Privacy Policy

The controller responsible for the processing of personal data on this website is the operator listed in our Imprint. If you have any questions about this privacy policy or wish to exercise your rights, please contact us at: privacy@blogpostr.com.

We collect and process the following categories of personal data:

**Account data:** When you register, we collect your email address and a hashed password. If you provide additional profile information (name, company), we store that too.

**Usage data:** We collect data about how you use our service — features accessed, content generated, session duration — to improve and operate the platform.

**Technical data:** IP addresses, browser type, operating system, and access logs are collected for security, fraud prevention, and operational purposes.

**Payment data:** Billing information (name, address, payment method details) is processed by our payment provider. We do not store full card numbers.

**AI inputs:** Text prompts and topics you submit to generate blog posts are processed by our AI infrastructure. We do not use your inputs to train our models without your explicit consent.

**Communication data:** If you contact us via email or the contact form, we store your message and contact details.

We process your personal data on the following legal bases under Art. 6 GDPR:

• **Contract performance (Art. 6(1)(b) GDPR):** Processing is necessary to provide the services you signed up for — account management, content generation, subscription management.

• **Legitimate interests (Art. 6(1)(f) GDPR):** We process technical and usage data to ensure platform security, prevent fraud, and improve our services.

• **Consent (Art. 6(1)(a) GDPR):** For optional analytics cookies or marketing communications, we rely on your consent. You may withdraw consent at any time.

• **Legal obligation (Art. 6(1)(c) GDPR):** We retain invoices and billing records as required by applicable tax and commercial law.

We use the following service providers who may process personal data on our behalf:

**AI Processing:** Content generation is powered by large language model APIs (e.g. OpenAI). Text prompts you submit are transmitted to these APIs for processing. Please refer to the respective provider's privacy policy for details.

**Payment Processing:** Subscription payments are handled by a PCI-DSS-certified payment processor (e.g. Stripe). We do not store your full payment card details.

**Email Delivery:** Transactional emails (account confirmation, password reset, billing notifications) are sent via a third-party email service provider.

**Hosting & Infrastructure:** Our servers are hosted on cloud infrastructure (e.g. a European or US-based cloud provider). Data may be stored in data centers within or outside the EU.

All data processors are bound by data processing agreements (DPA) in accordance with Art. 28 GDPR, ensuring they provide appropriate safeguards for your data.

Some of our service providers are located outside the European Economic Area (EEA). When personal data is transferred to third countries, we ensure an adequate level of protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• The EU–U.S. Data Privacy Framework (where applicable)

• Other appropriate safeguards as required by Art. 46 GDPR

You may request a copy of the relevant transfer safeguards by contacting us.

We use the following types of cookies:

**Essential cookies:** Required for the platform to function — authentication sessions, CSRF protection, user preferences. These cannot be disabled without breaking the service.

**Analytics cookies (optional):** With your consent, we may use cookies to understand how visitors use our website (e.g. page views, feature usage). You can withdraw consent via our cookie settings.

You can manage cookies through your browser settings. Blocking essential cookies may prevent you from using certain features. Our cookie banner, displayed on first visit, allows you to configure your preferences.

We retain personal data only as long as necessary:

• **Account data:** Retained for the duration of your account. Deleted within 30 days of account deletion upon request.

• **Usage and technical logs:** Typically retained for 90 days for security and operational purposes.

• **Billing records:** Retained for 7–10 years as required by commercial and tax law.

• **AI-generated content:** Stored as long as your account is active; deleted when your account is closed.

• **Support communications:** Retained for up to 3 years to handle any follow-up inquiries.

If you are in the European Economic Area, you have the following rights:

• **Right of access (Art. 15):** Request a copy of the personal data we hold about you.

• **Right to rectification (Art. 16):** Request correction of inaccurate or incomplete data.

• **Right to erasure (Art. 17):** Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

• **Right to restriction (Art. 18):** Request that we restrict processing of your data in certain circumstances.

• **Right to data portability (Art. 20):** Receive your data in a machine-readable format or have it transferred to another controller.

• **Right to object (Art. 21):** Object to processing based on legitimate interests or for direct marketing purposes.

• **Right to withdraw consent (Art. 7(3)):** Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@blogpostr.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• TLS/SSL encryption for all data in transit

• Encrypted storage of passwords (bcrypt hashing)

• Access controls and role-based permissions for our staff

• Regular security audits and dependency updates

• Monitoring and incident response procedures

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (to the address associated with your account) or by displaying a prominent notice on our website. Your continued use of the service after the updated policy takes effect constitutes your acceptance of the changes.

For privacy-related inquiries, requests, or complaints, please contact us at privacy@blogpostr.com or use our contact form. For our full contact details, see the Imprint.