Privacy Policy

1.1 Information you provide directly

• Account information. Your name, email address, password (hashed), and any profile details you add in Settings.
• Brand kit data. Logos, brand colors, fonts, tone of voice, target audience, and any reference material you upload (PDFs, screenshots, URLs).
• Content you create. Topics, drafts, captions, generated images, scheduled posts, analytics annotations.
• Billing information. Plan tier, billing address, and payment metadata. Card numbers are handled exclusively by Stripe and never touch our servers.
• Support correspondence. Anything you write to us at support@blendin.ai.

1.2 Information collected automatically

• Authentication metadata. Login timestamps, IP address (used for security and abuse detection), browser user agent, and the authentication provider you used.
• Usage data. Pages viewed in the app, features used, generation counts, and error logs (stored to debug issues and enforce plan limits). We also record your credit balance and credit usage to operate plan limits and billing.
• Anti-abuse signals. Because the Free plan does not require a credit card, we use limited device signals, an optional phone verification (SMS one-time code), and rate limits to prevent the creation of multiple Free accounts by the same person. This information is used solely to enforce our one-Free-account-per-person rule and to block automated abuse. It is not shared with advertisers.
• Cookies and local storage. We use strictly necessary cookies and local storage (to keep you signed in, remember your preferences, and store your cookie-consent choice) and, with your consent, optional analytics cookies: Google Analytics 4 via Google Tag Manager and PostHog. PostHog product analytics sets a first-party cookie on the .blendin.ai domain carrying an anonymous identifier so that a visitor can be recognised as the same person if they later sign up at app.blendin.ai; it also uses localStorage to store campaign and acquisition parameters (utm_*, click IDs) for signup attribution. PostHog honours the browser's Do-Not-Track (DNT) signal. If DNT is enabled in your browser, PostHog will not track you. Anonymous visitors do not receive a personal profile; profiles are created only once a user identifies in the app. In the EEA and UK all consent-based analytics (Google Analytics and PostHog) are off until you accept our cookie banner. We do not use third-party advertising cookies. See section 11 (Cookies) for details and how to change your choice.

1.3 Information from third-party sign-in providers

When you sign in with Google, LinkedIn, or Facebook, we receive a limited set of profile fields to create or identify your Blendin account.

From Google (sign-in only). Your email address, full name, profile picture URL, and Google account ID. We request only the standard openid, email, and profile OAuth scopes. We do not access Gmail, Google Drive, Calendar, Contacts, or any other Google service. Google user data received via these scopes is used solely to create and authenticate your Blendin account, prefill your name and avatar, and personalize the app interface.

From LinkedIn. Your LinkedIn profile information (name, headline, profile picture, member URN) and your email address. We use this information to:

• (a) authenticate you and create or update your Blendin account;
• (b) display your connected personal LinkedIn profile as a publishing destination in the app;
• (c) publish posts on your behalf to your own personal LinkedIn feed, exclusively when you explicitly choose to publish;
• (d) post a single AI-drafted or user-typed first comment on your behalf on the post Blendin just published, immediately after publication. The first comment is always attached to a post Blendin itself created seconds earlier on your behalf, and is authored by the same LinkedIn member who owns the post;
• (e) read post-level engagement metrics (reactions, comments, shares, impressions, clicks) strictly for posts that Blendin itself has published on your behalf, in order to surface a per-post performance dashboard inside Blendin so you can iterate on your content strategy.

We never post to LinkedIn without an explicit publish action from you. We do not read your LinkedIn feed, your messages, your connections, your followers list, follower demographics, audience-level analytics, or any LinkedIn data we are not authorized to access. We do not read engagement on content you authored outside of Blendin. We do not aggregate, resell, share, or expose any of your LinkedIn metrics to any other user, including teammates in the same workspace unless they are co-authorized on the same LinkedIn identity.

From Facebook (sign-in only). Your email address, full name, profile picture URL, and Facebook account ID. We request only the standard email and public_profile permissions. We do not access your Facebook friends list, posts, photos, or any other Facebook data beyond what is needed to create your Blendin account.

1.4 Information from connected social platforms

When you connect Instagram or Facebook to publish content, we receive additional data:

From Instagram (publishing). Your Instagram Business or Creator account ID, username, profile picture, and the list of media you publish through Blendin. We use this information to (a) display your connected Instagram account in the app, (b) publish feed images and carousels on your behalf when you explicitly choose to publish, and (c) track which content was published. We never access your Instagram DMs, stories, followers list, or insights beyond what is needed to publish content.

