Services Privacy Notice

Last updated: May 18, 2018

BloomReach takes privacy very seriously. This Services Privacy Notice ("Privacy Notice") explains the information practices and policies of BloomReach, Inc. and its subsidiaries (“BloomReach”). It describes how we collect, use, and share personal information about you when providing the BloomReach Services, and how you can exercise your privacy rights.

Please review our Website Privacy Notice here for information about how we collect and process personal information, through our corporate websites (such as, ("Websites") and in connection with our events, sales and marketing activities.

If you have any questions about this privacy notice please contact us using information provided below.


We recommend that you read this entire Privacy Notice to ensure you are fully informed. However, to make it easier for you to review those sections of this Privacy Notice that apply to you, you may click on the links below:


















We provide publishers, retailers, websites and others (our “Clients”) and their end users authorized to use the BloomReach Services ("Users") with tools, analytics and personalization services that help our Clients develop and publish content and their consumers find content they want. 

We deliver the BloomReach Services on our Clients’ commercial websites, mobile applications, and digital properties (collectively the "Digital Properties") as part of the content they display to consumers who interact with their Digital Properties ("Consumers").

For example, BloomReach may analyze what products actually view or purchase on a Client’s website when they enter certain search terms to improve the likelihood that those search terms will bring up the same products or related products faster (on that website) in the future.

You can find out more about BloomReach and the BloomReach Services here.



This Section describes what information we collect about our Clients and their Users ("you") when they use the BloomReach Services.

Information you provide to us:

You may provide personal information to us through the Services – for example, when you sign up for and use the Services, consult with our customer support teams, send us an email, integrate the Services with another website or, or communicate with us in any other way.

We will let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.

The information you provide to us may include:

  • Account Information: You need a BloomReach account to use the BloomReach Services as a User. When you register for an account, we ask you to provide contact information such your name, telephone number, job title, and organization name.  

  • Billing Information: If you purchase the BloomReach Services, you may also need to provide us with payment and billing information such as your credit card details and billing address.

We will also maintain a record of your purchases, transactional information, your history and usage of the Services, and any communications and responses.

Information we collect automatically:

When Users use certain BloomReach Services, like Hippo CMS software, BloomReach Personalization and/or BloomReach Experience software, we automatically collect and process certain information about that Users device and use of the BloomReach Services. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.  

We may use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed in more detail in our Services Cookie Notice that can be found here.

We use this information to learn how we can improve the user experience and our support and quality improvement processes.

The information we automatically collect through the Services includes:

Device Information, such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone; and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).

Product usage data, which may include the dates and times you access the BloomReach Services, page views, which activities and features are used, crash logs, how you navigate to and within the BloomReach Services, the BloomReach Service version number if applicable, storage configuration settings, language preferences, and technical data relating to devices accessing and using the BloomReach Services and the performance of the BloomReach Services in doing so.

If your organization runs Hippo CMS or BloomReach Experience on premise, then the information collection can be turned off globally if that is desired. For documentation on how to do this, please click here.


We use the information collected about you for a variety of reasons, including the following purposes, as applicable:

  • To keep track of billing and payments.

  • To provide, support, personalize, maintain and enhance the BloomReach Services.

  • To fix bugs and troubleshoot product functionality.

  • To track User behavior at an aggregate level to identify and understand trends in the various interactions with the BloomReach Services.

  • To improve the BloomReach Services for all Users.

  • To respond to requests or provide requested information;

  • To send administrative or account related information.

  • To communicate updates to the Service.

  • To communicate with you via post, telephone and/or email for the purposes of providing you with marketing and promotional content (where this is in accordance with your marketing preferences). For more information about managing your marketing preferences, please see "Your Rights".

  • To comply with and enforce applicable legal requirements, agreements and policies.

  • To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity.

  • For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services.



The BloomReach Services are intended for use by our Clients. As a result, for much of the personal information we collect and process about Consumers, we act as a processor on behalf of our Clients (the data controllers).

We are not responsible for the privacy or security practices of our Clients, which may differ from those set forth in this Privacy Notice. We recommend that Consumer's review the privacy policies and notices of our Clients Digital Properties they use. 

