Privacy Policy
Last updated: March 20, 2026
For questions about your data in connection with using Bloom for dog care and pet borrowing, see Contact.
Bloom Pet Ltd. carries on doing business using the trade name Bloom. In these Terms, "Bloom", "we", "us", and "our" refer to Bloom Pet Ltd.
BN: 702400763BC0002 - 702400763BC0001.
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in connection with the Bloom platform. It is intended to reflect our privacy practices under applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA).
1. Accountability
Bloom Pet Ltd. is responsible for personal information under its control. We have designated a Privacy Officer to oversee our privacy management practices, respond to privacy requests, and handle complaints.
Privacy Officer
- Name: Giulio La Medica
- Email: privacy@bloompetshare.ca
- Address: 535 Smithe Street, Vancouver, BC V6B 0H2
We also use contractual, technical, and organizational measures intended to help protect personal information handled for us by service providers.
2. Purposes for Collection, Use, and Disclosure
We collect, use, and disclose personal information for limited and specific purposes, including to:
- create, maintain, and secure accounts;
- verify identity and support trust and safety features;
- facilitate communication and interactions between users;
- process subscriptions, payments, and related records;
- provide customer support and respond to reports or complaints;
- operate security, fraud prevention, moderation, and incident response systems;
- provide optional location-based or booking-related features where enabled;
- improve platform functionality, reliability, and user experience;
- comply with legal, regulatory, tax, accounting, insurance, or law-enforcement requirements where applicable.
We aim to identify these purposes before or at the time of collection, or before using personal information for a new purpose where additional notice or consent is required.
Service providers (examples)
Depending on features you use, personal information may be processed by service providers such as Stripe (payments and identity verification), Supabase (database and authentication infrastructure), Vercel (hosting and edge delivery), and Google (for example, geocoding where address lookup is used). Each processes information only as needed for their function and under contractual terms we rely on where appropriate.
3. Consent
We seek consent in a manner appropriate to the sensitivity of the information and the reasonable expectations of the individual. Depending on the circumstances, consent may be express, implied, or deemed where permitted by law.
We rely on implied or contextual consent only where the purpose is obvious and the individual would reasonably expect the collection, use, or disclosure.
Examples of express consent
- Uploading profile photos or pet photos
- Submitting government ID or selfie information through a verification provider
- Opting in to marketing emails
- Enabling optional location-sharing or booking-related check-in features
- Providing highly sensitive information such as emergency details or special care instructions
Examples of implied or contextual consent where appropriate
- Using your email address to create and authenticate your account
- Sending service communications such as receipts, support responses, and account notices
- Using payment and transaction information to complete a purchase you requested
Withdrawing consent
Subject to legal or contractual restrictions and reasonable notice, you may withdraw consent to certain collections, uses, or disclosures. In some cases, withdrawal may limit your ability to use parts of the platform or certain trust, safety, verification, or payment-related features.
Where we send marketing communications, we comply with applicable Canadian anti-spam laws. You may withdraw consent to receive marketing communications at any time using the unsubscribe mechanism in the message or by contacting us.
4. Limiting Collection
We limit our collection of personal information to what is reasonably necessary for the purposes described in this Policy.
Account information
- Name
- Email address
- Phone number, if provided
- Address details or postal code, if required for platform features or verification
- Authentication credentials and security-related account data
Profile and pet information
- Profile photos, bios, and account preferences
- Pet names, images, and related descriptive information you choose to provide
Messaging and activity data
- Messages exchanged through the platform
- Timestamps, delivery status, read status, and related metadata
- Booking, moderation, support, or report-related records
- Notification-related metadata tied to message and booking alerts where enabled
Verification and safety information
- Identity-verification status and related metadata returned by our verification provider
- Address-verification or safety-review information that you voluntarily submit or that is reasonably required for a feature or safety review
If identity documents or selfies are processed through a third-party provider, that provider may process or temporarily retain that information under its own terms and privacy documentation. Bloom does not claim to store government ID images unless expressly stated at the point of collection.
Payment information
- Transaction and receipt information
- Billing-related details
- Payment card details are processed by our payment provider and are not stored by Bloom in full card-number form
Location data
- General location information, if you provide it or enable location features
- Device-level location permissions for optional features
- Check-in or session-related location sharing only where enabled by you
Technical and usage data
- IP address
- Browser and device information
- Session logs, crash data, and analytics or performance information
- Push-subscription endpoint data and related browser/device notification metadata when you enable browser notifications
5. Limiting Use, Disclosure, and Retention
We use and disclose personal information only for the purposes for which it was collected, for compatible purposes, with consent where required, or as otherwise permitted or required by law.
Examples of retention periods
- Active account data: retained while the account remains active
- Deleted-account records: retained for a limited period where reasonably necessary for disputes, fraud prevention, security reviews, chargebacks, tax, accounting, or legal compliance
- Transaction records: retained as required for accounting, tax, and audit purposes
- Support, safety, and incident records: retained for as long as reasonably necessary to review reports, resolve disputes, and protect users, pets, and the platform
- Analytics data: retained in aggregated or de-identified form where feasible
Retention periods may vary depending on the type of information, the feature involved, and our legal obligations. When personal information is no longer reasonably required, we delete it, de-identify it, or securely destroy it.
