Privacy Policy

Effective date: June 27, 2026 Last updated: June 27, 2026

This Privacy Policy explains how the operators of bluprint ("bluprint," "we," "us," or "our") collect, use, share, and protect your information when you use the bluprint mobile application and related services (the "Service").

bluprint is operated by its two founders; Rinah Seo (d/b/a bluprint) is the responsible party and data controller for the personal information described in this policy. If you have any questions about this policy or your data, contact us at bluprint.legal@gmail.com.

Note for our team: This document is drafted to match how the app actually works today. Have it reviewed by a qualified attorney before launch.


1. Who We Are

bluprint is a travel-planning app. It lets you create trips, build itineraries, track expenses and bookings, invite other people to collaborate on trips, follow other users, and publish trips for others to discover.

We are the data controllers for the personal information described in this policy.


2. Information We Collect

2.1 Information you provide directly

  • Account information. When you sign up, we collect your email address, a username, and a display name. If you register with a password, it is handled and stored in hashed form by our authentication provider (Supabase) — we never see or store your plaintext password.
  • Google sign-in (optional). If you choose to sign in with Google, we receive basic profile information from Google associated with your account, such as your email address, name, and Google profile picture. We do not receive your Google password.
  • Profile information. A profile photo (you may choose a preset avatar or upload your own image from your device's photo library), plus any other profile details you choose to add, and your preferred app language.
  • Trip content. Information you enter to plan trips, including trip names, destinations, dates, itinerary items and visits, flights, hotels, transportation, expenses (amounts and currency), notes, and any other content you add to a trip.
  • Collaboration and social data. People you invite to a trip, trips you publish publicly, accounts you follow and that follow you, and ratings or interactions on published trips.
  • Consent records. Whether and when you accepted our Terms of Service and Privacy Policy (including the version), and whether you opted in to marketing communications.
  • Communications. If you contact us (e.g., by email), we keep your messages and contact details to respond.

2.2 Information collected automatically

  • Usage and device data. Basic technical information needed to operate the app, such as device type, operating system, app version, and log/diagnostic data. This is processed by our infrastructure providers (Supabase, Expo) to deliver and secure the Service.
  • In-app notifications. We generate records of notifications shown to you within the app (for example, a trip invitation or a new follower).

2.3 What we do not collect

  • We do not collect your device's precise or background location. Maps and place search show locations you look up or add, but the app does not track where your device is.
  • We do not send mobile push notifications; notifications are shown inside the app only.
  • We do not knowingly collect payment card or banking information. Expense amounts you type in are plain numbers for your own budgeting — they are not connected to any payment processing.

3. How We Use Your Information

We use the information above to:

  • Create and manage your account and authenticate you.
  • Provide core features: building trips, itineraries, expenses, bookings, and collaboration.
  • Enable social features you choose to use, such as following users and publishing trips.
  • Show you relevant in-app notifications based on your notification preferences.
  • Maintain, secure, and improve the Service, and prevent fraud, abuse, or violations of our Terms.
  • Enforce our anti-copying rules for published trips.
  • Communicate with you about the Service, and — only if you opted in — send marketing or product-update messages.
  • Comply with legal obligations.

Legal bases (for users in the EEA/UK). Where applicable law requires a legal basis, we rely on: performance of our contract with you (to provide the Service), your consent (for marketing and optional features), our legitimate interests (to secure and improve the Service), and compliance with legal obligations.


4. How We Share Information

We do not sell your personal information. We share information only as follows:

  • With other users, at your direction. When you invite someone to a trip, your collaboration content is visible to them. When you publish a trip, its content and your public profile (username, display name, avatar) become visible to anyone who can use the Service. When you follow or are followed, that relationship is visible per the app's social features.
  • With service providers who process data on our behalf, under contracts that limit their use of it:
    • Supabase — authentication, database, and file storage (hosts your account, trips, and uploaded images).
    • Google — sign-in (OAuth) and Maps/Places (to display maps and let you search for places).
    • Expo / EAS — app build and delivery infrastructure.
    • Pexels — supplies stock imagery shown in the app (we request images from them; we do not send them your personal data).
  • App stores (Apple App Store, Google Play) — to distribute the app and process any store-level interactions, subject to their own privacy policies.
  • For legal reasons — if required by law, regulation, legal process, or to protect the rights, safety, and property of bluprint, our users, or others.
  • In a business transfer — if bluprint is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.

5. International Data Transfers

bluprint is initially offered to users in North America, and we intend to expand to other regions over time. Our service providers may process and store data in countries other than yours, including the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers. By using the Service, you understand your information may be transferred to and processed in these locations.


6. Data Retention

We keep your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or de-identify your personal information within a reasonable period, except where we must retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements. Content you shared with others (for example, a trip you published or contributions to a shared trip) may persist where others retain copies or where deletion would disrupt a shared trip.


