Privacy Policy

Effective Date: May 2026

Application: BespokeOSPro — the internal staff operations platform of Blueburry Royale Inc. (DBA BR Bespoke), accessible at https://bespokeospro.web.app.

This Privacy Policy explains how Blueburry Royale Inc., a California corporation, doing business as BR Bespoke ("we," "us," or "our"), collects, uses, shares, and protects personal information when you interact with the BespokeOSPro application, our retail studios, websites, and bespoke production services.

1. Information We Collect

Identity and Contact Information: name, postal address, email address, phone number.
Body Measurements and Style Preferences: measurement profiles, fit notes, fabric and style choices, fitting photos.
Order and Payment Information: order history, garment specifications, payment status. Card numbers are processed by Authorize.net and are not stored on our systems.
Account and Authentication Data: if you sign in via Google or via email/password, we collect your sign-in identifiers and authentication state to maintain your session.
Google Calendar Data (staff only): if you grant our internal application access to Google Calendar, we read and write calendar events solely to synchronize fitting appointments scheduled inside our application with your Google Calendar. We do not read calendar events unrelated to BR Bespoke appointments.
Communications: messages exchanged through our application (consultant ↔ workshop ↔ customer), email correspondence, and support requests.
Technical Information: browser type, device, IP address, error logs, usage analytics.

2. How We Use Your Information

To produce, fit, and deliver your bespoke garments.
To process payments and issue receipts.
To schedule and confirm appointments and fittings.
To communicate with you about your order, including delivery, remakes, and follow-up.
To improve our products, services, and customer experience.
To comply with our legal obligations (tax, accounting, fraud prevention).

3. Google User Data — Limited Use Disclosure

BR Bespoke's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google Calendar data only to provide and improve the in-application appointment-sync feature requested by the staff user.
We do not transfer Google user data to third parties except as necessary to provide that feature, to comply with applicable law, or as part of a merger or acquisition.
We do not use Google user data for advertising.
We do not allow humans to read Google user data unless we obtain affirmative agreement, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized.

4. How We Share Your Information

We share personal information only with parties who help us deliver our service, under appropriate contractual safeguards:

Production workshops — your measurements, fabric and style selections, and order specifications are shared with our offshore production workshops to manufacture your garment.
Authorize.net — for processing payments.
Google (Firebase / Cloud Platform) — application hosting, database, authentication.
Brevo — transactional email delivery (order confirmations, payment links, fitting reminders).
Shipping carriers — to deliver finished garments.
Legal authorities — when required by law, subpoena, or to protect our rights.

We do not sell your personal information to third parties.

5. Data Retention

We retain order, measurement, and customer records for as long as you remain a customer plus the period required by California tax and business-records law (typically seven years for transactional records). You may request deletion of your personal data at any time (see Section 7).

6. Security

We protect personal information using industry-standard security controls, including encryption in transit (HTTPS/TLS), encryption at rest (Firebase / Google Cloud Platform), role-based access controls, and audit logging on our internal application. No security system is impenetrable; we cannot guarantee absolute security.

7. Your Rights

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to:

Know what personal information we collect and how we use it.
Request a copy of the personal information we hold about you.
Request correction of inaccurate personal information.
Request deletion of your personal information, subject to legal retention requirements.
Opt out of the sale or sharing of personal information (we do not sell personal information).
Be free from discrimination for exercising these rights.

If you are located in the European Economic Area or United Kingdom, you have similar rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at msromal@gmail.com. We will respond within the timeframes required by applicable law.

8. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.

9. International Transfers

Our production workshops are located outside the United States. By placing an order, you understand and consent to your measurements, photos, and order specifications being transferred to, and processed in, the workshop country for the sole purpose of manufacturing your garment. We use contractual safeguards with each workshop to protect this data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the Effective Date above and, where appropriate, by direct notice. Continued use of our services after an update constitutes acceptance.

11. Contact Us

Questions about this Privacy Policy or our data practices:

Email: msromal@gmail.com
Mail: Blueburry Royale Inc., California, USA