Privacy Policy.

Last updated: April 22, 2026

1. Who We Are

Beholden Blooms LLC (“we,” “us”) operates the website at beholden-blooms.com. This policy describes what information we collect, why, and how we protect it.

The short version: we collect only what we need to deliver flowers on time. We don’t sell your data. Ever.

2. Information We Collect

Information you provide

  • Account information: your name and email address, used for authentication and communication.
  • Recipient information: names, relationships, delivery addresses, and occasion dates for the people you want to send flowers to.
  • Payment information: credit or debit card details, processed and stored securely by Stripe. We never see or store your full card number.
  • Card messages: any custom card messages you write or approve for deliveries.
  • Preferences: bouquet tier selections, card tone preferences, and style choices.

Information collected automatically

  • Usage data: pages visited, features used, and general interaction patterns to improve the service.
  • Device information: browser type, operating system, and screen size for responsive design.

We do not use third-party tracking cookies or advertising pixels.

3. How We Use Your Information

  • To schedule and deliver flowers to your recipients on time.
  • To process payments for deliveries.
  • To send you delivery confirmations, approval requests, and account-related emails.
  • To generate optional AI card message suggestions based on your chosen tone and occasion.
  • To improve the service and fix bugs.

We do not use your information for advertising. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Who Has Access

Your data is shared only with the services needed to operate Beholden Blooms:

  • Supabase: database hosting and authentication (your account data, recipient info, and delivery records).
  • Stripe: payment processing (your payment method and billing details).
  • Florist partners: recipient name and delivery address only — the minimum needed to deliver flowers. Florists do not receive your account information.
  • Vercel: website hosting.
  • OpenAI: AI card message generation (occasion type and tone preference only — no personal identifying information is sent).

Each provider operates under their own privacy policy and data protection standards. We select providers with strong security practices.

5. Data Security

All data is transmitted over HTTPS. Database access is authenticated and restricted by row-level security policies. Payment data is handled entirely by Stripe and never touches our servers.

We use passwordless authentication (email-based one-time codes), which eliminates the risk of password breaches.

6. Data Retention

We retain your account and delivery data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required by law to retain certain records (e.g., payment transaction records).

Delivery history may be retained in anonymized form for business analytics.

7. Your Rights

You can, at any time:

  • Access your data through your dashboard.
  • Edit your recipients, addresses, and preferences.
  • Delete recipients and their associated delivery data.
  • Export your data by contacting us.
  • Close your account by contacting us at the email below.

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and to request its deletion.

8. Children

Beholden Blooms is not intended for use by anyone under 18. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this policy as our service evolves. Material changes will be communicated via email. The “last updated” date at the top reflects the most recent revision.

10. Contact

Questions or requests about your data? Write us at hello@beholden-blooms.com.

Beholden Blooms LLC
New York, NY