7. Your Rights and Choices

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information (much of this you can edit directly in the app).
  • Delete your account and associated personal information.
  • Object to or restrict certain processing, and withdraw consent at any time (for example, by turning off marketing or notification preferences).
  • Data portability — receive a copy of certain information.

How to exercise them. You can edit your profile and notification preferences in the app at any time. To request access, deletion, or a copy of your data, email bluprint.legal@gmail.com. We will respond within the timeframe required by applicable law.

Verifying your request. To protect your information, we may need to verify your identity before acting on a request — typically by confirming that you control the email address associated with your account. You may use an authorized agent to submit a request on your behalf; in that case we may require proof of the agent's authorization and may still verify your identity directly.

Account deletion. You can request deletion of your account and personal data at any time by emailing bluprint.legal@gmail.com or using the in-app account deletion option where available.

7.1 United States — California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA ("CCPA"), gives you the right to:

  • Know / access the categories and specific pieces of personal information we have collected about you, the sources, the business purposes for collecting it, and the categories of third parties to whom we disclose it.
  • Delete personal information we have collected from you, subject to certain exceptions.
  • Correct inaccurate personal information we maintain about you.
  • Opt out of the sale or sharing of personal information. We do not sell or "share" (as defined under the CCPA) your personal information, including for cross-context behavioral advertising, so no opt-out is required — but you may still contact us with any questions.
  • Limit the use of Sensitive Personal Information. See "Sensitive Personal Information" below — because we use it only for permitted purposes, no "Limit" option is required.
  • Non-discrimination. We will not discriminate against you for exercising any of these rights.

To make a request, email bluprint.legal@gmail.com. We will verify and respond as described in "Verifying your request" above.

Notice at Collection

In the 12 months preceding the effective date, we collect the following categories of personal information. "Retention" for every category is the same: we keep it for the life of your account and delete or de-identify it within a reasonable period after account deletion, except where a longer period is required by law (see Section 6).

CCPA categoryExamples we collectSourceBusiness purposeDisclosed to
IdentifiersEmail, username, display name, Google account ID, device/app identifiers, IP address in logsFrom you; automatically from your device; from Google (if you use Google sign-in)Account creation, authentication, operating and securing the ServiceService providers (Supabase, Google, Expo); other users at your direction
California customer records (Civ. Code §1798.80(e))Name/display name, email addressFrom youAccount management and communicationService providers (Supabase)
Commercial informationExpense amounts and currencies you enter for your own budgeting (not purchase or transaction records)From youProvide trip and expense featuresService providers (Supabase); collaborators you invite
Internet or network activityApp usage, log and diagnostic data, app version, OS/device typeAutomatically from your deviceOperate, secure, and improve the ServiceService providers (Supabase, Expo)
Geolocation dataNot collected — we do not collect precise or background device location
Audio/visual informationProfile photo/avatar you upload; images you add to tripsFrom youDisplay your profile and trip contentService providers (Supabase); other users at your direction
Sensitive personal informationAccount login credentialsFrom you / your authentication providerAuthenticate and secure your account onlyAuthentication provider (Supabase)
InferencesNot collected — we do not build profiles or draw inferences about you

Sensitive Personal Information

The only Sensitive Personal Information we collect is your account login credentials, and we use them solely to authenticate you and keep your account secure. We do not use or disclose Sensitive Personal Information for purposes that would entitle you to a "Limit the Use of My Sensitive Personal Information" right under the CPRA.

"Shine the Light" (Cal. Civ. Code §1798.83)

California residents may request information about our disclosure of personal information to third parties for those third parties' own direct marketing purposes. We do not share your personal information with third parties for their direct marketing purposes.

Do Not Track

Some browsers and devices transmit "Do Not Track" (DNT) signals. Because there is no common industry standard for interpreting DNT signals, and because we do not track you across third-party websites or services for advertising, we do not currently respond to DNT signals.

7.2 EEA / UK

If you are in the EEA or UK, you have the rights described above under the GDPR/UK GDPR, including the right to lodge a complaint with your local data protection authority.


8. Children's Privacy

bluprint is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under the age of majority in your jurisdiction, you may use the Service only with the involvement and consent of a parent or legal guardian. If you believe a child under 13 has provided us personal information, contact bluprint.legal@gmail.com and we will delete it.


9. Security

We use industry-standard measures provided by our infrastructure partners — including encryption in transit, hashed passwords, and database access controls — to protect your information. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.


10. Third-Party Services

The Service relies on and links to third-party services (Google, Supabase, Expo, Pexels, and the app stores). Their handling of data is governed by their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third parties.


11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you in the app or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.


12. Governing Law

This Privacy Policy is governed by the laws of the State of California, United States, without regard to its conflict-of-laws rules.


13. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or your personal information, contact us at:

Email: bluprint.legal@gmail.com