BlogFanatic SaaS

1. Introduction

BlogFanatic ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information in compliance with the EU General Data Protection Regulation (GDPR) and applicable UK data protection laws.

Data Controller: BlogFanatic.com Ltd (Company Number: 16801472), Registered Office: Moxon House, Moxon Street, Marylebone, London, United Kingdom, W1U 4EY

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password (encrypted)
Billing Information: Payment details processed securely by our payment processor
Website Credentials: WordPress, Shopify, or other platform credentials (encrypted) for publishing content
Communication: Messages and correspondence with our support team

2.2 Information Automatically Collected

Usage Data: Pages viewed, features used, time spent on the Service
Device Information: IP address, browser type, operating system, device identifiers
Cookies: Session cookies, authentication cookies, and analytics cookies
Log Data: Server logs including access times, pages requested, and technical errors

2.3 Content Data

AI-generated blog content and drafts
Website settings and publishing preferences
Content performance analytics and metrics

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance: To provide the Service you subscribed to
Legitimate Interests: To improve our Service, prevent fraud, and ensure security
Legal Obligation: To comply with tax, accounting, and legal requirements
Consent: For marketing communications (you can withdraw consent at any time)

4. How We Use Your Information

We use your personal data for the following purposes:

Providing and maintaining the BlogFanatic Service
Generating and publishing blog content to your websites
Processing payments and managing subscriptions
Sending service-related notifications and updates
Providing customer support and responding to inquiries
Improving and optimizing our Service
Detecting and preventing fraud, abuse, and security issues
Complying with legal obligations
Sending marketing communications (with your consent, which you can withdraw)

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

5.1 Service Providers

Cloud Hosting: For secure data storage and service infrastructure
Payment Processors: For secure payment processing (Stripe, PayPal)
AI Services: OpenAI, Anthropic, and other AI providers for content generation
Analytics: For understanding service usage and improving performance
Email Services: For sending service and marketing emails

5.2 Legal Requirements

We may disclose your data if required by law, court order, or regulatory authority, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Privacy Shield certification (where applicable)
Ensuring third-party processors comply with GDPR requirements

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption of data in transit (HTTPS/TLS) and at rest
Secure password hashing (bcrypt)
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Encrypted storage of sensitive credentials
Regular backups and disaster recovery procedures

7.1 Website Credentials and API Keys

To publish content to your WordPress, Shopify, or other platforms, you provide us with API credentials. We take the security of these credentials extremely seriously:

Enterprise-Grade Encryption: All API keys and website credentials are encrypted using industry-standard encryption before storage
Secure Secrets Management: Credentials are stored in secure, enterprise-grade secrets management infrastructure with strict access controls and audit logging
Zero-Knowledge Architecture: Credentials are encrypted with unique keys, ensuring they cannot be accessed in plaintext without proper authorization
Regular Security Audits: Our credential storage systems undergo regular security reviews and penetration testing
Limited Access: Only essential automated systems have access to encrypted credentials, and all access is logged and monitored
No Human Access: Our staff do not have access to your plaintext credentials

However, no method of transmission or storage is 100% secure. While we implement industry-leading security measures to protect your credentials, we cannot guarantee absolute security. We recommend:

Using application-specific API keys with limited permissions (not admin credentials)
Regularly rotating your API keys and credentials
Monitoring your website's access logs for unusual activity
Immediately revoking credentials if you suspect unauthorized access

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:

Active Accounts: Data retained while your account is active
Cancelled Accounts: Most data deleted within 30 days of cancellation
Billing Records: Retained for 7 years for tax and accounting purposes
Security Logs: Retained for up to 12 months for security and fraud prevention

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for marketing at any time
Right to Complain: Lodge a complaint with your data protection authority

To exercise any of these rights, contact us at hello@blogfanatic.com. We will respond within 30 days.

10. Cookies Policy

10.1 Types of Cookies We Use

Essential Cookies: Required for authentication and security (cannot be disabled)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how you use the Service
Marketing Cookies: Used for targeted advertising (with your consent)

10.2 Cookie Consent

We obtain your consent for non-essential cookies. You can manage cookie preferences in your browser settings.

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when changes were made. Continued use after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us:

BlogFanatic.com Ltd
Company Number: 16801472
Registered Office: Moxon House, Moxon Street, Marylebone, London, United Kingdom, W1U 4EY
Email: hello@blogfanatic.com

Data Protection Officer: hello@blogfanatic.com

BlogFanatic.com Ltd is a wholly-owned subsidiary of Moxon AI Group, with registered office at the same address.

14. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: https://ico.org.uk/
Telephone: 0303 123 1113