Privacy & Cookies Policy
Last updated: 27 November 2025
Controller
Blokso
Kwikstaartlaan 42
Box C1510
3704 GS Zeist
The Netherlands
030 369 14 47
KvK number: 97966584 · VAT number: NL005299403B55
Scope
This policy explains how Blokso processes personal data when you browse this website, register for and use the Blokso platform, or make a payment.
What data I process
- Identification & contact details: name, email address, address, billing address, VAT number.
- Payment-related data (processed by a payment provider): payment method, status, last 4 digits of the card number. Blokso does not store or have access to full card details.
- Technical data: IP address, device/browser information, and cookies. Blokso may collect limited diagnostic and performance data (e.g., usage logs, feature activity, error reports) to maintain and improve the service. This data is processed under legitimate interests (Art. 6(1)(f) GDPR) and does not include message or content data.
Purposes & legal bases
Purpose and Legal basis (GDPR Art. 6)
- Providing and managing the Blokso service, user accounts, and subscriptions: Contract (1)(b)
- Processing payments and issuing invoices: Legal obligation and contract (1)(c), (1)(b)
- System security, troubleshooting, and logs: Legitimate interests (1)(f)
- Analytics (Google Analytics 4): Consent (1)(a) – only after you click “Accept” on a cookie banner
Cookies & consent
Blokso uses essential cookies to ensure proper website operation and core platform functionality (e.g., authentication, subscriptions).
With your consent, Blokso also uses analytics cookies (Google Analytics 4) to measure site usage and improve performance.
You can accept or decline analytics cookies via the consent banner and change your choice anytime under “Cookie settings” available in the footer of the main page.
The website respects Global Privacy Control (GPC) signals. If your browser sends a GPC signal, analytics cookies remain disabled unless you explicitly grant consent.
Recipients / processors
- Mollie – payment processing
- e-Boekhouden.nl – accounting and invoicing (data processor)
- netcup – website and platform hosting
- OpenAI, L.L.C. – provider of language model services used to generate text suggestions and AI-assisted content blocks.
Only the text you enter into Blokso’s AI features is transmitted to OpenAI’s API. Sensitive or personal data should not be included in AI prompts. Transfers to OpenAI involve processing in the United States. Blokso relies on Standard Contractual Clauses (SCCs) and additional technical and organizational safeguards to ensure an adequate level of protection for personal data.
These entities act as processors or independent controllers depending on their role (for example, payment providers act as independent controllers for financial transactions).
A current list of subprocessors is maintained by Blokso and may be updated periodically. Users will be informed in advance if new subprocessors materially change the nature of data processing.
International transfers
Some service providers may process or store data outside the European Economic Area (EEA), such as in the United States.
Where such transfers occur, Blokso relies on Standard Contractual Clauses (SCCs) and, if necessary, additional safeguards in compliance with the GDPR.
Blokso does not engage in targeted advertising or profiling that produces legal or similarly significant effects. Personal data is not sold or shared as defined under the CPRA, CCPA, or similar US state privacy laws.
Data Retention
- Customer and service records: as long as needed to provide the service and support.
- Accounting and invoicing data: up to 7 years (as required by Dutch tax law).
- Analytics data: According to GA4 retention settings.
User-Generated Content and Responsibility
Users are solely responsible for the content and data they enter into Blokso.
Blokso is intended for creating and managing professional communication templates and offers. Users must ensure that no personal data of their own customers or other third parties is entered into the system unless they have a lawful basis to do so under the GDPR.
Blokso and its owner act only as a data processor with respect to user-generated data and do not control the content entered by users.
Blokso shall not be held liable for any unlawful or inappropriate data processing carried out by users within the platform.
If Blokso becomes aware of a potential data protection breach caused by user input, access may be suspended or restricted in order to prevent further risk.
AI-Generated and User-Generated Content Disclaimer
Blokso provides AI-assisted features to help users create text and content blocks more efficiently.
All outputs generated by the system or its AI integrations (including OpenAI) are provided “as is” and are intended for drafting and inspiration purposes only.
Content generated within Blokso does not constitute legal, financial, or professional advice. Users are solely responsible for ensuring that all offers, communications, and documents created using Blokso comply with applicable laws and professional standards.
Blokso does not guarantee the accuracy, legality, or fitness of any generated content for a particular purpose, and is not liable for any damages, loss of business, lost leads, or reputational harm arising from its use.
Users remain fully responsible for reviewing, editing, and verifying the accuracy and suitability of all content generated or sent using Blokso.
Your rights
You have the right to:
- access and obtain a copy of your data,
- request correction or deletion,
- restrict or object to processing,
- request data portability,
- withdraw consent (for analytics),
- lodge a complaint with the Autoriteit Persoonsgegevens (Netherlands) if you believe your data has been mishandled.
Contact
For privacy requests:
info@blokso.comResponses are typically provided within 30 days.
Data Security
Blokso stores and processes data securely within the European Union or, where necessary, in other regions under GDPR-compliant transfer mechanisms. Technical and organizational measures (including encryption, access controls, and audit logging) are applied to protect data from unauthorized access, loss, or misuse.
Changes
This policy may be updated periodically. The latest version will always be available on this page.