Privacy policy

Last updated: May 2026

At Blimp, we take your privacy seriously. This policy explains what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).

1. Who we are

Currently operated by: Diana Aya Falkenberger Strasse 160, 13088 Berlin Germany. Email: hello@we-blimp.com

Future entity: Blimp GbR (in Gründung), represented by Diana Aya and Liubov Höpfner. This policy will be updated once registration is complete; this will not change how your data is handled.

2. What data we collect

  • Account data: name, email address, password (hashed), and account preferences

  • Content you provide: information you enter into the Blimp canvas and related tools (your business ideas, plans, and related content)

  • Usage data: how you interact with the Service (e.g., features used, session activity)

  • Beta application data: if you applied for beta access, the information you submitted in that application

  • Communications: messages you send us (e.g., support requests)

3. How we use your data

We use your data to:

  • Provide and operate the Service, including AI-assisted features

  • Maintain your account and respond to support requests

  • Improve the Service based on aggregated, non-identifying usage patterns

  • Communicate with you about your account or material changes to the Service

We do not use the content you enter into Blimp to train AI models, and we do not sell, share, or distribute your business information to third parties for marketing or any other purpose.

4. Legal basis for processing

We process your data based on:

  • Contract (Art. 6(1)(b) GDPR) — to provide the Service you signed up for

  • Legitimate interest (Art. 6(1)(f) GDPR) — to maintain and improve the Service

  • Consent (Art. 6(1)(a) GDPR) — where required, e.g., for certain cookies (see Cookie Policy)

5. Who we share data with

We use the following service providers ("processors") to operate Blimp:

Hosting and database Supabase, hosted in the EU (Frankfurt, Germany).

AI processing To power certain in-app features, the relevant input is sent to the following providers, only as needed to generate a response to your request:

  • Lovable AI Gateway (using Google Gemini models) — for the in-app help chat

  • OpenAI (Whisper) — for voice-to-text transcription, if you use voice input

  • Perplexity AI — for deep research / search features

Payments: Stripe

Beta application handling: Make.com and ClickUp, used to process and manage beta access applications

Website hosting: Framer

We do not permit any provider to use your data for their own purposes, including AI model training.

International data transfers

Our hosting (Supabase) is located in the EU. The AI providers listed above (Lovable AI Gateway, OpenAI, and Perplexity AI) are based in the United States. When you use features that rely on these providers — such as the help chat, voice-to-text, or deep research search — the relevant data (e.g., your message, audio, or search query) is transferred to the US for processing.

Where this occurs, we rely on appropriate safeguards under GDPR. The providers listed above include Standard Contractual Clauses (SCCs), or equivalent GDPR transfer mechanisms, as part of their standard data processing terms.

6. Data retention

We retain your account data and content for as long as your account is active. If you delete your account, your data is deleted in line with the process described in Section 7, except where we are required to retain certain information by law.

7. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate data

  • Request deletion of your data

  • Export your data (data portability)

  • Object to or restrict certain processing

  • Withdraw consent where processing is based on consent

You can access, export, and delete your account data directly via your account settings. For any other requests, contact us at hello@we-blimp.com.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your residence or place of work.

8. Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse. No system is completely secure, and we cannot guarantee absolute security.

9. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

10. Changes to this policy

We may update this policy as Blimp evolves. We will notify you of material changes by email or in-app notification at least 14 days before they take effect.

11. Contact

Questions about this policy or your data: hello@we-blimp.com