← Back to home

Privacy Policy

Effective May 20, 2026 · Blem, Inc. ("Blem", "we", "us")

1. What we collect

When you use Blem we collect:

  • Account info: email address, password (hashed), display name, gender, age, dating goal, IG handle (if you choose to share).
  • Content you submit: selfies, photos you upload, messages you paste in for AI drafting, contact details you enter (names, phone numbers, IG handles of people you reply to).
  • AI outputs: reply drafts, generated images, scoring results, kept tied to your account.
  • Billing data: handled directly by Stripe. We see customer ID + subscription status only; we never see your card.
  • Location: if you allow it, your approximate device location (or a city you type) to show top-rated spots near you. We use it to query Google Places for that area; we don't store a location history.
  • Notification tokens: if you turn on notifications, the push subscription / device token for your browser or device, so we can send the alerts you opted into.
  • Technical data: IP, browser, basic device info captured by Vercel + Supabase for security and rate limiting.

2. How we use it

  • To run the product (sign you in, store your drafts, generate replies and images).
  • To show local hot spots near you (using your location or chosen city) and to send the notifications you opt into — Fri/Sat hot-spot alerts, weekly prep, and follow-up reminders. You control these in Notifications and can turn them off anytime.
  • To improve AI quality (the prompts include your profile + recent drafts so Claude has context).
  • To bill you via Stripe.
  • To send you transactional email (signup confirmation, account changes) — never marketing without opt-in.
  • To protect the service from abuse and meet legal requirements.

3. AI processing & sub-processors

Blem sends your content to third-party AI providers to deliver core features. Each only receives what is necessary, only when you trigger that feature:

  • Anthropic (Claude): drafts replies, generates contact descriptors. Sees: the message you pasted, your profile, recent draft history.
  • OpenAI (GPT-4o, DALL-E 3): scores your photos in Avatar Score, generates synthetic background templates. Sees: photos you upload, template prompts.
  • Google (Gemini 2.5 Flash Image / "Nano Banana"): performs face-swap into backgrounds. Sees: your selfie + the template image you picked.
  • Replicate (FLUX LoRA trainer): trains your personal photo model for the 15-photo Premium "Blem Signature" feature. Sees: the 3 photos you submit for training. Used only when you opt into LoRA training.
  • Google (Places API): finds top-rated venues near you. Sees: your approximate location or the city you enter — never your identity.
  • Supabase: our database, file storage, and auth provider.
  • Stripe: payment processor.
  • Vercel: hosts the app.
  • Resend: sends transactional email.

Each provider has their own privacy policy. We do not sell your data to any of them or anyone else.

4. Retention

We keep your account, drafts, and uploads as long as your account exists. You can delete any draft or favorite at any time inside the app. You can request full account deletion by emailing hi@blem.app — we delete within 30 days.

5. Your rights

You can: access your data, correct it, delete it, export it, or withdraw consent at any time. Email hi@blem.app to exercise any of these. California residents have CCPA rights; EU/UK residents have GDPR rights — both are honored regardless of your location.

6. Children

Blem is for adults. You must be at least 18 years old to create an account. If we learn we have data from anyone under 18, we delete it immediately. If you're a parent and believe your child has an account, email hi@blem.app.

6a. iOS App Tracking

The Blem iOS app does not track you across other companies' apps or websites. On first launch we show Apple's App Tracking Transparency prompt as required by Apple, but our answer is the same regardless of your choice: we don't operate an ad network and we don't share device identifiers with anyone for cross-app tracking. You can change this permission anytime in iOS Settings → Privacy & Security → Tracking.

7. Security

Passwords are hashed by Supabase Auth. Database access is gated by Row-Level Security so you can only see your own data. Card numbers never touch our servers (Stripe handles them directly). Uploads are stored in Supabase Storage with auth-only write permissions.

8. Changes

If we materially change this policy we'll email registered users at least 14 days before the change takes effect. The latest version lives at this URL.

9. Contact

Email hi@blem.app. Mail: Blem, Inc., USA.

HomeTermshi@blem.app