Set out below is further information about the personal information that we collect about Consumers' through the BloomReach Services.

BloomReach Services use and rely on information, such as device and IP address information which is collected automatically through technologies such as cookies and similar tracking technologies. We use this to enable the BloomReach Services to provide better content experiences. You can learn more about how BloomReach Services automatically collect information below and in our Services Cookie Notice found here.

The information we automatically collect about you may include:

Device Information: We collect device-related information about a Consumer's use of a specific Client’s Digital Properties and interactions with BloomReach-created content widgets and pages on that Client’s Digital Properties through our “” domain.  This device information is collected from a Consumer's browser, and may include information such as their IP address, the date and time they use the Client’s Digital Property, technical attributes about the Consumer's browser request, browser type, browser language, search queries, pages or products browsed, and details about whether they have made a purchase (collectively, “Consumer Data”).   

We associate Consumer Data with an anonymous cookie tied to a specific Client’s Digital Property. This information does not enable us (and we don't link it to any information that enables us) to specifically identify any Consumer (such as by reference to their name or email address).  

The BloomReach Services do not collect the name, address, phone number, or other personal information of individual Consumers that enables them to be specifically identified (although our Clients may have collected this information separately from the BloomReach Services).  

We do NOT:

(1) Associate Consumer Data collected from one Client’s Digital Properties with Consumer Data collected from a different BloomReach Client’s Digital Properties; or

(2)Track or resolve an individual Consumer’s online activities across multiple unrelated third party websites or online services (often called, "cross-device tracking"). 

However, we may collect and use aggregate information about Consumers provided by third party service providers who may track individual Consumer online activities across multiple unrelated third party websites or online services.

Usage and Analytic Information:  The BloomReach Services do not use data collected on behalf of one Client for the purpose of servicing a different Client, but we may use aggregated information compiled from multiple Client Digital Properties or provided by third party service providers for servicing Clients. For example, we may collect device and machine-generated information such as the request and response logs of our Clients’ Digital Properties.  These logs include click and browse information. For example, when Consumers visit our Client's websites, information identifying the website they arrive from and the next website they visit is generated and available to the website operator for analysis.

We use this information on an aggregated basis alongside similar information from millions of other Consumers to enable us to improve and develop our products and services and to improve Consumers experiences on our Client's Digital Properties.

This aggregated information may include basic reporting metrics like the number of Consumers who discovered content through BloomReach-suggested content and connections, how frequently Consumer's return to a Client’s Digital Property, and the aggregate revenues generated from those Consumers. Aggregated information may also be used to help BloomReach and its Clients optimize products and services.

Cookies and Similar Tracking Technology

Cookies are files that web servers place on an Internet user’s computer that are designed to store basic information (such as visitor preferences).  Cookie technology remains a fundamentally important part of how websites customize users’ online experiences.  Through the use of cookies or similar technologies, we may automatically collect and store basic information about your visits to a Client’s Digital Property, so that we can help improve consumers’ online experiences. 

BloomReach Tracking and Non-Tracking Domains. BloomReach tracks Client Consumer Data only through it “ domain.”  Our other domains, including “,” “,” “,” “” and “” (collectively, our “Non-Tracking Domains”) do not track and store Client Consumer Data.  BloomReach API requests to our Non-Tracking Domains are HTTP requests which include a user’s IP address in the header of the request. With respect to our Non-Tracking Domains, any information contained in the HTTP request is purged and BloomReach only retains information contained in the API URL.  We do not use, collect or share any Consumer Data received through our Non-Tracking Domains.

How can I opt-out of BloomReach cookies? While our Clients are responsible for communicating directly with their Consumers, we strive to offer Consumers choices about the collection of information using cookies. Consumers are welcome to opt out of being tracked by BloomReach by clearing their browser’s cookies for the domain or URL that uses the BloomReach Services or by blocking the use of cookies when they visit such domains or URLs. For more information about our use of cookies and how you can opt-out of cookies, please see our Services Cookie Notice here.



