Privacy Policy

The controller for the purposes of applicable data protection law is:
Replace with your full legal company name
Replace with street and number
Replace with postal code and city
Replace with country

Privacy contact: privacy@bluumie.com
General contact: legal@bluumie.com

bluumie is a SaaS platform for managing workspaces, projects, environments, credentials, links, notes, and health checks. Depending on how the service is used, we may process the following categories of data:

• Account and profile data such as name, email address, password hash, and verification status.
• Workspace and team data such as memberships, roles, and access relationships.
• Project and environment data such as names, descriptions, statuses, URLs, hosting details, and technical metadata.
• Notes, audit logs, and status check data, including timestamps, HTTP statuses, and response times.
• Encrypted credentials and secrets, which are only revealed on explicit request to authorized users.
• Security and session data required for login, authorization, abuse prevention, and system stability.

We process personal data only to the extent necessary to provide and secure bluumie. Depending on the context, processing is based in particular on the following legal bases:

• Article 6(1)(b) GDPR for providing user accounts, workspace functionality, project management features, and the agreed SaaS services.
• Article 6(1)(c) GDPR where statutory retention, documentation, or security obligations apply.
• Article 6(1)(f) GDPR for legitimate interests in IT security, abuse prevention, authorization management, fault analysis, system stability, and the traceable logging of security-relevant events.

Credentials, API keys, database logins, and similar secrets are stored in encrypted form within bluumie. Decryption is only triggered on explicit user action and only for authorized persons within the relevant workspace.

If customers store or manage personal data of third parties in bluumie, they remain generally responsible for the lawfulness of that content. Where bluumie processes such data on behalf of customers, a separate data processing agreement is typically required before productive use.

Personal data is only disclosed to recipients to the extent necessary for operating bluumie. This may include hosting, infrastructure, email, and security providers. The actual processors, hosting locations, and any third-country transfers must be added to this policy before production launch.

In its current MVP state, bluumie uses only essential cookies and comparable storage technologies. These include in particular:

• an essential session cookie for login, authorization checks, and access to protected areas,
• local browser storage for the state of the cookie notice,
• technical security and integrity mechanisms required by the application.

No optional analytics, marketing, or advertising cookies are enabled by default at this time. If that changes, this privacy policy will be updated in advance.

We store personal data only for as long as necessary for contract performance, the respective workspace relationship, IT security, or compliance with statutory duties. Accounts, workspaces, and stored content generally remain available until deleted by the user, unless legal or contractual reasons require continued retention or earlier deletion.

Subject to the applicable legal requirements, you may have rights of access, rectification, erasure, restriction of processing, data portability, and objection. You can direct requests to privacy@bluumie.com.

If you believe that the processing of your personal data violates data protection law, you may lodge a complaint with a supervisory authority. In Austria, this is in particular the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, email: dsb@dsb.gv.at.

The provision of certain account and access data is necessary to use bluumie. Without this data, user accounts, workspace access, and security functions cannot be provided. No solely automated decision-making within the meaning of Article 22 GDPR currently takes place.