Privacy Policy
English summary · last reviewed 2026-05-18
Blumee is a German AI bouquet search service. We are committed to collecting as little personal data as possible. The legally binding version of this notice is the German Datenschutzerklärung.
Controller
Andrei Antonov (Einzelunternehmer). Contact: info@blumee.app.
What we collect
- A pseudonymous device identifier (stable, stored locally on your device). Under GDPR Art. 4 (5) this is pseudonymous, not anonymous data.
- Search interactions, result counts, and pseudonymous click-throughs to partner stores.
- Photos you submit for visual search — processed transiently, never stored.
What we don't do
- We don't link data to your identity, phone or email.
- We don't use third-party ad SDKs or trackers.
- We don't sell or rent your data.
Third-party processors
- Pl@ntNet (CIRAD, France) — flower species identification. EU-based.
- OpenAI Ireland Ltd. — semantic understanding of search queries and bouquet photos. Processing may take place in the USA; we rely on EU Standard Contractual Clauses (GDPR Art. 46 (2) (c)) plus supplementary measures required by Schrems II: TLS 1.2+ in transit, AES-256 at rest, contractual opt-out from training on your inputs (zero data retention), pseudonymisation of requests and a short server-side retention of at most 30 days.
- Awin AG (Berlin, Germany) and its affiliated Awin Ltd. (London, UK) — affiliate click tracking after you tap through to a partner. The UK transfer is covered by the EU adequacy decision of 28 June 2021.
Cookies and consent
The blumee.app website and the Blumee app load no advertising cookies or comparable trackers. No cookie banner is required since only strictly necessary storage access (language preference, session) takes place. Affiliate tracking by Awin only sets a tracking identifier after you actively tap a clearly labelled „Order on partner's site" button — that informed click is the consent under § 25 TTDSG.
Server logs
When you visit blumee.app our hosting provider automatically records technical access data: IP address, date and time, requested URL, HTTP status, transferred bytes, referrer, user-agent. These logs are not combined with other data sources and not used to build user profiles. Legal basis: GDPR Art. 6 (1) (f) — legitimate interest in operating a stable, secure website and in abuse prevention. Logs are deleted after 14 days; longer retention only for investigating a concrete security incident.
We deliberately do not run any web analytics: no Google Analytics, no Matomo, no Plausible, no comparable tool.
Retention
Search and click events are kept for at most 90 days in identifiable form, then aggregated. Photos are not stored after processing. Favourites and history live exclusively on your device.
Your rights
Under GDPR you can request access, correction, deletion, restriction, portability, and object to processing of your data. Write to info@blumee.app.
Supervisory authority
You may lodge a complaint with the competent supervisory authority. For us this is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, www.ldi.nrw.de.