BluePosterBluePoster

Privacy Policy

How We Protect Your Data

Effective: January 1, 2025

🔒 Your Privacy Matters

We never sell your data. We use minimal cookies. Your email is never exposed publicly in API responses or post listings.

BluePoster ("we", "us", or "our") operates the BluePoster platform accessible at blueposter.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

  • Account information — When you register, we collect your email address, first name, and last name. Your email is used exclusively for authentication and transactional notifications and is never exposed in public-facing API responses.
  • Content — Posts, survey responses, RSVP data, reservation details, and any images you upload.
  • Profile information — Optional display name and profile picture.

1.2 Information Collected Automatically

  • Usage data — Page views, QR code scans, and interaction events are logged for analytics and abuse prevention. These logs are retained for 90 days and then automatically deleted.
  • Device information — IP address and browser User-Agent string, used for security auditing.

2. How We Use Your Information

  • To create and manage your account
  • To deliver transactional emails (verification codes, event notifications, reservation confirmations)
  • To improve, personalise, and operate the BluePoster service
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

3. Cookies and Tracking

We use a single HTTP-only cookie to store your authentication refresh token. We do not use third-party advertising cookies or cross-site tracking technologies.

4. Third-Party Services

  • Google OAuth — Used as an optional sign-in method. When you sign in with Google, we receive your email address and profile name from Google. We do not store your Google password.
  • Amazon Web Services (AWS) — We use AWS S3 for image storage, AWS CloudFront as a CDN, and AWS SES for transactional email delivery.
  • Google Maps — Used for geocoding location fields on posts. Addresses submitted through location fields are transmitted to the Google Maps Geocoding API.
  • MongoDB Atlas — Activity audit logs are stored in MongoDB.
  • Meilisearch — Active post data is indexed in Meilisearch to power full-text search.

5. Data Retention

Retention Summary

  • Account & post data — retained while account is active
  • Activity audit logs — auto-deleted after 90 days
  • Deleted post data — permanently removed immediately
  • Deleted account data — purged within 30 days
  • Account and post data is retained as long as your account is active.
  • Activity audit logs are automatically deleted after 90 days.
  • When you delete a post, all associated images, responses, and reservation data are permanently deleted.
  • When you delete your account, all personally identifiable data is removed within 30 days.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us through the support channels listed on our website.

7. Children's Privacy

BluePoster is not directed to children under 13. We do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@blueposter.com.