Privacy Policy

Notice to Our Customers

Bluemercury was acquired by Macy’s Inc. (also the parent company of Bloomingdale’s) in March 2015. We will continue to offer the world’s most innovative skin and beauty products as well as unparalleled technical product knowledge, expert advice and friendly service. Our integration into Macy’s greatly expands our reach, depth and unique capabilities to deliver our signature luxury beauty products and spa services.

As part of our integration, we may share customer data with Macy’s. Our commitment to you is, and has always been, to give you a choice about your data entrusted to us. Below, you will find our updated Notice of Privacy Practices, which becomes effective April 27, 2016. We encourage you to read it.  

We believe that joining the Macy’s family opens up truly exciting new possibilities to surprise and delight our customers. But because this is a new development we are providing this option for you to opt-out of having your Bluemercury data shared with Macy’s by using our Contact Us Form. If you choose to opt-out, we will not share your data with Macy’s and its affiliates. Please note this opt-out only applies to sharing data with Macy’s and not with Bluemercury. This opt-out link is available for the next 30 days; after which time you can always refer to the Contact Us section under Customer Service for opt-out options. Thank you for your time.  We look forward to the next chapter as your trusted partner in beauty.


Marla and Barry Beck, Co-Founders

Bluemercury and Notice of Privacy Practices

This Notice of Privacy Practices was updated on April 27, 2016.

Here’s a summary of what we’ve updated:

This Notice of Privacy Practices (“Notice”) applies to information collected, processed or stored by Bluemercury, online at, and via accessed through your mobile device) (Collectively, “Services”). This Notice describes the extent of data collection and use for these Bluemercury Services. 

This Notice of Privacy Practices explains:

Your access to and use of our Services means you agree to the terms in this Notice and our Terms & Conditions. We encourage you to refer to this Notice periodically so that you understand our current privacy practices.

If you have any questions about this Notice, please contact our Customer Service department:

       Bluemercury Customer Service
       ATTN: Privacy Office
       1010 Wisconsin Avenue NW, Suite 700
       Washington, DC 20007


Back to Top


We at Bluemercury understand that you entrust your data to us. We value that trust. Our collection and use of customer data is guided by our corporate principle of Customers First and subject to our Responsible Information Management program.

We may use the information we collect for the following primary reasons:

(1)    Product & Service Fulfillment (FUL)

(2)    Marketing, Promotions & Advertising (ADV)

(3)    Internal Operations (OPS)

(4)    Fraud Prevention, Security & Compliance (SEC)

We may combine information collected from different sources (see section on What We Collect & Share). Below is a summary of some of the ways we collect and use information:

1. Product & Service Fulfillment (FUL)

2. Marketing, Promotions & Advertising (ADV)

3. Internal Operations (OPS)

4. Fraud Prevention, Security and Compliance (SEC)

The rest of this Notice refers to the collection and use codes above (FUL; ADV; OPS; SEC). This is so you can better understand why we collect and use different types of information in accordance with our privacy practices and our Responsible Information Management program.


Back to Top


We collect information from a variety of sources, including: information provided by you, transaction information, technology-enabled collections, and information we collect about you from third party sources. The following are select examples of the types of information we may collect and share:


Back to Top


The following section describes various types of technologies we use when you interact with us online, through our mobile applications, shop in our stores, or use our wireless services, and your choices regarding those technologies: 

Cookies, Pixel Tags, and Flash Cookies (FUL, ADV, OPS, SEC)

On our websites and other digital platforms we use Cookies, Pixel Tags, and more limitedly, Flash Cookies.  This section briefly describes each:

A Cookie is a small piece of computer code sent by a website and stored on the hard disk of your computer. A pixel tag (also known as a tracking pixel, web beacon, or clear GIF) is an embedded image on a website that may register a user's website activity. A Flash Cookie (also known as a Local Shared Object) is a data file stored on your computer by the websites that you visit (click here for more details). Flash Cookies provide similar functionality as Cookies, but are based on different technology, provide richer data collections, and are persistent; they do not go away when you exit your browser and generally cannot be deleted through your browser option tools.

At Bluemercury we use two kinds of Cookies: session cookies and persistent cookies. Session cookies exist only for as long as your browser remains open. We use session cookies, for example, to manage items added to your shopping bag. Persistent cookies last from visit to visit; they do not go away when you exit your browser. We use persistent cookies to enable an easier log-in process, give you a more personalized shopping experience, or help you navigate our website more efficiently. For example, we use persistent cookies to show you items you have previously browsed. From time to time, we may use Flash Cookie(s) on our website(s), for example, to enable or control richer Flash-based content.

For options to manage your Cookie Preferences, click hereIf you block cookies from, you will not be able to make purchases on our websites.

Website Optimization Services (ADV, OPS)

Bluemercury shares data with Google Analytics tools to understand and optimize website performance and enhance site usability for our customers.  Google Analytics runs in the background of our sites analyzing site usage information. Google Analytics is required to maintain data securely and confidentially. Credit card or password data is not collected through Google Analytics.

Please click here to download the Google Analytics opt-out browser add-on. To learn more about Google Analytics Privacy click here.

Interest-Based or Online Behavioral Advertising (OBA) (ADV, OPS)

Bluemercury uses third-party advertising companies to serve interest-based advertisements. These companies compile information from various online sources (including mobile-enabled browsers and applications) to match user profiles with ads we believe will be most relevant, interesting and timely based on that user profile.

For additional information on interest-based advertising and options for managing preferences, click here.

