Privacy Policy

Last updated: April 2026

Introduction

Blueberry. (“we”, “us”, “our”) respects your privacy. This policy explains what data we collect, why we collect it, and what rights you have. We are fully GDPR compliant and store your data within the European Union.

By using Blueberry., you agree to this policy.

Data Controller

Blueberry. is the data controller for the personal information we collect.

Blueberry.

Portugal

Email: general@blueberry-analytics.com

What Data We Collect

Account information

  • Name: to personalise your experience.
  • Email: for login, communication, and account recovery.
  • Organisation: to group projects and team members.
  • Password: encrypted, never stored in plain text.

Usage data

  • Files you upload: stored securely in EU-region storage. Used only to build your dashboards.
  • Project configurations: the schema, metrics, and settings you create.
  • Audit logs: records of uploads, modifications, and deletions for security and debugging.
  • Browser and device info: standard analytics for service reliability.

We don't collect data we don't need. We don't use your data to train AI models ourselves — see the Data Sharing section below for how our AI providers handle the small samples we send for schema analysis.

How We Use Your Data

We use your data to:

  • Provide and maintain the Blueberry. service.
  • Build and update your dashboards.
  • Authenticate you and protect your account.
  • Communicate with you about your account or service updates.
  • Comply with legal obligations.

We never sell your data to third parties.

Legal Basis (GDPR)

We process your data under the following legal bases:

  • Contract: to deliver the service you signed up for.
  • Legitimate interest: to keep the service secure and improve reliability.
  • Legal obligation: to comply with EU and Portuguese law.
  • Consent: for optional features that require explicit opt-in.

Data Sharing

We use trusted third-party providers to operate the service. Your data is shared only as necessary:

Supabase (EU region)

Database, authentication, and file storage. All data stays within the EU.

Stripe

Payment processing for subscriptions. We never see or store your card details.

Vercel

Hosting and serverless functions on a global edge network.

Anthropic and xAI (AI providers)

Schema analysis only. Column names and a small data sample (around 30 rows) are sent — never your full dataset. These providers process the sample under their own privacy policies; we recommend reviewing them if you handle sensitive information.

Microsoft Outlook

Email communication for account-related messages.

We choose providers that offer GDPR-compliant infrastructure and EU data hosting where available.

Data Retention

We keep your data only as long as necessary to provide the service:

  • Active accounts: for as long as your account is active.
  • Deleted files: removed from storage when you delete them, along with the dashboards built from them.
  • Closed accounts: deleted on request, except where law requires longer retention.
  • Backups: encrypted and managed through our infrastructure provider.

You can request deletion of your data at any time by contacting us.

Your Rights

Under GDPR, you have the right to:

  • Access: request a copy of the data we hold about you.
  • Rectification: correct inaccurate information.
  • Erasure: request deletion of your data (the “right to be forgotten”).
  • Portability: receive your data in a machine-readable format.
  • Restriction: limit how we process your data.
  • Objection: object to specific types of processing.
  • Withdraw consent: at any time, where consent is the legal basis.

To exercise any of these rights, email us at general@blueberry-analytics.com.

Data Security

We take security seriously:

  • All data encrypted at rest and in transit (TLS).
  • Multi-tenant isolation at the database schema level.
  • Strict access controls and authentication.
  • Regular security reviews.
  • Backups encrypted and stored in EU regions.

Cookies

We use only essential cookies required for authentication and service functionality. We do not use tracking or advertising cookies.

Children's Privacy

Blueberry. is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

International Transfers

Your personal data is primarily processed and stored within the European Union. Where a third-party provider (such as our AI providers) operates outside the EU, we rely on safeguards recognised under GDPR — such as Standard Contractual Clauses — to protect your data.

Changes to This Policy

We may update this policy occasionally. When we do, we'll update the “Last updated” date and notify active users by email if changes are significant.

Contact

For privacy-related questions or to exercise your rights:

Email: general@blueberry-analytics.com

You also have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the Portuguese data protection authority, or your local EU supervisory authority.