Privacy Policy

Last Updated: January 22, 2026

1. Introduction

Welcome to Blogster ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content generation platform at useblogster.com (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect the following personal information that you voluntarily provide to us:

  • Account Information: Email address, username, full name, password (encrypted)
  • Profile Information: Avatar/profile picture, website URL, company name, bio
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Content Data: Blog posts, personas, templates, and other content you create using our Service
  • Communication Data: Messages you send to our support team

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent on the Service, generation requests
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Similar Technologies: Session cookies, authentication tokens, preference settings
  • Analytics Data: User behavior, feature engagement, content generation metrics

2.3 Information from Third-Party Services

If you choose to authenticate using Google OAuth, we receive:

  • Your Google account email address
  • Your Google profile name and picture (if you grant permission)
  • Basic profile information as permitted by your Google account settings

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI content generation services
  • Account Management: To create and manage your account, authenticate users, and process subscriptions
  • AI Content Generation: To process your content generation requests using OpenAI's GPT models
  • Payment Processing: To process payments and manage subscriptions through Stripe
  • Communication: To send service updates, security alerts, and respond to your inquiries
  • Analytics and Improvement: To analyze usage patterns and improve our Service
  • Security: To detect, prevent, and address fraud, security issues, and technical problems
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Third-Party Services and Data Sharing

We use the following third-party services to operate our platform:

4.1 Infrastructure and Database

  • Supabase: Database hosting and authentication services (data stored in secure PostgreSQL databases)
  • Vercel: Application hosting and deployment platform
  • Upstash: Redis database for caching and queue management (QStash for background job processing)

4.2 AI and Content Generation

  • OpenAI: AI content generation using GPT-4 and other models. Your content prompts and generated content are processed by OpenAI's API. Please review OpenAI's privacy policy at https://openai.com/privacy

4.3 Payment Processing

  • Stripe: Payment processing and subscription management. Stripe handles all payment card information securely. We never store your full credit card details. Review Stripe's privacy policy at https://stripe.com/privacy

4.4 Authentication

  • Google OAuth: Optional third-party authentication. Review Google's privacy policy at https://policies.google.com/privacy

4.5 When We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With third-party vendors listed above who perform services on our behalf
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

5. Data Retention and Storage

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Data: Retained while your account is active and for 90 days after account deletion
  • Content Data: Retained while your account is active; permanently deleted upon account deletion
  • Payment Records: Retained for 7 years to comply with tax and financial regulations
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely for service improvement
  • Legal Holds: Data may be retained longer if required by law or legal proceedings

All data is stored securely using industry-standard encryption. Data at rest is encrypted in our Supabase PostgreSQL databases, and data in transit is encrypted using TLS/SSL protocols.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

  • Request a copy of your personal data in a machine-readable format
  • Access your account information and content through your dashboard

6.2 Correction and Update

  • Update your profile information, email, and preferences at any time through your account settings
  • Request correction of inaccurate or incomplete data

6.3 Deletion

  • Delete your account and associated data through your account settings
  • Request deletion of specific content or information
  • Note: Some information may be retained as required by law or for legitimate business purposes

6.4 Opt-Out and Restrictions

  • Opt out of marketing communications (service-related emails cannot be opted out)
  • Disable cookies through your browser settings (may affect Service functionality)
  • Revoke third-party authentication permissions through your Google account settings

6.5 Object to Processing

  • Object to certain types of data processing where we rely on legitimate interests
  • Withdraw consent for data processing based on consent

To exercise any of these rights, please contact us at privacy@useblogster.com. We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: All data in transit uses TLS 1.2+ encryption; data at rest is encrypted using AES-256
  • Authentication: Secure password hashing using bcrypt; support for OAuth 2.0 authentication
  • Access Controls: Role-based access control (RBAC) and Row Level Security (RLS) policies
  • Infrastructure Security: Hosted on secure, SOC 2 compliant platforms (Vercel, Supabase)
  • Monitoring: Continuous security monitoring and logging of suspicious activities
  • Regular Updates: Regular security patches and dependency updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

Our servers and third-party service providers are located in:

  • United States: Vercel (hosting), Stripe (payments), OpenAI (AI processing)
  • Various Regions: Supabase and Upstash may store data in regions you select or closest to you

We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@useblogster.com. We will delete such information from our systems promptly.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

To exercise these rights, contact us at privacy@useblogster.com or call us at [phone number]. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis for Processing: We process your data based on consent, contract performance, legal obligations, and legitimate interests
  • Data Protection Officer: Contact our DPO at dpo@useblogster.com
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority
  • Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects

12. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication and basic Service functionality
  • Session Cookies: Maintain your logged-in state (deleted when you close your browser)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use our Service

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Blogster

Email: privacy@useblogster.com

Support: support@useblogster.com

Data Protection Officer: dpo@useblogster.com

We will respond to all requests within 30 days. For urgent privacy or security concerns, please mark your email as "URGENT" in the subject line.

15. AI-Specific Privacy Considerations

Because we use AI technology (OpenAI's GPT models) to generate content, please be aware:

  • Content Processing: Your prompts and generation requests are sent to OpenAI's API for processing
  • OpenAI's Data Usage: As of March 1, 2023, OpenAI does not use data submitted via their API to train their models unless you explicitly opt in
  • Content Ownership: You retain all rights to content you create using our Service, subject to our Terms of Service
  • Sensitive Information: Do not include sensitive personal information, confidential data, or trade secrets in your generation prompts
  • AI Limitations: AI-generated content may not always be accurate and should be reviewed before publication

For more information about how OpenAI handles data, please review their privacy policy at https://openai.com/privacy and their API data usage policy.