Data Deletion Policy
1. Introduction & Purpose
This User Data Deletion Policy explains how BLEND handles requests from users and merchants to delete their personal data. It gives effect to your right to erasure (the “right to be forgotten”) under Article 17 of the GDPR and your equivalent rights under the Law of Georgia on Personal Data Protection. It should be read together with our Privacy Policy.
2. Scope
This Policy applies to registered users, merchants (see Section 12 for additional provisions), and former users whose data may remain within applicable retention periods. It covers personal data processed by BLEND as data controller; it does not cover data held by third-party authentication providers (Google, Facebook, Apple) on their own systems.
3. Your Right to Deletion
You may request deletion of your personal data where: it is no longer necessary for the purposes it was collected; you withdraw consent and there is no other lawful basis; you successfully object under GDPR Art. 21 and no overriding grounds exist; the data was unlawfully processed; or erasure is required by law.
The right to deletion is not absolute. BLEND may decline a request in whole or part where an exception under GDPR Art. 17(3) or equivalent Georgian law applies; in that case we will explain the reason and your right to complain to a supervisory authority.
4. How to Submit a Request
Email security@blendapp.ge with the subject “Data Deletion Request”, including your full name as registered, the email associated with your account, a clear statement that you request deletion, and whether you want full account deletion or deletion of specific categories. Requests received via a third-party provider’s deletion mechanism are processed as standard deletion requests under this Policy.
5. Identity Verification
To protect against unauthorised deletion, we verify your identity before processing email requests — typically by sending a verification link to your registered email, or requesting information only the account holder would know. If we cannot verify your identity within 14 calendar days, we cannot process the request and will notify you; you may re-submit once you can complete verification.
6. What We Delete
On a verified request, we delete or irreversibly anonymise: account profile data (name, display name, profile image); email and authentication identifiers; account preferences and settings; saved favourites and bookmarks; notification preferences; push notification tokens; and device/technical and support-correspondence records. Identified behavioural and usage data (views, clicks, searches, sessions) is irreversibly anonymised or deleted.
7. What We May Retain
We may lawfully retain limited data under GDPR Art. 17(3) or Georgian law, strictly for the purpose justifying it:
- Anonymised analytics — indefinitely (no longer personal data).
- Records of the deletion request — 3 years (demonstrating compliance / defending claims).
- Legal, tax & financial records — as required by law (typically 5–7 years).
- Abuse / fraud / violation records — 3 years or longer if legally required.
- Security & audit logs — 6 months; transactional email records — 12 months.
Retained data is access-restricted and used only for the specific ground justifying it, then permanently deleted.
8. Processing Timeline
We acknowledge a request within 3 business days and complete processing within 30 calendar days of identity verification (extendable by up to two months for complex cases, with notice). After deletion from active systems, a limited data set (email, account identifier, deletion timestamp) is kept for a 90-day safety window for error correction and queries, then permanently deleted. Data may also persist in encrypted backups for up to 90 days as backups rotate; such copies are not used for any processing.
9. Effect of Deletion
On processing, your account is deactivated and you are logged out everywhere; you can no longer sign in with your previous credentials; your profile, favourites, and preferences are removed from active systems; and you stop receiving notifications. Anonymised aggregate statistics that cannot identify you are retained. Deletion is permanent and irreversible once the 90-day safety window expires — if you delete in error, contact security@blendapp.ge within that window and we will make reasonable efforts to pause processing.
Before deleting, you may exercise your right to data portability (GDPR Art. 20) to obtain a copy of your data — email us with the subject “Data Portability Request” and we will provide it within 30 days.
10. Data Held by Third Parties
Our process covers data BLEND holds as controller. Deleting your BLEND account does not delete your Google, Facebook, or Apple account or data those providers hold — contact them directly. We notify our sub-processors of your request and instruct them to delete or anonymise your data under our Data Processing Agreements. If you shared BLEND data with third-party apps, you must contact those services to remove it.
11. Anonymised Data
Data that has been fully and irreversibly anonymised — so it can no longer identify any individual, directly or in combination with other data — is no longer personal data and falls outside erasure rights. BLEND may retain such data indefinitely for statistics, platform improvement, and analytics. Our anonymisation is irreversible and the result cannot be re-identified.
12. Merchant Account Deletion
Merchant deletion is also governed by the Merchant Terms. A request is assessed against any outstanding obligations, active campaigns, or unresolved disputes, which BLEND may require to be resolved first. After termination, merchant business data (business name, registration details, campaign and transaction records) is retained for 36 months for legal, tax, dispute-resolution, and anti-abuse purposes. A merchant representative’s personal data is subject to the same deletion rights as any user. On deletion, the merchant’s published content is unpublished and removed within the processing timeline.
13. Partial Deletion
You may request deletion of specific categories instead of the whole account — for example behavioural/usage data while keeping your account, your profile image or display name, notification history, or saved favourites. Partial deletion will not remove data needed to keep your account working (for example, your email is retained while the account is active). Email security@blendapp.ge with the subject “Partial Data Deletion Request” specifying the categories.
14. Re-Registration After Deletion
After deletion you may create a new account with the same or a different email. A new account starts with no history, preferences, or saved content; BLEND cannot transfer data from a deleted account. Where an account was deleted for a terms violation or abuse, re-registration may be restricted — attempting to re-register to circumvent a ban violates the Terms of Service.
15. Deletion Confirmation
When the process is complete, we send a confirmation to your account email (if still accessible) confirming that your request was processed, the categories deleted, any data retained and its legal basis, and the date the 90-day safety window expires. If you don’t receive confirmation within the expected timeframe, contact security@blendapp.ge to check the status.
16. Other Data Subject Rights
Deletion is one of several rights. Before deleting, consider whether another is more suitable: rectification (correct inaccurate data), restriction (pause processing while you contest accuracy or a claim is pending), objection (stop a specific activity such as marketing without deleting your account), portability (obtain/transfer your data), or withdrawing consent (stop consent-based processing). These are described in full in our Privacy Policy.
17. Complaints & Supervisory Authority
If you believe we have not handled your request lawfully, you may complain to a supervisory authority — in Georgia, the Personal Data Protection Service of Georgia (pdp.gov.ge); in the EU/EEA, the authority in your country of residence, work, or the place of the alleged infringement. We encourage you to contact security@blendapp.ge first so we can try to resolve it directly.
18. Changes to This Policy
We may update this Policy to reflect changes in our practices, the law, or platform operations. For material changes we will notify you by email and/or in-app notification with reasonable prior notice. The “Last updated” date reflects the most recent revision.
19. Contact
For all data deletion requests and related questions, contact BLEND — Privacy & Data Protection:
- Email: security@blendapp.ge (subject: “Data Deletion Request”)
- Website: blendapp.ge
- Address: Apesanteur LLC (შპს „აპესანტირ“), Tbilisi, Georgia