Blisso

Privacy Policy

Last updated: March 2026

This policy describes how Blisso processes personal data for the Blisso web application. It is intended to be accurate to the product; final wording should be reviewed by qualified legal counsel before you rely on it for regulatory compliance.

1. Who we are

Blisso ("we", "us") operates the Blisso event and community platform. For privacy requests, contact hello@blisso.io.

2. Categories of personal data

  • Account and profile: name, email address, phone number (if provided), profile photo URL, bio, language preference, account status, and authentication identifiers (e.g. Google account linkage where you use Google sign-in).
  • Organization and events: memberships, roles, events you create or help organize, RSVPs, contribution sign-ups, invites, and related metadata you or your org enter into the product.
  • Messaging and chat: chat messages you send in org/event rooms, and related timestamps and technical metadata needed to deliver chat.
  • Notifications: device push tokens (for web/mobile push where enabled), email address or phone for transactional messages, and WhatsApp-related preferences and numbers if you opt in.
  • Media library (if enabled): song titles, lyrics, and other content you upload; favorites you save.
  • Technical and security: IP address and standard server logs as processed by our hosting providers, and security-related signals needed to operate the service.
  • AI Co-Pilot (optional): when you use Event Co-Pilot, we send the prompts and context you provide (for example event descriptions, tone, audience size, and contribution needs) to our AI provider to generate draft event content. See section 8.

3. Purposes and legal bases (GDPR)

We process data to:

  • Provide the service, authenticate you, and maintain your account — contract (Art. 6(1)(b) GDPR) and, where needed, legitimate interests in securing and improving the platform (Art. 6(1)(f)).
  • Send service-related email, SMS, push, or WhatsApp messages you have opted into or that are necessary to operate features you use — contract and, where applicable, consent (Art. 6(1)(a)).
  • Operate org/event chat and collaboration features — contract and legitimate interests in facilitating community communication.
  • Run optional AI-assisted drafting when you choose Co-Pilot — contract and/or consent, depending on how you use the feature.
  • Comply with law, respond to lawful requests, and protect rights and safety — legal obligation or legitimate interests (Art. 6(1)(c) / (f)).

4. Storage on your device (localStorage / JWT)

The Blisso web app stores access and refresh tokens in your browser's localStorage so you stay signed in across visits. This is strictly functional (session management), not used for cross-site advertising. We do not use advertising cookies on the app as described here; if that changes, we will update this policy.

5. Recipients and sub-processors

We use trusted infrastructure and service providers to host and operate Blisso (hosting, database, email, SMS/WhatsApp, push delivery, OAuth, and optional AI). A current list with links to vendor privacy information is on our Sub-processors page.

6. International transfers

Our service providers may process data in the United States and other countries. Where GDPR applies, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required for transfers outside the EEA/UK. Details depend on your deployment and signed agreements with vendors.

7. Retention

We keep personal data only as long as needed for the purposes above: for example, account data while your account is active; org/event content according to org and product settings; chat messages while rooms exist and as needed for service operation; logs for a limited period per provider defaults. Closed accounts are anonymized as described in section 10; some references (e.g. historical "Former user" in chats) may remain without identifying you.

8. Event Co-Pilot (AI)

When you use AI Event Co-Pilot, the text and parameters you submit are sent to OpenAI (or another provider we configure) to generate drafts. Do not paste special-category or highly sensitive personal data into Co-Pilot prompts. OpenAI processes data under its terms and data processing terms; see OpenAI's privacy policy. Output is a draft for you to review before publishing.

9. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict or object to certain processing, data portability, and to lodge a complaint with a supervisory authority.

Self-service: from Profile, you can download a JSON export of much of your account data. You can also close your account from Profile subject to the rules described in section 10 (including transferring org ownership if you are an owner).

Contact: for other requests, email hello@blisso.io.

10. Account closure (erasure / anonymization)

If you are not the owner of any organization, you may close your account in-app. We will remove push tokens, strip sign-in identifiers (email, phone, password, Google linkage), clear profile fields, set your display name to a generic label, mark the account inactive, and detach your identity from chat messages you sent (messages may remain for the community without linking to your personal profile). Organization memberships, RSVPs, and similar records tied to your user id may remain for continuity of org/event records but will no longer identify you by name or contact details once anonymized.

JWT limitation: access tokens may remain valid until they expire; refresh is blocked once the account is closed. Sign out on your devices after closure if needed.

If you own an organization, you must transfer ownership to another member before closure.

11. California residents (CCPA/CPRA)

If the California Consumer Privacy Act (CCPA) as amended by the CPRA applies to our processing of your information, California residents have rights to know, delete, and correct personal information, and to limit use of sensitive personal information, subject to exceptions. We do not sell your personal information as that term is commonly defined under the CCPA, and we do not use sensitive personal information for inferring characteristics beyond providing the service. You may exercise rights by emailing hello@blisso.io or using the same self-service tools referenced in section 9 where available.

Categories collected in the last twelve months align with section 2; purposes align with sections 3 and 5. We may update this California notice as our practices or thresholds change.

12. Children

Blisso is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

13. Changes

We may update this policy from time to time. We will post the new version on this page and adjust the "Last updated" date. Where required, we will provide additional notice.

14. Related documents

← Back to Blisso