From Facebook Pages (publishing). Your Facebook Page ID, name, and access token. We use this to publish image and text posts to your Facebook Page when you explicitly choose to publish. We never access your personal Facebook profile, friends list, groups, or any data from the Page beyond what is required for publishing.

We use the information described above only to:

• Provide the Service: create your account, authenticate you, generate content, render carousels, schedule and publish posts, process payments, and serve the app interface.
• Improve the Service: debug errors, monitor performance, prevent abuse, and develop new features. We may use aggregated, de-identified usage statistics for product analytics.
• Communicate with you: send transactional emails (welcome, password reset, billing, win-back, security notices) and respond to support requests. We do not send marketing emails without your explicit consent.
• Enforce our Terms and protect the Service against fraud, abuse, and security threats.
• Comply with legal obligations and respond to lawful requests from authorities.

We share information only with the third-party processors required to operate the Service, and only the minimum needed:

Each processor is bound by its own privacy and security commitments. We do not share data with these processors for any purpose other than operating the Service for you.

We may also share information when we are legally required to do so (subpoena, court order, or to prevent fraud or imminent harm to a person), or as part of a corporate transaction (merger, acquisition, asset sale), in which case the acquirer will be bound by this Privacy Policy or notify you of any changes.

• Account data is retained while your account is active and for up to 30 days after you delete your account, after which it is permanently removed from our production systems. Encrypted backups may persist for up to an additional 30 days before being overwritten.
• Content and brand kits are retained while your account is active and deleted on the same schedule above.
• Voice Training data (derived from the posts you publish through Blendin, analyzed separately within each brand kit so future drafts sound like you) is keyed strictly to the originating brand kit and never crosses kits. It is deleted on the same schedule as the parent kit and account.
• OAuth tokens (LinkedIn, Instagram, Facebook, Threads) are encrypted at rest and deleted immediately when you disconnect the respective platform from Settings, or when your account is deleted.
• LinkedIn per-post engagement counters. Impressions, reactions, comments, shares, and clicks for posts Blendin published on your behalf are stored in our database, tied to the specific published post and the connected account. We actively sync these counters only for posts published within the last 14 days; older posts stop syncing and their last-known values are retained for the in-app dashboard. When you disconnect a LinkedIn channel, we delete the engagement rows associated with that channel within 24 hours. When you delete your Blendin account, all engagement data is purged immediately as part of the cascade.
• Anti-abuse retention after deletion of Free accounts. When a Free-plan account is deleted, we retain a one-way hashed identifier derived from the account for up to 90 days, for the sole purpose of preventing abuse of free-tier quotas by repeated re-registration. We never retain your cleartext email after deletion. The legal basis is legitimate interest under GDPR Article 6(1)(f). This retention does not apply to deleted paid accounts.
• Billing records are retained for the period required by tax and accounting laws in our jurisdiction (typically 7 years).
• Server logs containing IP addresses and request metadata are retained for up to 90 days for security and debugging purposes.

You can request deletion of your account and all associated personal data at any time by emailing support@blendin.ai from the email address registered to your account. We will:

1. Confirm the request within 3 business days.
2. Disconnect any third-party integrations (LinkedIn, Instagram, Facebook, Threads, etc.) from your account.
3. Permanently delete your account and content from production systems within 30 days of the request.
4. Confirm completion in writing.

You can also export your data on request. We will deliver a machine-readable archive of your account, content, and brand kit within 30 days.

We take security seriously. We:

• Encrypt OAuth tokens (LinkedIn, Instagram, Facebook, Threads, Google) at rest with AES-256-GCM and transmit all data over TLS 1.2+.
• Hash passwords with industry-standard algorithms managed by our authentication provider.
• Use Row-Level Security in our database so each user can only access their own rows.
• Apply per-user rate limits on expensive endpoints to prevent abuse.
• Regularly audit our codebase for common vulnerabilities (IDOR, SSRF, XSS, CSRF, open redirect).
• Restrict access to production systems to authorized personnel.

No system is perfectly secure, but we make a continuous, good-faith effort to protect your information. If you believe you've found a security vulnerability, please contact support@blendin.ai with the details.

