Privacy Policy
Last updated: 2026-05-06
This policy describes how Bloom Finances (operating under the Klarc brand)
processes personal data in the context of services hosted at
klarc.eu and social.klarc.eu. It complies with the
EU General Data Protection Regulation (GDPR) and the French loi
Informatique et Libertés.
1. Data Controller
BLOOM FINANCES, registered with the Toulouse Trade and Companies Register under number 885 330 845, share capital €10,000, registered office: 19 rue Job, 31000 Toulouse, France. Bloom Finances operates under the Klarc brand.
GDPR contact: privacy@klarc.com.
2. Scope
- klarc.eu: static documentation site. No personal data is collected on this site (no accounts, no forms, no tracking cookies, no analytics).
- social.klarc.eu (Postiz): social-media scheduling tool. Data processed as described below.
3. Data processed on social.klarc.eu (Postiz)
For authorized Postiz users:
- Account identification: email address, hashed password.
- OAuth tokens for connected social platforms (LinkedIn, X, Reddit, Mastodon, Pinterest, TikTok, etc.), encrypted at rest.
- Scheduled content: text, images, and metadata of scheduled posts.
- Technical logs: IP address, timestamp, user-agent, retained for security and debugging purposes.
4. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Authentication and Postiz account management | Contract / legitimate interest |
| Scheduling and publishing to connected platforms | Contract performance |
| Security and abuse prevention | Legitimate interest |
| Legal log retention obligations | Legal obligation |
5. Recipients and processors
- Postiz (open-source software by gitroomhq): processes data on Klarc's behalf as a technical processor.
- Connected social platforms (Meta, X Corp., Reddit, LinkedIn, TikTok, Pinterest, etc.): each acts as a joint controller for the data they receive when content is published via their API. Their respective privacy policies apply.
- Hosting: Hetzner Online GmbH (Germany, EU) for the social.klarc.eu hosting infrastructure; Cloudflare Inc. (United States) for CDN delivery and DNS protection of klarc.eu.
6. Transfers outside the EU
The connected social platforms (Meta, X Corp., LinkedIn, TikTok, Reddit, Pinterest) are based in the United States or elsewhere outside the EU. Transfers occur when you publish content via Postiz and are governed by the EU-US Data Privacy Framework (where applicable) or the European Commission's Standard Contractual Clauses.
Cloudflare Inc. operates under the EU-US Data Privacy Framework.
7. Retention
- Account data: as long as the account is active, deleted on request within 30 days.
- OAuth tokens: as long as the platform connection is active, or until revocation.
- Technical logs: 12 months maximum.
- Published content: as governed by each social platform (outside our control).
8. Your rights
Under GDPR Articles 15–22, you have the following rights:
- Access: obtain a copy of your data.
- Rectification: correct inaccurate data.
- Erasure: see data deletion.
- Restriction: limit processing.
- Portability: receive your data in a structured format.
- Object: object to processing based on legitimate interest.
- Withdraw consent: when processing is based on consent.
To exercise these rights, contact privacy@klarc.com. Response within one month (extendable by two months for complex requests).
9. Complaints
If our response is unsatisfactory, you may lodge a complaint with the French data protection authority (CNIL).
10. Automated decision-making
No automated decisions producing legal effects are made based on your data.
11. Changes
This policy may be updated. The last-updated date is shown at the top of this document.