Do Not Track (DNT) (ADV, OPS)

Bluemercury does not currently recognize and process Do Not Track signals from different web browsers. Customers may manage their preferences for tracking across sites in the Interest-Based Advertising section above. For more information on Do Not Track please visit

Beacons (FUL, ADV, OPS, SEC)

Beacons are small appliances that we use to enhance and make the Bluemercury in-store experience more interactive. Beacons broadcast a Bluetooth signal that can be received by Bluetooth-enabled devices, such as a mobile phone, when those devices are within proximity of a beacon. Beacons do not collect or pull in personal data; they only push out radio signal pulses to map nearby Bluetooth-enabled devices, much in the same way radar works. In-app permissions, such as permission to access location and accept Push Notifications (sometimes shown as ‘PNS’ on your devices), must be enabled for a Beacon to interact with your specific Bluetooth-enabled device. Interactions with and notifications delivered to your device may include customer service information, in-store directions, offers and advertisements from applications and advertisers.

Beacon Preferences are managed through your device (Bluetooth, Location, and PNS settings).

In-Store Wi-Fi Services (FUL, ADV, OPS, SEC)

Many Bluemercury locations offer free Wi-Fi Services to visitors. Wi-Fi routers capture certain data from devices that interact with the router. Some examples of data automatically collected through our Wi-Fi Service include:

Unless we receive consent to use Wi-Fi data in a manner that identifies you or your device(s), Wi-Fi data is anonymously collected or de-identified.  


Radio Frequency Identification (RFID) tags consist of a small chip and antenna that provide a unique identifier for objects. RFID serves the same purpose as a bar code and must be scanned by a specific type of reader in close proximity to the tag to retrieve tag data. Bluemercury uses RFID for inventory management (such as locating shoes in the stock room) and logistics support. RFID is not used to track or monitor any items once you leave our stores.

Video Cameras (FUL, OPS, SEC)

We use cameras in our stores for security purposes, loss prevention, and asset protection. We also use cameras in our stores for operational purposes, such as such as traffic pattern analysis. Cameras may include technology to capture demographic information, such as age, gender and dwell time.   

We will not use cameras to personally identify you, without your consent, except when the identification is for security or law enforcement purposes.


Back to Top


This section details, in one place, how you may express preferences including electing to opt-out of some data collections or uses.

Access to Accounts, Online Profiles, and Orders

Data Sharing Preferences

If you prefer that we not share your information with third parties for marketing purposes, you can contact us:

       Bluemercury Customer Service
       ATTN: Privacy Office
       1010 Wisconsin Avenue NW, Suite 700
       Washington, DC 20007

Email Communications

                          Bluemercury Customer Service
                          ATTN: Privacy Office
                          1010 Wisconsin Avenue NW, Suite 700
                          Washington, DC 20007

Note: It may take up to 10 business days to process your request.

Note: Operational emails (e.g. shipping confirmation or product recall information) do not provide an opt-out option.

Direct Mail or Telemarketing

 Bluemercury Customer Service
 ATTN: Privacy Office
 1010 Wisconsin Avenue NW, Suite 700
 Washington, DC 20007

Note on Opting-Out of Direct Mail: Because direct mailings are often prepared well in advance (12-16 weeks, in some cases) you may, for a period of time, continue to receive some physical mail after you send us your request.

Website & Online Services Preferences

Note: To opt-out of interest-based advertising in mobile applications, you can turn off mobile device ad tracking or reset the advertising identifier in your device settings.

Technology-Enabled Collection & Use Preferences


Back to Top


If Bluemercury, its parent company or any of its subsidiaries is sold to or otherwise acquired by a third party, all Bluemercury data assets will become the property of the acquiring party. Such a party will be subject to any consent(s), opt-outs or other customer conditions on data.  A change in data ownership may or may not include a notice on the primary online sites of Bluemercury or affected subsidiary sites.


Back to Top


Information About Children Under 13
The Children's Online Privacy Protection Act imposes requirements on Web sites that collect personal information about children under 13 years old (for example - name, address, email address, social security number, etc.). Our current policy is not to collect any personal information on any person under 13 years old online. For this reason, our sweepstakes and other promotions conducted online are restricted to entrants who are at least 13 years old.

If this policy changes, we will revise this portion of our Notice of Privacy Practices and will comply with the requirements of the Children's Online Privacy Protection Act, which includes providing notice and choice to each child's parent or guardian before collecting any personal information.

Your California Privacy Rights
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice describing what categories of personal information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. That notice will identify the categories of personal information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal information. If you are a California resident and want a copy of this notice, please submit a written request to the following address: Bluemercury Customer Service, ATTN: Privacy Office, 1010 Wisconsin Avenue NW, Suite 700, Washington, DC 20007. In your request, please specify that you want a "Your Bluemercury California Privacy Rights Notice." Please allow 30 days for a response.

If you are a minor under 18 and have a profile on, you may ask us to remove reviews or other content that you posted on the site by writing to  We will begin to process your request within 30 days.  Please note that processing your request does not ensure complete or comprehensive removal of content that you posted.


Back to Top


Bluemercury has put various procedural, technical, and administrative measures in place to safeguard the information we collect and use. We designed our technology-enabled services to accept orders only from Web and mobile browsers that permit communication through a Secure Socket Layer (SSL). SSL is an encryption standard that provides a layer of security while information is being transmitted over the Internet.

As a matter of policy, we do not disclose details regarding our security measures as this could be beneficial information to criminals and other bad actors.

Be advised, no security safeguards or standards are guaranteed to provide 100% security. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information on how you can securely shop with us, the National Cybersecurity Alliance also provides comprehensive information to stay safe online.


Back to Top