PRIVACY POLICY
Aloha!
BlueRez LLC, doing business as BlueRez Software (“BlueRez”, “we”, “us”, or “our”), is a Hawai’i limited liability company with its principal place of business in Maui, Hawai’i. We value your trust, and make it a priority to ensure the security and confidentiality of the personal information you share with us.
This Privacy Policy describes how we collect, use, store, and share personal information in connection with our cloud-based reservation management platform and related services (collectively, the “Services”). We encourage you to read this Policy carefully.
Mahalo!
Who This Policy Covers
This Policy applies to:
(a) Business clients and their authorized users who access the BlueRez platform (“Clients”); and
(b) End customers of our Clients who interact with booking flows powered by BlueRez (“Bookers”).
This Policy does not apply to personal information that Bookers submit directly through a Client’s own website or booking integration — that data is processed by us on behalf of the Client, and the Client is responsible for its own privacy disclosures to its customers. This Policy also does not apply to job applicants or BlueRez employees.
Terms Used in This Policy
“Personal information” means any information that identifies, relates to, describes, or can reasonably be linked to a specific natural person. This does not include information about legal entities.
“Business Partners” or “Clients” refers to businesses and individuals who have entered into a service agreement with BlueRez to use the platform, including tour operators, activity providers, and other experience-based businesses.
1. Information We Collect
1.1 Information You Give Us
When you use our Services, fill out a form, or interact with us, we may collect:
(a) Account and contact information: full name, business name, email address, phone number, and business address;
(b) Financial information: bank account details for payouts, billing information, tax ID or EIN (for IRS reporting purposes), and invoice records;
(c) Contract information: details of agreements, services provided, and related correspondence;
(d) Verification details: company registration documents, business licenses, or other information required to verify your business; and
(e) Communications: content of messages, emails, or support interactions with BlueRez.
1.2 Information We Collect About Bookers (On Behalf of Clients)
When an end customer makes a reservation through a Client’s BlueRez-powered booking widget, we process the following on behalf of the Client:
(a) Contact information: name, email address, and phone number;
(b) Payment information: credit or debit card details, processed exclusively through our third-party payment processor — BlueRez does not store full card numbers;
(c) Booking details: reservation dates, activity or service type, party size, and special requests; and
(d) Transactional communications: booking confirmations and notifications.
1.3 Information from Third-Party Sources
We may receive information about you from other sources, including:
(a) Business verification services and publicly available sources to verify, update, or correct information in our records;
(b) Law enforcement or tax authority requests in the event you are involved in an investigation; and
(c) Fraud detection and prevention providers, as permitted by applicable law.
1.4 Information Collected Automatically
When you visit our website or use our platform, we may automatically collect:
(a) IP address and approximate location (city, state, country);
(b) Browser type, operating system, and device identifiers;
(c) Pages visited, referring URL, time of visit, and language settings;
(d) Usage data: features accessed, session duration, and click activity; and
(e) Cookies and similar tracking technologies (see Section 8).
You are not required to provide information to us. However, to enter into a contract or use the Services, certain information is required as part of your contractual obligations. When using our website, some technical data collection is unavoidable.
1.5 Information You Provide About Others
If you share personal information about other individuals (such as your staff members), you confirm that: (i) those individuals have been informed of how BlueRez may collect and use their information as described in this Policy; (ii) you have obtained any required consent; and (iii) you have the authority to share their information with us.
2. How We Use Personal Information
We use personal information for the following purposes:
(A) Contractual relationship: to enter into, administer, and perform our agreements with Clients, including providing the Services, customer service, accounting, and enforcing legal claims.
(B) Customer service: to respond to questions and complaints, and to monitor and improve our support.
(C) Account management: to administer and maintain Client accounts and allow management of reservations.
(D) Communications: to contact you by email, phone, or other means in connection with the Services, your account, or your inquiries.
(E) Security and fraud prevention: to investigate, prevent, and detect fraud and illegal activity, and to maintain the integrity of our platform and data.
(F) Platform improvement: to analyze usage patterns, improve features, and develop new capabilities.
(G) Marketing and relationship management: to send relevant communications about BlueRez products and services. You may opt out of marketing communications at any time by contacting us at info@bluerez.com or clicking “Unsubscribe” in any marketing email.
