Privacy Policy
1. Introduction & Data Controller
BLEND (“we,” “our,” or “us”) is a mobile and web platform that helps users discover promotions, discounts, featured deals, merchant campaigns, and exclusive offers from participating businesses. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use BLEND, including our mobile application and the website at blendapp.ge.
BLEND is a product of Apesanteur LLC (შპს „აპესანტირ“), a limited liability company registered in Georgia, which acts as the Data Controller responsible for processing your personal data as described in this Policy.
For all privacy-related matters, data subject requests, or enquiries, contact us at security@blendapp.ge.
Pursuant to Article 27 of the GDPR, where we direct services at users in the EU/EEA we will appoint a representative established in the European Union. Those details will be published in this Policy upon appointment, before any EU/EEA market launch.
2. Scope & Compliance
This Policy applies to users who access BLEND as consumers, visitors to blendapp.ge, and merchants and business representatives using BLEND merchant functionality.
BLEND collects, uses, and processes personal data in compliance with:
- The Law of Georgia on Personal Data Protection (as amended);
- Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR), where applicable;
- Other applicable data protection and privacy laws in the jurisdictions in which we operate.
By creating an account or otherwise using BLEND, you acknowledge that you have read and understood this Policy. If you do not agree, you must not use our services.
3. Personal Data We Collect
Account & identity data
Email address, authentication-provider identifiers (e.g. Google, Facebook, or Apple), account creation date, username or display name, profile image, and any profile information you submit.
Technical & device data
Device type and model, operating system, app version, language and regional settings, session identifiers, API request metadata (including a hashed or truncated IP address used only for security, rate-limiting, and abuse prevention), crash and diagnostic data, notification preferences, and approximate location derived from device or network information (not precise GPS).
Behavioural & usage data
Offers and stores viewed, favourites and saved content, clicks and interactions with offers and external links, category browsing, search activity, session duration, and push notification interactions.
Merchant & business data
For merchants: business name and legal entity information, contact details, business category, profile data and platform assets, logo, cover and offer images, and promotional campaign and offer metadata.
Website enquiry & launch-list data
If you contact us through a form on blendapp.ge or ask us to notify you about our launch (for example, the coming-soon waitlist), we collect the email address you provide and any message you send. We use it solely to reply to you and, where you requested it, to send launch and early-access updates — on the basis of your consent. You can unsubscribe or ask us to delete this data at any time at security@blendapp.ge; we delete waitlist emails once the launch campaign ends or you unsubscribe, whichever comes first.
Data we do not collect
We do not intentionally collect payment card numbers or banking credentials (handled solely by certified payment processors), government ID documents, biometric identifiers, precise real-time GPS, special categories of data under GDPR Article 9, or personal data of individuals under 16.
4. Lawful Basis for Processing
We process personal data only where a valid lawful basis exists:
- Performance of a contract (GDPR Art. 6(1)(b)) — creating and managing your account, authentication, delivering core functionality, and transactional communications.
- Legitimate interests (Art. 6(1)(f)) — platform performance and reliability, security and fraud prevention, internal analytics, personalisation, and anti-spam, balanced against your rights.
- Consent (Art. 6(1)(a)) — promotional push notifications and marketing, non-essential cookies, and inferring approximate location where you enable it.
- Legal obligation (Art. 6(1)(c)) — responding to lawful requests, keeping legally required records, and meeting financial, tax, and regulatory obligations.
You may object to processing based on legitimate interests, and withdraw consent at any time without affecting the lawfulness of prior processing (see Section 10).
5. How We Use Your Data
- Create and maintain your account and authenticate your identity;
- Provide and maintain platform functionality and merchant tools;
- Personalise offers and operate recommendation, ranking, and featured-content systems;
- Send account, verification, security, and transactional communications, and promotional notifications where permitted;
- Analyse aggregate usage, resolve technical issues, and develop new features;
- Monitor for abuse, fraud, and policy violations and enforce our terms.
We never sell your personal data, and we do not share it for third-party advertising. Analytics provided to merchants are anonymised and aggregated, relate only to that merchant’s own store and offers, and never identify you as an individual.
6. Automated Ranking of Content
BLEND uses automated systems to rank, organise, and display offers and stores in feeds, search, discovery, and featured placements. Ranking and visibility are influenced by factors including paid promotional placements and active campaigns, content freshness, aggregate engagement, relevance and quality signals, anti-abuse signals, and fairness and diversity mechanisms.
