This Privacy Policy describes how BloomJoy, Inc. (doing business as “Fondo”) (“Fondo,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you access or use our websites, applications, and related services (collectively, the “Service”). It also explains your privacy rights and how the law protects you.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Interpretation

Words with initial capitalization have meanings defined below. Definitions apply regardless of whether used in singular or plural.

Definitions

For purposes of this Privacy Policy:

• Account means a unique account created for you to access the Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party.
• Application means the software program provided by Fondo.
• Business Customer means a company or other organization that purchases or uses the Service for business purposes.
• Company (“Fondo,” “we,” “us,” “our”) refers to BloomJoy, Inc. (Fondo), 721 Bay St., San Francisco, CA 94109, United States.
• Consumer has the meaning set forth under California privacy law (including CCPA/CPRA), where applicable.
• Cookies means small files placed on your device that store information about your use of the Service.
• Data Controller (GDPR) means the entity that determines the purposes and means of processing Personal Data.
• Data Processor (GDPR) means the entity that processes Personal Data on behalf of a Data Controller.
• Device means any device that can access the Service (computer, phone, tablet).
• Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual.
• Sensitive Personal Information has the meaning under California privacy law and generally includes certain government identifiers, financial account information, precise geolocation, and other sensitive categories described below.
• Service Provider means a third party that processes data on our behalf.
• Usage Data means data collected automatically from your use of the Service.
• You means the individual using the Service, or the entity on whose behalf the Service is used.

2. Scope: Individual Users and Business-Customer Data

Fondo provides services to Business Customers. When a Business Customer uses the Service, Fondo may process Personal Data as part of providing the Service (for example, bookkeeping, tax preparation support, payroll or accounting integrations, or related communications).

• In many cases, the Business Customer is the Data Controller and Fondo is a Data Processor for that data.
• This Privacy Policy applies to information Fondo collects as a Data Controller (e.g., website visitors, marketing leads, customer contacts, and account owners) and to certain data processed to provide the Service.

If you are using Fondo on behalf of a Business Customer, your use may also be governed by your organization’s agreement with Fondo.

3. Information We Collect

3.1 Personal Data You Provide

Depending on how you use the Service, we may collect:

• Contact information: name, email, phone number, mailing address
• Account information: login credentials, account preferences
• Business information: company name, role/title, incorporation details
• Support and communications: messages you send to us, support tickets, call notes
• Billing information: billing contact details (payment card details are typically handled by our payment processors; see below)

3.2 Financial and Tax-Related Data (Service Data)

If you use Fondo’s accounting/tax services or connect third-party systems, we may process information such as:

• Business financial records (transactions, balances, statements)
• Payroll-related information
• Tax-related information (tax forms, filings, EIN, other tax identifiers)
• Vendor/customer lists and invoices
• Accounting system data (e.g., QuickBooks data if connected)

3.3 Sensitive Personal Information

We may collect or process Sensitive Personal Information when necessary to provide the Service, including:

• Government identifiers (e.g., SSN, EIN, other tax identifiers)
• Financial account information and transaction data (as required for accounting services)
• Credentials and authentication data (where applicable)
• In limited cases, other data you provide that may be sensitive

We do not use Sensitive Personal Information to infer characteristics about you, and we use it only as necessary to provide and secure the Service, comply with law, and perform our contracts.

3.4 Usage Data (Automatically Collected)

Usage Data may include:

• IP address, browser type/version, device identifiers
• Pages viewed, time spent, referral URLs
• Diagnostics and performance data
• Mobile device information (if applicable)

3.5 Cookies and Similar Technologies

We use Cookies and similar technologies for:

• Essential site functionality
• Analytics and performance
• Security and fraud prevention
• Remembering preferences

You can control Cookies through your browser settings. Some features of the Service may not function properly without Cookies.

4. How We Use Information

We may use Personal Data to:

• Provide, operate, maintain, and improve the Service
• Create and manage accounts
• Provide customer support and respond to inquiries
• Process transactions and send related notices
• Communicate about service updates, security alerts, and administrative messages
• Send marketing communications (you can opt out; see below)
• Monitor usage, troubleshoot, and improve performance
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with legal obligations and enforce our agreements
• Evaluate or conduct business transfers (merger, acquisition, financing, etc.)

