BlogAmplify

Privacy Policy

Last updated: March 15, 2026

BlogAmplify ("we," "us," or "our") operates the AI-powered SEO blog automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered SEO blog automation platform at blogamplify.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Data

When you create an account, we collect your name and email address via Supabase Auth (email signup or Google OAuth).

1.2 Website & Business Data

To provide the Service, we collect information you provide about your business: website URLs, business name, industry, products/services, target audiences, brand colors, and content preferences.

1.3 Third-Party Credentials

You may provide the following credentials to enable integrations:

  • Shopify — OAuth access tokens
  • WordPress — Application Passwords
  • Notion — OAuth access tokens
  • Google Search Console — OAuth access tokens
  • Webhook endpoints — URLs and optional signing secrets

All credentials are encrypted before storage and are never shared with any party other than the intended service provider.

1.4 Generated Content

We store AI-generated blog posts, content plans, topics, and metadata (meta descriptions, URL slugs, schema markup) that the Service produces on your behalf.

1.5 AI-Generated Images

Images generated by the Service are stored on Amazon Web Services (AWS) S3 cloud storage.

1.6 Analytics Data

If you connect Google Search Console, we retrieve and store search performance metrics (impressions, clicks, average position, queries) to display in your dashboard.

1.7 Technical Data

We automatically collect certain technical information: IP address, browser type and version, device information, and pages visited. This data is used for security, debugging, and service improvement.

2. How We Use Your Data

We use your data for the following purposes:

  • Account management — creating and maintaining your account
  • Content generation — using AI providers to generate blog content on your behalf
  • Publishing — publishing generated content to your connected platforms (Shopify, WordPress, Notion, webhooks)
  • Analytics — displaying Google Search Console performance data in your dashboard
  • Image generation & storage — generating and storing AI images for your articles
  • Service improvement — analyzing usage patterns to improve features (aggregated, non-personal data only)
  • Communication — sending essential service notifications (account, security, feature updates)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contractual necessity — account management, content generation, publishing, and analytics are necessary to provide the Service you requested
  • Consent — Google OAuth, Google Search Console access, and any non-essential cookies (if added in the future)
  • Legitimate interest — service improvement, security monitoring, and fraud prevention

4. Third-Party Service Providers

We work with third-party service providers to operate the platform. These include providers for authentication and database hosting, cloud storage, AI content and image generation, web research, video discovery, and content publishing. Data shared with each provider is limited to what is necessary for their specific function.

5. International Data Transfers

Your data may be processed in countries outside your country of residence, including regions where our infrastructure providers and AI service providers operate. We ensure appropriate safeguards are in place for all international transfers.

For users in the European Economic Area (EEA), transfers to countries without an EU adequacy decision are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Data Retention

  • Active account — data is retained for as long as your account remains active
  • Account deletion — personal data is deleted within 30 days of your request; backups are purged within 90 days
  • Generated content — retained until you delete it or your account is terminated, plus a 90-day grace period
  • Integration credentials — deleted immediately upon your request or account deletion
  • Technical logs — retained for up to 90 days for security and debugging purposes

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Data portability — receive your data in a machine-readable format (JSON)
  • Restrict processing — request that we pause processing while a dispute is resolved
  • Object to processing — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent at any time without affecting prior processing
  • Lodge a complaint — with your local data protection authority

To exercise any of these rights, contact us at support@blogamplify.com.

8. Cookies

We use strictly necessary cookies for authentication and session management. These cookies are essential for the Service to function and do not require consent under the ePrivacy Directive.

We do not currently use analytics, advertising, or tracking cookies. If this changes in the future, we will update this policy and implement a consent mechanism.

9. Children's Data

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Security

We implement the following security measures to protect your data:

  • Encryption of all credentials and sensitive data at rest
  • HTTPS/TLS encryption for all data in transit
  • Supabase Row Level Security (RLS) policies for database access control
  • OAuth 2.0 with CSRF protection for third-party integrations
  • Regular security assessments and dependency updates

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account at least 15 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: support@blogamplify.com