These systems determine only the commercial visibility and ordering of promotional content. They do not produce legal effects on you and do not affect your rights, account status, or access to the platform. If you believe an outcome warrants review, contact security@blendapp.ge.
7. Data Sharing & Third Parties
We do not sell your personal data and share it only in limited circumstances:
- Authentication providers — Google, Meta, and Apple, where you use social or third-party sign-in, subject to their own privacy policies.
- Payment processors — certified third parties handle all payment data under PCI-DSS; BLEND does not collect or store card or banking details.
- Service providers / processors — cloud hosting, push delivery, analytics, crash reporting, and email delivery, bound by Data Processing Agreements and prohibited from using your data for their own purposes.
- Legal & safety — where required by law, court order, or competent authority, or to prevent fraud, abuse, or unlawful activity and protect rights and safety.
- Business transfers — in a merger, acquisition, or sale of assets, with prior notice and equivalent protections.
8. International Data Transfers
BLEND is headquartered in Georgia. Processing personal data of individuals in the EU/EEA involves a transfer to Georgia, which is a third country for GDPR purposes and, as of the date of this Policy, has not received an EU adequacy decision.
For such transfers we rely on appropriate safeguards under GDPR Chapter V, including Standard Contractual Clauses (SCCs) approved by the European Commission and any applicable supplementary measures. You may request information about the safeguards we rely on at security@blendapp.ge.
9. Data Retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law. Indicative periods:
- Account & identity data: for the life of your account, plus 90 days after a verified deletion request.
- Behavioural & usage data: 24 months, then irreversibly anonymised or deleted.
- Transactional communications: 12 months; crash & diagnostic data: 6 months.
- Merchant data: for the active relationship, then 36 months after termination.
- Legal, tax & fraud-prevention records: as required by law (minimum 5 years where mandated).
Fully anonymised data is no longer personal data and may be retained indefinitely for statistical and analytics purposes.
10. Your Rights
If you are in the EU/EEA or Georgia, you have the rights to: access your data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; data portability; object to processing based on legitimate interests or to direct marketing; and withdraw consent at any time.
To exercise any right, contact security@blendapp.ge or use in-app account settings where available. We respond to verifiable requests within 30 days (extendable by up to two further months for complex requests, with notice).
You also have the right to lodge a complaint with a supervisory authority. In Georgia: the Personal Data Protection Service of Georgia (pdp.gov.ge). In the EU/EEA: the authority in your country of residence. For full details of deletion, see our Data Deletion Policy.
11. Cookies & Tracking
We use cookies and similar technologies on blendapp.ge and platform-level technologies (such as Firebase SDKs) in our mobile app. Strictly essential cookies are placed without consent; non-essential cookies require your consent. For full details and how to manage your preferences, see our Cookie Policy.
12. Children’s Privacy
BLEND is not directed at, and is not intended for use by, individuals under the age of 16. In line with GDPR Article 8 and Georgian data protection law, we do not knowingly collect personal data from children under 16. If we learn we have inadvertently collected such data, we will delete it without undue delay. If you believe a person under 16 is using BLEND, contact security@blendapp.ge.
13. Security
We apply appropriate technical and organisational measures proportionate to risk, including encryption in transit (TLS), role-based access with least-privilege controls, separation of user, merchant, and administrative roles, secure credential handling, regular security reviews, and incident detection and response.
No system is perfectly secure. In the event of a personal data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and, where the risk is high, affected individuals without undue delay (Art. 34).
14. Content Standards
To keep BLEND safe and lawful, users and merchants must not post content that is obscene or sexually explicit, harassing or hateful, that promotes violence, self-harm, or illegal activity, that impersonates others, that manipulates engagement metrics, or that discloses others’ personal data. Merchant content must relate to genuine, lawful commercial offers and must not be misleading or infringe third-party rights.
We may remove content or restrict, suspend, or terminate accounts that violate these standards. You may appeal a decision by contacting security@blendapp.ge with the subject “Account Appeal”.
15. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date reflects the latest version. For material changes, we will give reasonable prior notice by email and/or a prominent in-app notification, and seek your consent where required by law. Continued use after the effective date constitutes acknowledgement of the updated Policy.
16. Contact Us
For privacy requests, questions, or complaints, contact us:
- Email: security@blendapp.ge
- Website: blendapp.ge
- Address: Apesanteur LLC (შპს „აპესანტირ“), Tbilisi, Georgia