5. How We Disclose Information

We may disclose Personal Data:

5.1 Service Providers and Subprocessors

We share information with trusted Service Providers who help us operate the Service (e.g., hosting, analytics, CRM, email delivery, payments, customer support). These providers are contractually restricted from using your information for purposes other than providing services to us.

Examples of common categories (and typical vendors) include:

• Payments: Stripe
• Accounting integrations: Intuit (QuickBooks)
• Analytics: Google Analytics (GA4)
• CRM / customer communications: HubSpot
• Email marketing: Mailchimp (if used)
• Infrastructure / hosting / monitoring: cloud hosting and logging providers

If you want, create a simple “Subprocessors” page and link it here so you can update vendors without rewriting the policy.

5.2 Business Transfers

If we’re involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

5.3 Legal and Safety

We may disclose information if we believe disclosure is necessary to:

• Comply with law or legal process
• Protect rights, property, or safety of Fondo, users, or others
• Prevent fraud, security incidents, or misuse of the Service

5.4 With Your Consent

We may disclose information for other purposes with your consent or at your direction.

6. Advertising, “Sale,” and “Sharing” (California)

6.1 No Sale of Personal Information

Fondo does not sell Personal Information as that term is commonly understood.

6.2 Sharing for Cross-Context Behavioral Advertising

We do not share Personal Information for cross-context behavioral advertising (as defined under California law) unless we explicitly state otherwise and provide an opt-out mechanism.

If we ever implement advertising technologies that constitute “sharing” under California law, we will update this Policy and provide the right to opt out.

7. Data Retention

We retain Personal Data only as long as reasonably necessary for the purposes described in this Policy, including to comply with legal obligations, resolve disputes, enforce agreements, and operate the Service.

Typical retention periods (may vary based on legal/contract requirements):

• Account and customer records: for the life of the account, and for a reasonable period thereafter
• Tax/financial service data: commonly 7 years (or longer if required by law/contract)
• Support communications: typically up to 3 years
• Marketing records: until you opt out, then a suppression record to honor your preferences
• Analytics data: typically 14–26 months depending on configuration

8. Security

We use administrative, technical, and physical safeguards designed to protect Personal Data, including (as appropriate):

• Encryption in transit (TLS)
• Access controls and least-privilege practices
• Monitoring, logging, and security alerting
• Vendor risk management and contractual restrictions for Service Providers

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International Transfers

Your information may be processed in the United States and other locations where our Service Providers operate. Where required by law (e.g., for EEA/UK transfers), we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

10. Your Choices

10.1 Marketing Emails

You can opt out of marketing emails by using the unsubscribe link in our emails. You may still receive non-marketing communications (e.g., billing, security, or account notices).

10.2 Cookies

You can control Cookies through browser settings. Some site features may not work if Cookies are disabled.

11. Your Privacy Rights

11.1 GDPR / EEA / UK Rights

If you are in the EEA/UK (or another jurisdiction with similar rights), you may have the right to:

• Access your Personal Data
• Correct inaccurate data
• Delete data (subject to exceptions)
• Object to or restrict processing
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with your local data protection authority

11.2 California Rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what Personal Information we collect, use, and disclose
• Access specific pieces of Personal Information
• Delete Personal Information (subject to exceptions)
• Correct inaccurate Personal Information
• Opt out of sale/sharing (if applicable)
• Limit the use/disclosure of Sensitive Personal Information (where applicable)
• Not be discriminated against for exercising your rights

How to exercise rights:
Email us at d@tryfondo.com. We will verify your request (which may require confirming certain information). Authorized agents may submit requests where permitted by law.

Response timing:
We generally respond within 45 days, with extensions as permitted by law.

12. Do Not Track

Some browsers offer “Do Not Track” signals. The Service does not currently respond to DNT signals.

13. Children’s Privacy

The Service is not intended for children, and we do not knowingly collect Personal Data from children under 16. If you believe a child has provided Personal Data, contact us and we will take appropriate steps to delete it.

14. Links to Other Websites

Our Service may contain links to third-party sites. We are not responsible for their privacy practices. Review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Policy and revise the “Last updated” date. If changes are material, we will provide additional notice as required by law.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

BloomJoy, Inc. (Fondo)
77 Geary St.
San Francisco, CA 94109
United States
Email: hi@tryfondo.com

Privacy Policy

Last updated: February 26, 2026

This Privacy Policy describes how BloomJoy, Inc. (doing business as “Fondo”) (“Fondo,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you access or use our websites, applications, and related services (collectively, the “Service”). It also explains your privacy rights and how the law protects you.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Interpretation

Words with initial capitalization have meanings defined below. Definitions apply regardless of whether used in singular or plural.