6. Accuracy
We take reasonable steps to keep personal information as accurate, complete, and up to date as necessary for the purposes for which it is used. You may update certain information through your account, and you may also request corrections by contacting our Privacy Officer.
7. Safeguards
We protect personal information with safeguards appropriate to the sensitivity of the information.
Examples of safeguards
- HTTPS / TLS encryption in transit
- Access controls and role-based restrictions
- Authentication and account-security controls
- Logging, monitoring, and incident-response procedures
- Use of service providers with defined security responsibilities
- Secure development and maintenance practices
No method of transmission over the Internet or electronic storage is completely secure. We therefore cannot guarantee absolute security, but we aim to reduce risk through reasonable safeguards.
7.1 Data Breach Response
Bloom maintains procedures for assessing, containing, documenting, and responding to privacy and security incidents.
Federal reporting obligations
Where a breach of security safeguards creates a real risk of significant harm, we will report it to the Office of the Privacy Commissioner of Canada and notify affected individuals as required by applicable federal law. We also keep records of breaches as required by law.
BC context and our approach
We apply a consistent breach response process and may notify affected individuals, regulators, service providers, insurers, or other parties where notification is appropriate to reduce harm, satisfy legal obligations, or support incident response.
Privacy breach contact
- Privacy Officer: Giulio La Medica
- Email: privacy@bloompetshare.ca
- Address: 535 Smithe Street, Vancouver, BC V6B 0H2
8. Openness
We make information about our privacy practices available through this Privacy Policy and through our Privacy Officer.
This Policy is intended to describe, in understandable terms, what personal information we collect, how we use it, when we disclose it, how long we keep it, and how you can contact us about it.
9. Access, Correction, and Account Export
Subject to legal exceptions, you may request access to the personal information we hold about you and request correction of inaccurate information.
How to make a request
- Your full name
- The email address associated with your account
- A description of the records or information requested
We will respond within the time required by applicable law, subject to lawful extensions or exceptions.
We may provide access at minimal or no cost. If a fee is permitted and appropriate, we will tell you the approximate amount first.
Where technically available, we may also offer an account export or downloadable copy of certain account information. Any such export is offered as an operational feature and does not replace or expand your legal access rights.
10. Challenging Compliance
If you have a concern or complaint about our privacy practices, please contact our Privacy Officer first so we can review and respond.
- Privacy Officer: Giulio La Medica
- Email: privacy@bloompetshare.ca
- Mail: 535 Smithe Street, Vancouver, BC V6B 0H2
If you are not satisfied with our response, you may contact the appropriate privacy regulator.
Office of the Privacy Commissioner of Canada
- Website: www.priv.gc.ca
- Phone: 1-800-282-1376
- Address: 30 Victoria Street, Gatineau, QC K1A 1H3
Office of the Information and Privacy Commissioner for British Columbia
- Website: www.oipc.bc.ca
- Phone: 250-387-5629
- Address: PO Box 9038 Stn Prov Govt, Victoria, BC V8W 9A4
Disclosure Required by Law
Bloom may disclose personal information where required or permitted by law, including in response to court orders, subpoenas, regulatory requests, or lawful access requests by government authorities.
We may also disclose information where reasonably necessary to:
- comply with legal obligations;
- protect the safety of users, animals, or the public;
- detect, prevent, or investigate fraud, abuse, or security issues;
- enforce our Terms of Service or other policies.
Cross-Border Processing
Bloom is based in British Columbia, Canada. Some service providers we use may process or store personal information outside British Columbia or outside Canada, for example, in the United States where common infrastructure providers for hosting, payments, databases, or verification operate.
When personal information is processed in another jurisdiction, it may be accessible to courts, law-enforcement agencies, national-security authorities, or regulators in that jurisdiction in accordance with local law.
How we address this
- We limit the information shared to what is reasonably necessary
- We use service providers for defined business functions
- We use contractual and operational measures intended to provide a comparable level of protection
- We apply security controls such as access restrictions and encryption where appropriate
Children's Privacy
Bloom is not intended for individuals under 19 years of age. We do not knowingly permit minors to create accounts for use of the platform.
We recognize that users may, in some cases, upload content that includes images or information about minors (for example, photos taken in everyday settings). By uploading such content, you confirm that you have the legal authority and appropriate consent to share that information. We do not knowingly collect personal information directly from minors for the purpose of providing them services. If we become aware that an account has been created or used in breach of this rule, or that personal information of a minor has been collected inappropriately, we may suspend or close the account and delete associated information, subject to legal, security, fraud-prevention, or safety-related retention requirements.
BC PIPA
Bloom is based in British Columbia and is subject to BC PIPA in addition to applicable federal law. BC PIPA governs the collection, use, and disclosure of personal information by private-sector organizations in British Columbia and requires that those activities be for purposes a reasonable person would consider appropriate in the circumstances.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our services, privacy practices, technology, or legal obligations.
When we make material changes, we will update the "Last updated" date and may also provide additional notice through the website, application, or email where appropriate. If a change requires additional consent under applicable law, we will seek that consent.
Contact Information
For privacy-related questions, requests, or complaints, contact our Privacy Officer:
- Privacy Officer: Giulio La Medica
- Privacy Email: privacy@bloompetshare.ca
- General Inquiries: hello@bloompetshare.ca
- Support: support@bloompetshare.ca
- Mail: 535 Smithe Street, Vancouver, BC V6B 0H2
- Contact Page: bloompetshare.ca/contact