Privacy Policy

Last updated: November 25, 2025

Table of Contents

Introduction

Welcome to Bluuma. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our data practices for our event website builder platform located at www.bluuma.com. By using our services, you consent to the practices described in this policy.

Bluuma is operated by Bluuma Indonesia, with registered address at [Insert Company Address]. If you have any questions about this policy, please contact us at bluuma.help@gmail.com.

Information We Collect

We collect several types of information to provide and improve our services:

Personal Information You Provide:

  • Account Information: When you register, we collect your email address, name, and password
  • OAuth Data: If you sign in with Google, we receive your Google account email, name, and profile picture
  • Payment Information: When you make purchases, we collect billing details processed through Tripay payment gateway
  • Event Data: Information you add to your event websites (names, dates, locations, messages, images)
  • Guest Information: RSVP responses, guest book entries, and contact details you collect from your visitors

Automatically Collected Information:

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Analytics Data: We use Google Analytics to understand how visitors interact with our platform
  • Cookies: Session cookies, preference cookies, and analytics cookies (see Cookies section below)

How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To create and host your event websites, manage your account, and provide customer support
  • Payment Processing: To process purchases, manage subscriptions, and issue refunds when necessary
  • Communication: To send service-related emails, payment confirmations, and respond to your inquiries
  • Improvement: To analyze usage patterns, fix bugs, develop new features, and enhance user experience
  • Security: To detect fraud, prevent abuse, and protect the security of our platform
  • Legal Compliance: To comply with Indonesian law (UU ITE) and applicable regulations
  • Marketing: With your consent, to send promotional emails about new features or offers (you can opt out anytime)

Payment Processing

We use Tripay as our payment gateway to process transactions securely. When you make a payment:

  • Your payment information is transmitted directly to Tripay's secure servers
  • We do not store complete credit card numbers or sensitive payment credentials
  • We retain transaction records including: amount paid, payment method, transaction ID, and payment status
  • Tripay operates under Indonesian financial regulations and maintains PCI-DSS compliance
  • Payment data is used solely for transaction processing, refunds, and financial reporting

For more information about Tripay's security practices, visit tripay.co.id

Third-Party Services

We work with third-party service providers who have access to certain data:

Google OAuth (Authentication):

  • Provides secure sign-in functionality
  • Receives: Email address, name, profile picture
  • Privacy Policy: Google Privacy Policy

Google Analytics (Analytics):

  • Tracks website usage and visitor behavior
  • Uses cookies to collect anonymized data
  • Privacy Policy: Google Privacy Policy

Vercel (Hosting):

  • Hosts our platform infrastructure
  • Processes data in the course of providing hosting services
  • Privacy Policy: Vercel Privacy Policy

Tripay (Payment Processing):

  • Processes all financial transactions
  • Handles payment data securely under Indonesian regulations
  • Privacy Policy: Tripay Policies

Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Types of Cookies We Use:

  • Essential Cookies: Required for authentication and basic site functionality
  • Session Cookies: Maintain your logged-in state and preferences during your visit
  • Analytics Cookies: Google Analytics cookies to understand usage patterns (can be opted out)
  • Preference Cookies: Remember your language and display settings

Managing Cookies:

You can control cookies through your browser settings. However, disabling essential cookies may affect site functionality. To opt out of Google Analytics tracking, use the Google Analytics Opt-out Browser Add-on.

File Uploads and Storage

When you upload files (images, videos, audio) to your event websites:

  • Storage Limits: Free plan: 500MB, Paid plans: 1GB - 10GB depending on subscription
  • File Types: Images (JPG, PNG, WebP), videos (MP4), audio files (MP3), QR codes
  • Retention: Files are stored for the duration of your account and 30 days after account deletion
  • Access: Your uploaded files are publicly accessible if included in published websites
  • Security: Files are scanned for malware and stored securely on cloud infrastructure
  • Ownership: You retain all ownership rights to content you upload
  • Backup: We maintain regular backups but recommend keeping your own copies

If you exceed storage limits, you'll be notified to upgrade your plan or delete files.

Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct inaccurate information in your account settings
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Portability: Export your event website data in machine-readable format
  • Withdraw Consent: Opt out of marketing emails or analytics tracking at any time
  • Object: Object to processing of your data for specific purposes
  • Complaint: Lodge a complaint with Indonesian data protection authorities if applicable

To exercise these rights, contact us at bluuma.help@gmail.com. We will respond within 30 days.

Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data transmitted over HTTPS/TLS encryption
  • Authentication: Passwords hashed using industry-standard bcrypt algorithm
  • Access Controls: Role-based access limits who can view your data
  • Infrastructure: Cloud hosting with enterprise-grade security (Vercel)
  • Monitoring: Regular security audits and vulnerability scanning
  • Backups: Automated daily backups with encryption at rest

While we implement strong security practices, no system is 100% secure. Please use strong passwords and keep your credentials confidential.

Indonesian Law Compliance (UU ITE)

As a service operating in Indonesia, we comply with:

  • UU ITE (Law No. 11/2008 as amended by Law No. 19/2016): Indonesian Electronic Information and Transactions Law
  • PP No. 71/2019: Regulation on Electronic Systems and Transactions
  • Data Localization: Key user data is stored within Indonesian jurisdiction where required
  • Consent: We obtain explicit consent for data collection and processing
  • Notification: We notify users of any data breaches as required by law
  • Retention: Data is retained in accordance with Indonesian record-keeping requirements

We work with Indonesian regulatory authorities to ensure ongoing compliance.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: bluuma.help@gmail.com
  • Website: www.bluuma.com
  • Response Time: We aim to respond to all inquiries within 2-3 business days

For data protection requests (access, deletion, portability), please email us with "Privacy Request" in the subject line and include your registered email address for verification.

↑ Back to Top