Definitions

For purposes of this Privacy Policy:

• Account means a unique account created for you to access the Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party.
• Application means the software program provided by Fondo.
• Business Customer means a company or other organization that purchases or uses the Service for business purposes.
• Company (“Fondo,” “we,” “us,” “our”) refers to BloomJoy, Inc. (Fondo), 721 Bay St., San Francisco, CA 94109, United States.
• Consumer has the meaning set forth under California privacy law (including CCPA/CPRA), where applicable.
• Cookies means small files placed on your device that store information about your use of the Service.
• Data Controller (GDPR) means the entity that determines the purposes and means of processing Personal Data.
• Data Processor (GDPR) means the entity that processes Personal Data on behalf of a Data Controller.
• Device means any device that can access the Service (computer, phone, tablet).
• Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual.
• Sensitive Personal Information has the meaning under California privacy law and generally includes certain government identifiers, financial account information, precise geolocation, and other sensitive categories described below.
• Service Provider means a third party that processes data on our behalf.
• Usage Data means data collected automatically from your use of the Service.
• You means the individual using the Service, or the entity on whose behalf the Service is used.

2. Scope: Individual Users and Business-Customer Data

Fondo provides services to Business Customers. When a Business Customer uses the Service, Fondo may process Personal Data as part of providing the Service (for example, bookkeeping, tax preparation support, payroll or accounting integrations, or related communications).

• In many cases, the Business Customer is the Data Controller and Fondo is a Data Processor for that data.
• This Privacy Policy applies to information Fondo collects as a Data Controller (e.g., website visitors, marketing leads, customer contacts, and account owners) and to certain data processed to provide the Service.

If you are using Fondo on behalf of a Business Customer, your use may also be governed by your organization’s agreement with Fondo.

3. Information We Collect

3.1 Personal Data You Provide

Depending on how you use the Service, we may collect:

• Contact information: name, email, phone number, mailing address
• Account information: login credentials, account preferences
• Business information: company name, role/title, incorporation details
• Support and communications: messages you send to us, support tickets, call notes
• Billing information: billing contact details (payment card details are typically handled by our payment processors; see below)

3.2 Financial and Tax-Related Data (Service Data)

If you use Fondo’s accounting/tax services or connect third-party systems, we may process information such as:

• Business financial records (transactions, balances, statements)
• Payroll-related information
• Tax-related information (tax forms, filings, EIN, other tax identifiers)
• Vendor/customer lists and invoices
• Accounting system data (e.g., QuickBooks data if connected)

3.3 Sensitive Personal Information

We may collect or process Sensitive Personal Information when necessary to provide the Service, including:

• Government identifiers (e.g., SSN, EIN, other tax identifiers)
• Financial account information and transaction data (as required for accounting services)
• Credentials and authentication data (where applicable)
• In limited cases, other data you provide that may be sensitive

We do not use Sensitive Personal Information to infer characteristics about you, and we use it only as necessary to provide and secure the Service, comply with law, and perform our contracts.

3.4 Usage Data (Automatically Collected)

Usage Data may include:

• IP address, browser type/version, device identifiers
• Pages viewed, time spent, referral URLs
• Diagnostics and performance data
• Mobile device information (if applicable)

3.5 Cookies and Similar Technologies

We use Cookies and similar technologies for:

• Essential site functionality
• Analytics and performance
• Security and fraud prevention
• Remembering preferences

You can control Cookies through your browser settings. Some features of the Service may not function properly without Cookies.

4. How We Use Information

We may use Personal Data to:

• Provide, operate, maintain, and improve the Service
• Create and manage accounts
• Provide customer support and respond to inquiries
• Process transactions and send related notices
• Communicate about service updates, security alerts, and administrative messages
• Send marketing communications (you can opt out; see below)
• Monitor usage, troubleshoot, and improve performance
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with legal obligations and enforce our agreements
• Evaluate or conduct business transfers (merger, acquisition, financing, etc.)

