Legal

Privacy Policy

Last updated: April 2026

Overview

Bluvium, Inc. ("Bluvium," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website (bluvium.com) or engage with our services. This policy applies to visitors worldwide, including those protected under the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

Information We Collect

We collect the following categories of personal information:

  • Identifiers — name, email address, phone number, company name, job title, and IP address
  • Professional information — job title, company, and industry when you submit a form or engage with our services
  • Internet activity — pages visited, time spent on pages, referring URLs, browser type, device information, and click behavior collected via cookies and analytics tools
  • Communication data — any information you provide when contacting us via email, phone, or form submissions

We do not collect sensitive personal information such as Social Security numbers, financial account information, precise geolocation, or biometric data through our website.

Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you — when you fill out a form, send us an email, or communicate with us by phone
  • Automatically from your device — via cookies and analytics technologies when you browse our website
  • From service providers — such as hosting and analytics platforms that process data on our behalf

How We Use Your Information

We use your personal information for the following business purposes:

  • To respond to your inquiries and provide requested services
  • To send relevant information about our services (only with your consent)
  • To improve our website and user experience
  • To analyze website traffic and usage patterns
  • To detect, prevent, and address security issues
  • To comply with legal obligations

Legal bases for processing (GDPR): We process your data based on: (a) your consent, (b) performance of a contract or steps prior to entering a contract, (c) our legitimate interests in operating, improving, and marketing our business (such as analyzing website usage and responding to inquiries) — where we rely on legitimate interests, we ensure those interests do not override your data protection rights, or (d) compliance with a legal obligation.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your browsing experience and analyze site traffic. When you first visit our website, a cookie consent banner allows you to accept or decline non-essential cookies.

  • Strictly necessary cookies — required for the website to function. These cannot be disabled.
  • Analytics cookies — help us understand how visitors interact with our website (e.g., Google Analytics). Only activated with your consent.

We do not use cookies for advertising, retargeting, or third-party behavioral tracking. You can manage cookie preferences at any time through our cookie consent banner (displayed on your first visit and accessible at any time via the Cookie Settings link in our website footer) or through your browser settings.

Data Sharing and Disclosure

We do not sell or share your personal information as defined under the CCPA/CPRA. Under the CCPA, we confirm that we have not sold or shared personal information of any consumer in the preceding 12 months.

We may disclose your information to:

  • Service providers — hosting (Netlify), analytics (Google Analytics), and CRM (Salesforce) providers who process data on our behalf under contractual obligations
  • Professional advisors — legal, accounting, and insurance professionals when required
  • Regulatory authorities — when required by law, subpoena, or legal process
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Bluvium is ISO 27001 certified, demonstrating our commitment to information security management best practices.

Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know — you may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it
  • Right to Delete — you may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale or Sharing — we do not sell or share personal information as defined under CCPA/CPRA. No opt-out is necessary.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights
  • Right to Correct — you may request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined by the CCPA

To exercise your CCPA rights, contact us at hello@bluvium.com or call 1-844-BLUVIUM. We will verify your identity before processing your request and respond within 45 days. You may also designate an authorized agent to submit a request on your behalf. Authorized agents must provide written authorization from you and verify their own identity.

Your Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with the following rights:

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten") — request deletion of your data when there is no compelling reason for continued processing
  • Right to Restrict Processing — request limitation of processing under certain circumstances
  • Right to Data Portability — request your data in a structured, commonly used, machine-readable format
  • Right to Object — object to processing based on legitimate interests, including profiling
  • Right to Withdraw Consent — withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint — file a complaint with your local data protection supervisory authority

To exercise your GDPR rights, contact us at hello@bluvium.com. We will respond within 30 days.

Data Controller: Bluvium, Inc., 3001 Bishop Drive, San Ramon, CA 94583, USA. For GDPR inquiries, email hello@bluvium.com with "GDPR Request" in the subject line.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Contact form submissions — retained for 24 months unless you request earlier deletion
  • Analytics data — aggregated and anonymized after 26 months
  • Client engagement data — retained for the duration of the business relationship plus 3 years for legal and compliance purposes

International Data Transfers

Bluvium operates across the United States, Canada, and India. Your data may be transferred to and processed in any of these countries. For transfers from the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and the UK International Data Transfer Agreement (IDTA) or UK Addendum for transfers from the United Kingdom
  • Data processing agreements with service providers that ensure adequate protection
  • Our ISO 27001 certification as supporting evidence of organizational security practices (note: ISO certification is not itself a legal transfer mechanism)

Data Processing Agreements

For business clients requiring formal data processing arrangements, Bluvium enters into Data Processing Agreements (DPAs) where required by applicable law or client contract. Contact us at hello@bluvium.com to request a DPA.

Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals. However, you can manage tracking preferences through our cookie consent banner and your browser settings.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be posted on this page with an updated revision date. If changes are significant, we may notify you via email or a prominent notice on our website.

Contact Us

For questions about this privacy policy, your personal data, or to exercise your rights under CCPA or GDPR:

Bluvium, Inc.
3001 Bishop Drive, San Ramon, CA 94583, USA
hello@bluvium.com
1-844-BLUVIUM

For CCPA requests: include "CCPA Request" in the subject line.
For GDPR requests: include "GDPR Request" in the subject line.
We will verify your identity and respond within the timeframes required by applicable law.