, we will no longer retain your personal information. Please note that in many circumstances we are required to retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes. The criteria used to determine our retention periods includes, without limitation: - The length of time we have an ongoing relationship with you and provide the Protocol to you; - Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or - Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

  10. Your Privacy Rights Depending on where you reside or applicable law, you may exercise the rights described below. Please note that some of the rights may vary depending on your country, state, or province of residence.

    Accessing, Updating, Correcting, and Deleting Personal Information

    You may have the right to request (1) access to and receive details about the personal information we maintain about you and how we process it; (2) updates your personal information or correct any inaccuracies; (3) a copy of your personal information that we have collected and processed and (4) that we delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. There may be limitations to these rights based on your specific circumstances and applicable law.

    You can submit a privacy rights request by emailing info@blueberry.garden.

  11. Information for California Residents This section of our Privacy Policy is specifically for California residents and explains how we collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act (the “CCPA”). The CCPA defines “personal information” as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Categories of Personal Information We Collect and Our Purposes for Collection and Use

    You can find a list of the categories of personal information that we collect in Section 2 above. For details regarding the sources form which we obtain personal information, please see Section 3 above. We collect and use personal information for the business or commercial purposes described in Section 5 above.

    Blueberry does not collect any sensitive personal information for any individuals.

    Categories of Personal Information Disclosed and Categories of Recipients

    We disclose the following categories of personal information for business or commercial purposes to the categories of recipients as described in Section 6 above. Sale of Personal Information / Do Not Sell

    Blueberry does not sell, trade, or rent out personal information for compensation that would constitute a sale under California law, nor have we done so in the preceding 12 months. In the event that Blueberry sells, trades, or rents out personal information that would constitute a sale, Blueberry will provide disclosures in this section of the Policy as well as the option to opt out of the sale of personal information using global privacy controls.

    Retention of Personal Information

    Blueberry retains personal information for only as long as necessary to provide you with access to the Protocol and the services or until you have made a verifiable request to delete your personal information, unless a longer retention period is required or permitted by law. For additional information about retention of your personal information, please see section 9 above.

    Your California Rights

    California residents are entitled to contact us to request information about whether we have disclosed personal information to third-parties for direct marketing purposes. Currently, Blueberry does not disclose personal information to third-parties for direct marketing purposes. Upon receipt of such a request by a California resident, we will either (1) respond with a confirmation that we have not disclosed any personal information to third-parties in the previous calendar year; or (2) if our practices have changed, we will provide the categories of personal information that has been shared in the past 12 months and categories of third-parties to whom such personal information was disclosed, whichever is relevant. California residents have the right to: - Request disclosure of the categories and specific pieces of personal information that Blueberry has collected about you; - Request disclosure of the categories of third-party sources, if any, from which Blueberry has collected personal information about you; - Disclosure of the business or commercial purpose(s) for which your personal information has been collected by Blueberry; - Receive a list of the categories of third-parties with whom Blueberry has shared your personal information; - Request that Blueberry delete any personal information that it has collected from you (subject to exceptions); - Request that Blueberry correct any inaccurate personal information held about you; Opt out of the sharing or disclosure of your personal information and sensitive personal information to third-parties; and - Not be discriminated against by Blueberry (e.g., charged different rates, provided different levels of service, denied goods or services, or suggested any of the preceding) for exercising any of the individual rights granted above. To exercise any of your rights as a California resident, you can submit a request to info@blueberry.garden.

    Before complying with your request, we will need to verify that it is you that is making the request. To accomplish this, you may be requested to (1) confirm specific personal information that we already know about you; or (2) provide us with appropriate identification and documentation. California residents are limited to two requests for personal information per 12-month period. Only you or an authorized agent may make a verifiable data subject request related to your personal information. The verifiable data subject request must provide sufficient information and documentation to allow us to verify that you (or an authorized agent) are the person about whom we collected personal information. We will not provide you with personal information if we cannot verify your identity and/or authority to make the data subject request and confirm the personal information belongs to you or the represented individual. Making a verifiable data subject request does not require you to create an account with us. We use personal information provided in a verifiable data subject request solely to verify the requestor's identity or authority to make the request.

    We will respond to a verifiable data subject request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. If you have an account with us, we will deliver our response to the email address for that account. If you do not have an account with us, we will deliver our response by US mail or electronically at the email address in your request, at your option. All disclosures we provide will only cover the 12-month period preceding the verifiable employee request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable data subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  12. Information for EU Residents This section of the Policy applies only to users who use the Protocol from a country that is a Member State of the European Union (“EU Users”) and supplements the information in the Privacy Policy.

    Blueberry is the data controller for processing of personal information or personal data as defined under applicable data protection law. For purposes of this Policy, personal information and personal data are used synonymously.

    Under the General Data Protection Regulation (“GDPR”) (and subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal information. Legal Basis for Processing We process personal information for the purposes set out in this Privacy Policy, as described above. Our legal bases to process personal information includes processing that is:

    • Necessary for the performance of the contract between you and Blueberry (for example, to provide you with the products and services you request and to identify and authenticate you so you may use the Protocol);

    • Necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement);

    • Necessary for our legitimate interests (for example, to manage our relationship with you and to improve the Websites and our products and services); and

    • Based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

    You are not required, as a necessity to enter into a contract, to provide us with personal information for processing as described above. Your EU Rights As an individual residing in, or located in, the European Union or European Economic Area, you can exercise your GDPR rights. We may first request verification of your identity prior to facilitating the exercise of your rights.

    If you wish to confirm that Blueberry is processing your personal information, or to have access to the personal information Blueberry may have about you, please contact us at info@blueberry.garden. You may also request information about: the purpose of the processing; the categories of personal information concerned; who else outside Blueberry might have received the data from Blueberry; what the source of the information was (if you didn’t provide it directly to Blueberry); and how long it will be stored. You have a right to correct (rectify) the record of your personal information maintained by Blueberry if it is inaccurate. You may request that Blueberry erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Blueberry processes your personal information. When technically feasible, Blueberry will—at your request—provide your personal information to you or transmit it directly to another controller.

    Reasonable access to your personal information will be provided at no cost upon request. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. For questions or complaints concerning the processing of your personal information, you can contact us. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.

  13. Communicating with Us If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of personal information, or if you would like to update your information, please contact us at info@blueberry.garden.

  14. Updates to the Privacy Policy It is our intent to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. If we make material changes to how we treat your personal information, we will notify you through a notice on the homepage. The date that this Privacy Policy was last revised is listed at the top of the page. You are responsible for visiting our website and this Privacy Policy to check for any changes.

Last updated