5. How We Disclose Information

We may disclose Personal Data:

5.1 Service Providers and Subprocessors

We share information with trusted Service Providers who help us operate the Service (e.g., hosting, analytics, CRM, email delivery, payments, customer support). These providers are contractually restricted from using your information for purposes other than providing services to us.

Examples of common categories (and typical vendors) include:

• Payments: Stripe
• Accounting integrations: Intuit (QuickBooks)
• Analytics: Google Analytics (GA4)
• CRM / customer communications: HubSpot
• Email marketing: Mailchimp (if used)
• Infrastructure / hosting / monitoring: cloud hosting and logging providers

If you want, create a simple “Subprocessors” page and link it here so you can update vendors without rewriting the policy.

5.2 Business Transfers

If we’re involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

5.3 Legal and Safety

We may disclose information if we believe disclosure is necessary to:

• Comply with law or legal process
• Protect rights, property, or safety of Fondo, users, or others
• Prevent fraud, security incidents, or misuse of the Service

5.4 With Your Consent

We may disclose information for other purposes with your consent or at your direction.

6. Advertising, “Sale,” and “Sharing” (California)

6.1 No Sale of Personal Information

Fondo does not sell Personal Information as that term is commonly understood.

6.2 Sharing for Cross-Context Behavioral Advertising

We do not share Personal Information for cross-context behavioral advertising (as defined under California law) unless we explicitly state otherwise and provide an opt-out mechanism.

If we ever implement advertising technologies that constitute “sharing” under California law, we will update this Policy and provide the right to opt out.

7. Data Retention

We retain Personal Data only as long as reasonably necessary for the purposes described in this Policy, including to comply with legal obligations, resolve disputes, enforce agreements, and operate the Service.

Typical retention periods (may vary based on legal/contract requirements):

• Account and customer records: for the life of the account, and for a reasonable period thereafter
• Tax/financial service data: commonly 7 years (or longer if required by law/contract)
• Support communications: typically up to 3 years
• Marketing records: until you opt out, then a suppression record to honor your preferences
• Analytics data: typically 14–26 months depending on configuration

8. Security

We use administrative, technical, and physical safeguards designed to protect Personal Data, including (as appropriate):

• Encryption in transit (TLS)
• Access controls and least-privilege practices
• Monitoring, logging, and security alerting
• Vendor risk management and contractual restrictions for Service Providers

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International Transfers

Your information may be processed in the United States and other locations where our Service Providers operate. Where required by law (e.g., for EEA/UK transfers), we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

10. Your Choices

10.1 Marketing Emails

You can opt out of marketing emails by using the unsubscribe link in our emails. You may still receive non-marketing communications (e.g., billing, security, or account notices).

10.2 Cookies

You can control Cookies through browser settings. Some site features may not work if Cookies are disabled.

11. Your Privacy Rights

11.1 GDPR / EEA / UK Rights

If you are in the EEA/UK (or another jurisdiction with similar rights), you may have the right to:

• Access your Personal Data
• Correct inaccurate data
• Delete data (subject to exceptions)
• Object to or restrict processing
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with your local data protection authority

11.2 California Rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what Personal Information we collect, use, and disclose
• Access specific pieces of Personal Information
• Delete Personal Information (subject to exceptions)
• Correct inaccurate Personal Information
• Opt out of sale/sharing (if applicable)
• Limit the use/disclosure of Sensitive Personal Information (where applicable)
• Not be discriminated against for exercising your rights

How to exercise rights:
Email us at d@tryfondo.com. We will verify your request (which may require confirming certain information). Authorized agents may submit requests where permitted by law.

Response timing:
We generally respond within 45 days, with extensions as permitted by law.

12. Do Not Track

Some browsers offer “Do Not Track” signals. The Service does not currently respond to DNT signals.

13. Children’s Privacy

The Service is not intended for children, and we do not knowingly collect Personal Data from children under 16. If you believe a child has provided Personal Data, contact us and we will take appropriate steps to delete it.

14. Links to Other Websites

Our Service may contain links to third-party sites. We are not responsible for their privacy practices. Review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Policy and revise the “Last updated” date. If changes are material, we will provide additional notice as required by law.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

BloomJoy, Inc. (Fondo)
721 Bay St.
San Francisco, CA 94109
United States
Email: d@tryfondo.com

‍