BloomReach will share the information it collects:

  • with our group companies. A list of our current group companies is available here;

  • with our Clients, if you are a Consumer;

  • with our third party services providers (our vendors) who provide data processing services to us (and with whom the sharing of your personal information is necessary to undertake the work e.g. to external consultants, professional advisors, payment processors, outsourced IT and document storage providers, auditors and accountants);

  • with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;

  • with our marketing partners to offer certain marketing events and promotions and may share individual level information that we have collected with these business partners in order to carry out these events and promotions;

  • with a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; and

  • with any other person with your consent to the disclosure.


We are a growing corporation with operations in multiple countries, including the United States, United Kingdom, India and the Netherlands. While our primary data centers are in the United States, Ireland and the Netherlands, we may transfer personal information or other information to BloomReach offices outside of the United States or the European Union.  In addition, we may employ other companies and individuals to perform functions on our behalf.

These countries may have data protection laws that are different to the laws of your country. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.  These safeguards include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European data protection law. Our standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.


We retain personal information we collect where we have an ongoing legitimate business need to do so (for example, to provide our Client with a service they have requested or to comply with applicable legal, tax or accounting requirements).  

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


If you are an individual from the EEA, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect it.  

However, we normally rely on our (or our Client's) legitimate interest to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your personal information, they include the interests described in this Privacy Notice.

In some cases, we may rely on our consent or have a legal obligation to collect personal information. If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting BloomReach” heading below.



You have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contacting BloomReach” heading below.  

  • In addition, if you are a resident of the European Economic Area ("EEA"), you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contacting BloomReach” heading below.

  • You have the right to opt-out of marketing communications we send you at any time.  You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contacting BloomReach” heading below.

  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • You have the right to complain to a data protection authority about our collection and use of your personal information.  For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA are available here.)

Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that accurately fulfil your request. You may also be required to provide ID.

Further Information for Consumers:  As described in this Notice, for much of the personal information we collect and process about you through the BloomReach Services, we act as a processor on behalf of our Clients.  In such cases, if you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal information is handled by BloomReach as a processor on behalf of our Clients, you should contact the relevant Client that has contracted with BloomReach for the use of the BloomReach Services, and refer to their separate privacy policies. If you are having difficulties finding this Client, you can contact us through our support team and we will try our best to help you.


We use appropriate technical and organizational security measures to protect any personal information we process against unauthorized access, disclosure, alteration, and destruction. For example, to protect your information access to data processing facilities is restricted, we deploy appropriate firewall, anti-virus and other anti-malware software and technologies as well as access controls on our networks and systems.

Unfortunately, nobody is truly and completely safe from hackers. Although we do our best to protect your personal information, we cannot guarantee security, no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure e-mail and similar technologies to protect yourself online.


BloomReach will maintain personal information in accordance with this Notice.  We may update this Notice from time to time in response to changing legal, technical, or business developments. If we decide to change this Notice, we will post the changes on this page and update the “last updated” date at the top of this policy.

If at any point BloomReach decides to retain or use previously collected personal information in a materially less restrictive manner, we will seek to provide affected individuals with additional notice (such as by way of email (where possible) or by posting a notice on our website or product login screens) for at least 30 days prior to the change in use. We encourage you to review our Notice whenever you use our Website to stay informed about our information practices and the ways you can help protect your privacy.


If you have any questions, comments, or concerns about BloomReach or this Notice, please contact our Data Protection Officer by email at or using the contact details provided below.


Attn: Data Protection Officer

Postal Mail Address:

BloomReach, Inc.

82 Pioneer Way

Mountain View, CA 94041


If you are an EEA resident:

BloomReach, B.V.

Oosteinde 11

1017 WT Amsterdam
The Netherlands

Attn: Data Protection Officer

We can be reached via e-mail at or you can reach us by telephone at +1 (888) 263-3917.

If you are resident in the EEA, the data controller of your personal information is BloomReach B.V., jointly with BloomReach, Inc.

If you are a Consumer, the data controller of your personal information is our Client whose Digital Properties you use.