Skip to content
Blisterr

Privacy Policy

Last updated : · v2026-05-28-v2

This policy describes how Blisterr SAS collects, uses and protects the personal data of users of the platform. It complies with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.

1. Confidentiality

Blisterr is committed to protecting the privacy of its users and to handling their personal data with care. Appropriate technical and organisational measures are implemented to preserve the confidentiality, integrity and availability of data, it being understood that no security measure offers absolute protection.

The confidentiality obligation may be lifted in the following cases:

  • where the data concerned has entered the public domain through no fault of Blisterr;
  • where the user expressly consents;
  • where the law, a court decision or a competent authority requires it.

2. Personal data

2.1 Data collected

Data processing relies, depending on the case, on the following legal bases: performance of the contract, compliance with a legal obligation, legitimate interest of Blisterr, or user consent.

Data provided by the user:

  • identity data (first and last name, date of birth);
  • contact details (email, phone, delivery and billing addresses);
  • transaction data (purchase and sale history, orders, payments);
  • exchanges (private messages, reports, reviews, published content — peeks, lives, comments);
  • payment data processed exclusively by Stripe — Blisterr stores no card numbers;
  • identity verification data (sellers) transmitted to Stripe Connect for KYC/AML obligations.

Data collected automatically:

  • technical data (IP address, device type, browser, operating system);
  • navigation data (pages viewed, journeys, session duration);
  • geolocation data, only with explicit consent and according to device settings.

2.2 Purposes of processing

Data is processed to:

  • provide and maintain the services (account management, sale execution, shipping, invoicing);
  • ensure platform security (fraud prevention, abuse prevention, logging);
  • improve the product (usage statistics, user feedback);
  • communicate with the user (transactional notifications, support, marketing with consent);
  • personalise the experience (recommendations, relevant content);
  • meet legal and accounting obligations.

2.3 Recipients and processors

Your data may be shared with:

  • Stripe Payments Europe, Ltd. (Ireland) — payments, seller KYC, payouts;
  • Mondial Relay, La Poste / Colissimo and Chronopost — shipping preparation and tracking;
  • Brevo SAS (France) — transactional and marketing emails;
  • Hetzner Online GmbH (Germany) — application hosting and storage;
  • Cloudflare, Inc. (USA) — CDN, DDoS protection, marketing site hosting;
  • Firebase / Google LLC — mobile push notifications;
  • authorised internal Blisterr teams;
  • administrative and judicial authorities, where the law requires it.

All our processors are bound by contract to confidentiality and security obligations compliant with the GDPR.

2.4 Retention periods

  • Active account data: for the entire duration of account use; deletion or anonymisation 2 years after last interaction on an inactive account.
  • Transaction data and invoices: 10 years from the transaction date (accounting obligation).
  • Seller KYC data: 5 years after the end of the relationship (AML obligation).
  • Technical and security logs: 12 months.
  • Geolocation data: until consent is withdrawn.
  • Cookies and trackers: see the Cookie Policy.

2.5 User rights

Under articles 15 to 22 of the GDPR, you have the following rights:

  • access to your data and right to a copy;
  • rectification of inaccurate or incomplete information;
  • erasure, in the cases provided for by law;
  • restriction of processing;
  • portability, to receive your data in a structured format or have it transmitted to another operator;
  • objection, in particular to direct marketing;
  • withdrawal of consent at any time, without retroactive effect;
  • the right to define post-mortem directives on the fate of your data.

To exercise these rights, write to privacy@blisterr.com or by post to BLISTERR, 3 rue Denis Etcheverry, 64100 Bayonne, France. We respond within one month, extendable by two months for complex requests.

You also have the right to lodge a complaint with the French data protection authority (CNIL), 3 Place de Fontenoy, 75007 Paris — cnil.fr.

2.6 Security

Blisterr implements appropriate technical and organisational measures to protect your data:

  • strict access controls and strengthened administrator authentication;
  • TLS encryption on all communications;
  • encryption at rest for sensitive data;
  • logging of sensitive operations;
  • regular backups and restore tests;
  • regular security tests;
  • incident management policy and notification to the CNIL within 72 hours in case of a significant breach.

2.7 Access and communications

Access to data is restricted to authorised personnel of Blisterr and its processors, strictly within the scope of their duties. No personal data is sold to third parties for commercial purposes without consent.

In the event of restructuring (merger, acquisition, transfer of business), data may be transferred to the successor entity, which shall be bound by the same confidentiality obligations.

2.8 Hosting and transfers outside the EU

Data is hosted within the European Union by Hetzner Online GmbH (Germany).

Some providers (notably Cloudflare, Google, Stripe for certain operations) may transfer data outside the EEA. These transfers are governed by:

  • the Standard Contractual Clauses adopted by the European Commission;
  • the EU-US Data Privacy Framework where it applies;
  • additional technical measures (encryption in transit and at rest).

3. Cookies and trackers

Blisterr uses cookies and similar technologies to operate the platform, measure audience and, where applicable, deliver marketing content.

The categories of cookies, their purposes and consent management are detailed in the Cookie Policy.

Where technically possible, Blisterr respects the Do Not Track signal sent by your browser. Cookies placed by integrated social networks are governed by their own policies.

4. Changes

This policy may be amended. The applicable version is the one in force at the date of the relevant processing. Material changes are notified by email or via the platform.

5. Contact

  • GDPR email: privacy@blisterr.com
  • Postal address: BLISTERR, 3 rue Denis Etcheverry, 64100 Bayonne, France.