Back
Legal

Privacy Policy

Last updated: 2026-06-28 · Effective: 2026-06-28

1. What we collect

When you sign up, we collect your email address and, if you use social sign-in, the provider's account identifier. If you connect a site, we collect the site URL, the publishing username or account name, and the publishing credential (API key or application password, encrypted at rest). Billing details are collected by our payment processor; we do not store your full card number on our servers.

We log aggregate operational metrics (volume published, quality decisions, response times) to run and improve the service.

2. What we do with it

Email is used for transactional notices (welcome, password reset, trial expiration, billing). We do not send marketing email without opt-in.

Publishing credentials are used solely to publish content to your site. They are encrypted at rest, never logged in plaintext, never shared, and never used for any purpose other than publishing on your behalf.

If you commission content from a brief or supply reference links, we retrieve the content at those links so we can use it as editorial source material. Only submit links you are entitled to use, and do not include sensitive personal data in briefs or source material.

Billing information is processed by our payment processor (merchant of record) under its own privacy policy.

3. Categories of service providers

We share the minimum data necessary with vetted service providers who help us operate. By category:

  • Payment processor (merchant of record) — billing, payment, and tax compliance.
  • Email delivery provider — transactional email.
  • Infrastructure, content delivery, and security providers — to operate, deliver, and protect the service.
  • Sign-in providers — only if you choose social sign-in; we receive your account identifier and email.
  • Content-processing providers — content inputs and outputs are processed by specialized providers to produce your articles. We do not include personally identifying customer information in these payloads beyond what is required for editorial context.

We do not sell your data. We do not use it for advertising. A current list of sub-processors is available on request to the contact below.

4. Where it lives

Application data is stored on infrastructure we control, with encrypted backups. Access is restricted to authorized personnel under confidentiality obligations. Some processing is performed by the service providers described in §3, which operate globally.

5. International data transfers

Because the service operates globally, personal data may be processed across multiple jurisdictions, which may be outside your country of residence and may not offer the same level of data protection. Where data originates in the European Union or United Kingdom, we rely on appropriate transfer mechanisms (Standard Contractual Clauses or equivalent) with our processors.

6. Retention

Active accounts: data is retained as long as the account is active. Cancelled accounts: data is deleted or irreversibly anonymized 30 days after cancellation, except records we must keep for legal compliance (such as proof of agreement to our terms and billing/tax records), which are retained for the period required by law and then deleted. Aggregate metrics may be retained longer in anonymized form for service-quality analysis.

7. Your rights (GDPR / UK GDPR / CCPA)

You have the right to access, correct, export, restrict processing of, or delete your personal data, and to lodge a complaint with your data-protection authority. Email [email protected] to exercise these rights. We respond within 30 days.

8. Cookies, analytics & diagnostics

We use strictly necessary cookies for authentication on the dashboard. On this marketing site we use Google Analytics 4 to measure aggregate traffic. It runs under Google Consent Mode v2 with analytics and advertising storage denied by default — no analytics cookies are set unless you accept them in the cookie banner. We do not use advertising cookies, and we do not sell personal data.

We also use Sentry, a third-party error-monitoring service, to detect and diagnose technical faults in the dashboard and web app. When an error occurs, Sentry records the error details together with a short session replay of the moments leading up to it. These replays are captured only on an error and never during normal browsing, and all text, form inputs, and media are masked in your browser before anything is sent, so the recording contains no readable content, article text, or credentials. We use this data solely to diagnose and fix faults. It is never used for advertising and never sold.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated to active customers by email at least 30 days before they take effect.

10. Contact

For privacy questions, email [email protected].