Blendin operates globally and uses processors located in multiple jurisdictions, primarily the United States and the European Union. By using the Service you acknowledge that your data may be processed and stored in countries outside your country of residence. Where required by law (e.g., GDPR), our processors operate under appropriate safeguards such as Standard Contractual Clauses.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your information ("right to be forgotten").
• Export your information in a portable format.
• Object to or restrict certain processing.
• Withdraw consent to optional processing at any time.
• Lodge a complaint with your local data protection authority.

You can exercise any of these rights by emailing support@blendin.ai. We may need to verify your identity before fulfilling the request.

Blendin is not intended for users under the age of 16 (or the minimum age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please email support@blendin.ai and we will delete it.

Blendin integrates with Meta Platforms, Inc. ("Meta") services, specifically Instagram and Facebook, via the Facebook Graph API and Facebook Login for Business. This section describes how we handle data received from Meta.

Data we access from Meta

• Facebook Login: email address, name, profile picture (public_profile and email permissions only).
• Instagram Business: account ID, username, profile picture, published media metadata.
• Facebook Pages: Page ID, Page name, Page access token.
• Threads (when connected): Threads account ID, username, and access token. Threads publishing is generally available to all paid plan users.

How we use Meta data

• Facebook Login data is used solely for account authentication and profile display.
• Instagram and Facebook Page data is used solely to publish content you explicitly choose to publish and to display your connected accounts in the app.
• We do not use Meta data for advertising, analytics, or any purpose unrelated to the core publishing functionality.

Data retention for Meta data

• OAuth tokens are encrypted at rest and deleted when you disconnect the platform or delete your account.
• Published content metadata is retained while your account is active and deleted per our standard retention schedule (Section 4).
• We do not store copies of content published to Instagram or Facebook beyond what is needed to display publishing history in the app.

Data sharing

• We do not sell, license, or share Meta platform data with any third party.
• We do not use Meta data to build user profiles for advertising.
• Meta platform data is not transferred to any data broker or advertising network.

User control

• You can disconnect Instagram or Facebook at any time from Settings.
• Disconnecting immediately revokes our access and deletes stored tokens.
• You can request deletion of all Meta-related data by emailing support@blendin.ai.

11.1 Strictly necessary (always on)

These are required for the Service to work and don't need consent:

• Keep you signed in across browser tabs.
• Remember your theme (light, dark, system) and timezone preferences.
• Persist in-progress generation status so you can refresh without losing your place.
• Store your cookie-consent choice so we don't ask again.

11.2 Analytics (optional, consent-based)

To understand how the site is used and improve it, we use:

• Google Analytics 4, loaded through Google Tag Manager, which sets measurement cookies (for example, the _ga cookie) to count visits and understand traffic sources.
• PostHog (PostHog, Inc.), which collects anonymous usage events and page views to help us understand the visitor journey and unify the marketing funnel with the product funnel at app.blendin.ai (both run within the same PostHog project). PostHog sets a first-party cookie on the .blendin.ai domain carrying an anonymous identifier so that a visitor can be recognised as the same person if they later create an account. PostHog also stores campaign and acquisition parameters (utm_*, click IDs) in localStorage for signup attribution. It also produces heatmaps and session replays to help us improve the site; session replay masks all form inputs and is turned off on the free-tool pages. Anonymous visitors do not receive a personal profile; person profiles are created only once a user explicitly identifies in the app. PostHog honours the browser's Do-Not-Track (DNT) signal. If DNT is enabled, PostHog will not track you. Data is processed by PostHog, Inc. in the United States.

In the EEA and UK Google Analytics and PostHog are off by default and only run after you accept them in our cookie banner (Google Analytics uses Google Consent Mode v2; PostHog is simply not loaded until you accept). Outside those regions they run on an opt-out basis. You can change or withdraw your choice at any time by declining in the banner or by clearing this site's cookies and site data in your browser.

We do not use third-party advertising cookies or behavioral-retargeting cookies, and we do not sell your data.

We may update this Privacy Policy from time to time. If we make material changes (for example, adding a new category of data we collect or a new third-party processor), we will notify you by email or through a notice in the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

See also the Terms of Service, which govern your use of the Service and are incorporated by reference.

Questions, concerns, or requests about this Privacy Policy?

• Email support@blendin.ai
• Web: blendin.ai

FUENTES DIGITAL VENTURES LLC, a Wyoming LLC. Privacy questions: support@blendin.ai.