Privacy Policy
Last updated: 27 April 2026
This Privacy Policy explains how Blankpage Enterprise (“we”, “us”, “our”) collects, uses, and shares personal data when you use the Fix Me a Drink mobile application, the website at fixmeadrink.com, and any related services (together, the “Service”).
We are the controller of personal data processed through the Service under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and Romanian data protection law.
1. Who we are
Blankpage EnterpriseRegistration number: RO50172118
Drumul Taberei 35, Bucharest, Romania
Contact for privacy matters: hey@blankpage-studio.com
If you have a question, request, or complaint about your data, write to us at the address above.
2. What data we collect
2.1 Account data
When you sign up, we collect:
- your email address,
- your name (where provided by you or by the sign-in provider),
- a unique identifier from your sign-in provider (Apple, Google, or Facebook) when you use social sign-in,
- a hashed password if you sign up with email and password,
- your date of birth or age confirmation collected at the in-app age gate.
2.2 Content you create
- chat messages you send to the in-app assistant,
- your My Bar inventory (ingredients you mark as available),
- preferences and settings you configure inside the app.
2.3 Subscription and purchase data
- your subscription plan, status, renewal date, and trial state,
- transaction identifiers and receipts from Apple and from our paywall provider Superwall.
We do not receive or store your full payment card number. Payment is handled by Apple via the App Store.
2.4 Usage and device data
- product analytics events (screens viewed, features used, conversion events),
- device type, operating system, app version, language, and approximate region,
- crash and diagnostic logs,
- a device or installation identifier used to attribute analytics events.
2.5 Communications
If you contact us by email, we keep your message and our reply.
We do not collect precise location data, contacts, photos, microphone audio, or health data.
3. How we use your data
We use your personal data for the following purposes:
| Purpose | Legal basis under GDPR |
|---|---|
| Create and manage your account | Performance of a contract (Art. 6(1)(b)) |
| Provide cocktail recommendations and chat responses | Performance of a contract (Art. 6(1)(b)) |
| Store your My Bar and preferences | Performance of a contract (Art. 6(1)(b)) |
| Process subscriptions, renewals, refunds | Performance of a contract (Art. 6(1)(b)) |
| Verify you are at least 18 years old | Compliance with a legal obligation and our legitimate interest in preventing underage use (Art. 6(1)(c) and Art. 6(1)(f)) |
| Measure product usage with Mixpanel and improve the Service | Legitimate interest in improving and securing the Service (Art. 6(1)(f)) |
| Detect, prevent, and respond to fraud, abuse, and security incidents | Legitimate interest in keeping the Service safe (Art. 6(1)(f)) |
| Respond to your support requests | Legitimate interest in providing customer support (Art. 6(1)(f)) |
| Comply with our legal and tax obligations | Compliance with a legal obligation (Art. 6(1)(c)) |
We do not use your personal data for behavioural advertising and we do not sell your personal data.
4. AI processing through OpenAI
The chat and recommendation features send your prompts and relevant context (such as parts of your My Bar inventory) to OpenAI for processing. OpenAI returns a generated response which we display to you and store as chat history in your account.
We rely on OpenAI’s API terms, under which API inputs and outputs are not used to train OpenAI’s models by default. OpenAI may retain API content for a limited period for abuse and misuse monitoring before deletion, in line with its published policies.
You should avoid sending sensitive personal data, health information, or information about other identifiable people through the chat. Treat the chat as you would any third-party online service.
5. Who we share data with
We share personal data with the following categories of recipients, all of which act as processors or independent controllers as indicated.
| Recipient | Role | What they receive | Country |
|---|---|---|---|
| OpenAI, L.L.C. | Processor (AI inference) | Chat prompts and contextual data | United States |
| Mixpanel, Inc. | Processor (product analytics) | Usage events and device identifiers | United States |
| Superwall Labs, Inc. | Processor (subscription paywall and entitlements) | Subscription state, transaction identifiers | United States |
| Apple Inc. | Independent controller (App Store distribution, sign-in, billing) | Apple ID identifier, transaction data | United States and EU |
| Google LLC | Independent controller (sign-in via Google) | Google account identifier, email, name | United States and EU |
| Meta Platforms, Inc. | Independent controller (sign-in via Facebook) | Facebook account identifier, email, name | United States and EU |
| Hosting and infrastructure providers | Processor (hosting, backups, email delivery) | Account and operational data | EU and United States |
| Professional advisers, auditors, authorities | Independent controllers, where required | Limited data as needed | Romania and EU |
We may also disclose personal data:
- to comply with a legal obligation, court order, or regulatory request,
- to protect our rights, property, or safety, or that of our users or the public,
- in connection with a corporate transaction such as a merger, acquisition, or sale of assets, in which case we will require the recipient to honour this Privacy Policy.
6. International transfers
Some of our processors are based outside the European Economic Area, including in the United States. When we transfer personal data outside the EEA, we rely on appropriate safeguards under Article 46 GDPR, in particular the European Commission’s Standard Contractual Clauses, supplemented by additional technical and organisational measures where needed.
You can request a copy of the relevant safeguards by contacting us at hey@blankpage-studio.com.
7. How long we keep data
| Data | Retention |
|---|---|
| Account data | While your account is active, plus up to 90 days after deletion for backup rotation |
| Chat history and My Bar | While your account is active, deleted within 90 days of account deletion |
| Subscription and transaction records | Up to 10 years, as required by Romanian tax and accounting law |
| Analytics events in Mixpanel | Up to 24 months from collection |
| Support emails | Up to 3 years from last contact |
| Crash and diagnostic logs | Up to 12 months |
We may retain limited data for longer when required to comply with a legal obligation, to resolve a dispute, or to enforce our agreements.
8. Your rights
If the GDPR applies to your data, you have the right to:
- access the personal data we hold about you,
- rectify inaccurate or incomplete data,
- erase your data ("right to be forgotten"), subject to legal retention obligations,
- restrict or object to certain processing, including processing based on our legitimate interests,
- receive your data in a portable format,
- withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise any of these rights, write to hey@blankpage-studio.com from the email address linked to your account. We will respond within one month, with a possible extension of two further months for complex requests.
You also have the right to lodge a complaint with a supervisory authority. The Romanian supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP), www.dataprotection.ro.
9. Children
The Service is not intended for anyone under 18. We use an in-app age gate at first launch and we do not knowingly collect personal data from people under 18. If you believe a person under 18 has created an account, contact us at hey@blankpage-studio.com and we will delete the account and associated data.
10. Security
We use technical and organisational measures designed to protect personal data, including encryption in transit, restricted access to production systems, audit logging, and routine review of vendor security. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal data breach affecting your data, we will notify the supervisory authority and, where required, you, in line with Articles 33 and 34 GDPR.
11. Cookies and similar technologies
The fixmeadrink.com website uses a small number of cookies and similar technologies for essential functionality, security, and aggregated analytics. The mobile app does not use cookies but does use device identifiers for analytics as described above. Where the law requires consent for non-essential cookies or trackers, we ask for it through a banner on the website and through the app’s analytics consent control.
12. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the app or by email and update the “Last updated” date above. The current version is always available at fixmeadrink.com and inside the app.
14. Contact
Blankpage EnterpriseDrumul Taberei 35, Bucharest, Romania
hey@blankpage-studio.com