Legal

Privacy Policy

Effective Date: 22 May 2026  ·  Blend Technologies Ltd (United Kingdom)

Blend Technologies is committed to protecting your privacy. This policy applies to all users of our Services globally, including in the United Kingdom, the European Union, and the United States.

1. Who We Are

Blend Technologies LTD is a company registered in England and Wales (company number 17236631), with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We pay the data protection fee to the UK Information Commissioner's Office (ICO); the registration number will be published here once issued.

For UK and EU data protection purposes, Blend Technologies is the Data Controller in respect of client (business user) data and website data, and a Data Processor in respect of end-user data collected through client quizzes — in that case the client operating the quiz is the Data Controller.

Data protection contact. All data protection queries — including requests to exercise your rights, complaints, or questions about this policy — should be directed to contact@blend-technologies.com.

2. Information We Collect

From Clients (Business Users)

  • Name and email address;
  • Company information;
  • Billing information (processed by Stripe — we do not store full payment card details);
  • Account and usage data.

From End Users (via Client Quizzes)

We collect information only when voluntarily provided by the user, which may include:

  • Name and email address (if provided);
  • Health-related information (e.g. goals, symptoms, dietary preferences, conditions), if explicitly submitted;
  • Demographic data (e.g. age, gender), if provided.

Users are not required to provide personal or sensitive data to use the quiz. All data is submitted at the sole discretion of the user.

3. Special Category (Sensitive) Data

Some quizzes may involve health-related information, which constitutes special category data under UK/EU GDPR (Article 9) and sensitive personal information under certain US state laws.

We process this data only when the user has given explicit consent for that specific purpose, and solely to generate personalized recommendations. Clients are responsible for ensuring their quizzes collect this data lawfully and transparently.

4. How We Use Data

We use collected data to:

  • operate and maintain the platform;
  • generate personalized recommendations on behalf of clients;
  • provide analytics and insights to clients (in anonymized or aggregated form only);
  • improve our algorithms and services (using only anonymized and aggregated data);
  • comply with legal obligations;
  • enforce our Terms of Service.

We do not sell personal data. We do not use personal data for automated decision-making that produces significant legal or similarly significant effects on individuals without appropriate human oversight.

We process personal data on the following legal bases:

  • Consent — for special category health data (Article 9(2)(a) GDPR), and for marketing communications;
  • Contractual necessity — to provide services to clients (Article 6(1)(b));
  • Legal obligation — where required by applicable law (Article 6(1)(c));
  • Legitimate interests — to operate, improve, and secure the platform, where such interests are not overridden by the rights of data subjects (Article 6(1)(f)).

Where we rely on legitimate interests, those interests are: securing and maintaining the platform; preventing fraud and abuse; improving our algorithms and services using anonymised and aggregated data; and managing our business relationships with clients. A Legitimate Interest Assessment balancing these interests against the rights and freedoms of data subjects is maintained internally and is available on request. We do not rely on legitimate interests to process special category health data.

6. US Privacy Rights (CCPA/CPRA and other state laws)

For residents of California and other US states with applicable privacy laws:

  • You have the right to know what personal information we collect, use, disclose, and sell;
  • We do not sell personal information;
  • We do not share personal information for cross-context behavioral advertising;
  • You have the right to request deletion of your personal information;
  • You have the right to opt out of the sale or sharing of personal information (not applicable as we do not sell or share);
  • You have the right to non-discrimination for exercising your privacy rights;
  • California residents may submit requests via contact@blend-technologies.com. We will respond within 45 days as required by law.

For residents of Virginia, Colorado, Connecticut, Texas, and other states with applicable privacy legislation, equivalent rights apply to the extent required by applicable law.

7. Data Sharing and Sub-Processors

Data may be shared with:

  • the client who owns the quiz (for end-user data collected through that client's quiz);
  • sub-processors acting on our behalf under written data processing agreements (listed below);
  • law enforcement or regulatory authorities where required by law.

We currently engage the following sub-processors:

  • Render — application and API hosting, including the personalization engine (United States);
  • Bubble — quiz interface and client dashboard hosting (United States);
  • Stripe — payment processing for client billing (United States / Ireland);
  • Airtable — client relationship management and business contact records (United States).

Each sub-processor is bound by a written data processing agreement. We will give clients advance notice of any change to this list. We do not sell personal data to third parties.

8. International Data Transfers

Blend Technologies is based in the United Kingdom. Our platform and API are hosted on infrastructure located in the United States, and several of our sub-processors (see Section 7) are based there. As a result, personal data is transferred outside the UK and the European Economic Area (EEA).

Where such transfers occur, we put an appropriate safeguard in place, namely:

  • the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, for transfers from the UK;
  • the EU Standard Contractual Clauses (Commission Implementing Decision 2021/914) for transfers from the EEA;
  • the EU-US Data Privacy Framework, and its UK Extension, where the receiving sub-processor is certified under it;
  • a transfer risk assessment supporting the chosen mechanism.

The mechanism applicable to each sub-processor is recorded in our internal records of processing activities and, for end-user quiz data, in the Data Processing Agreement between Blend Technologies and the relevant client. Details are available on request.

9. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

  • Client account data: retained for the duration of the contract and deleted within 90 days of account termination, unless retention is required for legal or regulatory purposes;
  • End-user quiz data: retained in accordance with the client's instructions and deleted within 90 days of client account termination;
  • Billing records: retained for 7 years in accordance with UK financial record-keeping requirements;
  • Marketing and CRM data (business contacts and prospects): retained while there is an active or prospective business relationship, and deleted or anonymised within 24 months of the last meaningful contact, or sooner on request;
  • Server and application logs (which may contain pseudonymous identifiers): retained in line with our hosting provider's standard log retention period and not exported to third parties;
  • Anonymized and aggregated data: may be retained indefinitely as it no longer constitutes personal data.

10. User Rights

Under UK/EU GDPR and applicable US state laws, you may have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to processing;
  • Data portability (receive your data in a structured, machine-readable format);
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal;
  • Lodge a complaint with a supervisory authority (in the UK: the ICO at ico.org.uk; in the EU: your national data protection authority).

Requests should be sent to contact@blend-technologies.com. We will respond within 30 days (or 45 days for CCPA requests).

11. Cookies

Our website uses a small number of cookies and similar technologies:

  • Essential cookies — required for the site to function and to remember your cookie preference. These do not require consent.
  • Demo booking (Calendly) — if you accept, we load Calendly's scheduling widget so you can book a demo. Calendly sets its own cookies, governed by Calendly's privacy notice. This is loaded only with your consent.

We do not use advertising or analytics tracking cookies on this website. When you first visit, a cookie banner lets you accept or reject non-essential cookies, and the site works either way. You can change your choice at any time using the “Cookie settings” link in the footer.

12. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction, in accordance with Article 32 GDPR. These include encryption in transit and at rest, access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security.

13. Children

Our Services are intended only for individuals aged 18 or over. Client quizzes must include an age-confirmation step, and the platform is not designed to collect personal data from anyone under 18. We do not knowingly collect personal data from minors. If you believe a person under 18 has provided data through our platform, contact us immediately at contact@blend-technologies.com and we will delete it.

14. Contact and Complaints

For privacy-related queries or to exercise your rights: contact@blend-technologies.com

UK residents may also contact the ICO: ico.org.uk  /  0303 123 1113