(H) Legal and compliance: to comply with applicable laws, respond to government and regulatory requests, manage disputes, and fulfill tax reporting obligations (including IRS Form 1099-K requirements).
(I) Business transfers: to evaluate or carry out a merger, acquisition, or sale of BlueRez assets, in which case your information may be transferred to the acquiring entity subject to equivalent privacy protections.
Legal Bases for Processing
For purposes (A) through (D): processing is necessary for the performance of our contract with you.
For purposes (E) through (I): processing is based on our legitimate business interests in operating a secure and effective platform, preventing fraud, and communicating with Clients. Where required by applicable law, we will obtain your consent prior to processing.
For purpose (H): processing is also based on compliance with legal obligations applicable to BlueRez.
3. How We Share Personal Information
3.1 Service Providers
We share information with third-party service providers who assist us in operating the Services, including:
(a) Payment processors (e.g., Stripe) for payment facilitation and payout processing;
(b) Cloud infrastructure and hosting providers;
(c) Email and SMS delivery providers for transactional communications;
(d) Analytics and monitoring tools for platform performance and security; and
(e) Customer support platforms.
Service providers are contractually required to use information only as directed by BlueRez and in a manner consistent with this Policy.
3.2 Clients
Booker information collected through a Client’s booking widget is accessible to that Client within the BlueRez platform for purposes of fulfilling reservations and managing their business operations.
3.3 Legal and Regulatory
We may disclose information as required by law, court order, or government or regulatory request, including: IRS tax reporting obligations; law enforcement requests; responses to subpoenas; and compliance with Hawaii and federal regulatory requirements.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of BlueRez’s assets, information we hold may be transferred to the acquiring entity, subject to equivalent privacy protections.
3.5 No Sale of Personal Information
BlueRez does not sell, rent, or trade personal information to third parties for their own marketing or commercial purposes.
4. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements.
Specifically:
(a) Client account data is retained for the duration of the Client relationship and for five (5) years following termination, or longer as required by applicable law;
(b) Booker transaction data is retained for a minimum of five (5) years following the transaction date to support chargeback resolution, tax reporting, and legal compliance;
(c) Backup and technical data may be retained for shorter periods consistent with our standard data management practices; and
(d) Upon termination of a Client relationship, we will provide the Client with an export of their data in a standard file format. The Client is solely responsible for any migration, integration, or importation of such data into any third-party platform or system. Following confirmation of export delivery, a deletion date will be established for any remaining personal data no longer required to be retained under clauses (a) through (c) above.
5. Data Security
We implement industry-standard technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our measures include:
(a) Encryption of data in transit (TLS) and at rest;
(b) Role-based access controls and user permissions;
(c) Two-factor authentication (2FA) for platform access;
(d) Regular security monitoring, logging, and incident response procedures; and
(e) Payment card data processed exclusively through PCI-DSS compliant payment processors — BlueRez does not store full card numbers.
No method of data transmission or storage is completely secure. In the event of a security incident affecting personal information, we will notify affected parties as required by applicable law, including Hawaii’s security breach notification statute (Haw. Rev. Stat. § 487N).
6. Your Rights and Choices
6.1 All Users
You may at any time:
(a) Access and update your account information through the BlueRez platform;
(b) Export your Customer Data as described in our Terms of Service; and
(c) Request deletion of your account by contacting us at info@bluerez.com
We will endeavor to respond to rights requests within thirty (30) days of receipt. If we require additional time, we will notify you of the reason and estimated response period.
6.2 California Residents (CCPA / CPRA)
This section supplements this Privacy Policy and applies to California residents. California law provides you with the following rights:
(a) Right to know: the categories and specific pieces of personal information we collect, use, and share;
(b) Right to delete: request deletion of personal information we hold about you, subject to certain exceptions;
(c) Right to correct: request correction of inaccurate personal information;
(d) Right to opt out: opt out of the sale or sharing of personal information (BlueRez does not sell personal information);
(e) Right to limit use of sensitive personal information; and
(f) Right of non-discrimination: we will not deny goods or services for exercising your rights.
To submit a California rights request, contact us at info@bluerez.com with the subject line: “California Resident Privacy Rights – Request”. If you are an authorized agent acting on behalf of a California consumer, please include a copy of the consumer’s written authorization.
The following table describes the categories of personal information we have collected within the last twelve (12) months, consistent with CCPA categories:
| Category | Examples Collected by BlueRez |
| A. Identifiers | Name, email address, IP address, account name, unique identifiers |
| B. Personal Information (Cal. Civ. Code § 1798.80) | Name, address, phone number, bank account or financial information, tax ID |
| C. Protected Classifications | Not collected |
| D. Commercial Information | Booking history, products and services purchased through the platform |
| E. Internet Activity | Browsing history, platform usage, page interactions |
| F. Geolocation Data | City, state, and country (approximate) |
| G. Visual Information | Profile photos or logos uploaded to the platform |
| H. Inferences | Usage patterns and account preferences derived from activity |
| I. Professional / Employment Information | Job title and employer (where provided by Client users) |
| J. Sensitive Personal Information | Account login credentials; payment account details (processed by PSP only) |
6.3 Other U.S. State Residents
Residents of states with applicable privacy laws (including but not limited to Colorado, Connecticut, Virginia, and Texas) may have rights similar to those described in Section 6.2, including rights of access, correction, deletion, portability, and opt-out of sale or targeted advertising. To submit a request, contact us at info@bluerez.com with the subject line: “US Resident Privacy Rights – Request”.
6.4 EEA, UK, and Swiss Residents (GDPR)
If BlueRez processes personal data of individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, those individuals have rights under the General Data Protection Regulation (GDPR) and applicable national law, including:
(a) Right of access to personal data we hold about you;
(b) Right to rectification of inaccurate data;
(c) Right to erasure (“right to be forgotten”);
(d) Right to data portability;
(e) Right to object to processing based on legitimate interests; and
(f) Right to lodge a complaint with the competent data protection supervisory authority in your country.
To submit a GDPR request, contact us at info@bluerez.com. If your data is transferred outside the EEA, we will implement appropriate safeguards, including Standard Contractual Clauses as approved by the European Commission, where required.
7. Children’s Privacy
The BlueRez platform is a business-to-business service and is not directed to individuals under the age of 16. We do not knowingly collect personal information from minors under 16. If we become aware that we have inadvertently collected such information without valid parental or guardian consent, we will delete it promptly. We do not knowingly sell or share the personal information of minors under 16.
8. Cookies and Tracking Technologies
8.1 What Are Cookies
When you use our website or platform, we use cookies and similar online tracking technologies. A cookie is a small text file placed on your device that stores information about your visit and preferences. Cookies may be first-party (served by BlueRez) or third-party (served by trusted partners).
8.2 How We Use Cookies
We use the following categories of cookies:
(a) Functional / Necessary cookies: required for the platform to operate correctly. These enable login, session management, security features, and language and currency preferences. Disabling these may affect platform functionality.
(b) Analytical / Performance cookies: used to understand how users interact with the platform, identify areas for improvement, and measure the effectiveness of features. Data is used in aggregate and not for individual profiling.
(c) No advertising or targeting cookies: BlueRez does not use cookies for interest-based advertising, retargeting, or behavioral profiling on our platform.
In addition to cookies, our website may use web beacons, scripts, and tracking URLs to support platform functionality and analytics.
8.3 Cookie Choices
You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. If you activate a “Do Not Track” signal in your browser, note that this affects cookies but not all other data collection practices described in this Policy.
9. International Data Transfers
BlueRez is based in Maui, Hawai’i, USA. If you are located outside the United States, your personal information may be transferred to and processed in the United States, which may not have the same data protection laws as your country. We take appropriate steps to protect your information in accordance with this Policy and applicable law.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we will implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, where required.
10. Third-Party Links and Integrations
The BlueRez platform may contain links to third-party websites or integrate with third-party tools (including payment processors, communication platforms, and analytics providers). BlueRez is not responsible for the privacy practices of third parties. We encourage Clients to review the privacy policies of any third-party services used in connection with our platform.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated Policy at www.bluerez.com/privacy with a revised effective date. For material changes, we will provide at least fifteen (15) days’ advance notice to Clients via email or through the platform. Your continued use of the Services after the effective date of any update constitutes acknowledgment of and agreement to the revised Policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
BlueRez LLC dba BlueRez Software
Maui, Hawai’i, USA
Email: info@bluerez.com
Website: www.bluerez.com
We will endeavor to respond to all inquiries within thirty (30) days.