Privacy Policy

1.1 Information you provide directly

• Account information. Your name, email address, password (hashed), and any profile details you add in Settings.
• Brand kit data. Logos, brand colors, fonts, tone of voice, target audience, and any reference material you upload (PDFs, screenshots, URLs).
• Content you create. Topics, drafts, captions, generated images, scheduled posts, analytics annotations.
• Billing information. Plan tier, billing address, and payment metadata. Card numbers are handled exclusively by Stripe and never touch our servers.
• Support correspondence. Anything you write to us at support@blendin.ai.

1.2 Information collected automatically

• Authentication metadata. Login timestamps, IP address (used for security and abuse detection), browser user agent, and the authentication provider you used.
• Usage data. Pages viewed in the app, features used, generation counts, and error logs (stored to debug issues and enforce plan limits).
• Anti-abuse signals. Because the Free plan does not require a credit card, we use a device fingerprint, an optional phone verification token (SMS OTP), and rate-limit signals to prevent the creation of multiple Free accounts by the same person. This information is used solely to enforce our one-Free-account-per-person rule and to block automated abuse. It is not shared with advertisers.
• Cookies and local storage. We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We do not use third-party advertising cookies.

1.3 Information from third-party sign-in providers

When you sign in with Google, LinkedIn, or Facebook, we receive a limited set of profile fields to create or identify your BlendIn account.

From Google (sign-in only). Your email address, full name, profile picture URL, and Google account ID. We request only the standard openid, email, and profile OAuth scopes. We do not access Gmail, Google Drive, Calendar, Contacts, or any other Google service. Google user data received via these scopes is used solely to create and authenticate your BlendIn account, prefill your name and avatar, and personalize the app interface.

From LinkedIn.Your LinkedIn profile information (name, headline, profile picture, member URN), your email address, and (only if you grant the corresponding scope) the list of company pages you administer. We use this information to (a) authenticate you, (b) display the right "personal" and "company" profile selectors in the app, and (c) publish posts on your behalf when you explicitly choose to publish. We never post to LinkedIn without an explicit publish action from you. We do not read your LinkedIn feed, your messages, your connections, or any other LinkedIn data we are not authorized to access.

From Facebook (sign-in only). Your email address, full name, profile picture URL, and Facebook account ID. We request only the standard email and public_profile permissions. We do not access your Facebook friends list, posts, photos, or any other Facebook data beyond what is needed to create your BlendIn account.

1.4 Information from connected social platforms

When you connect Instagram or Facebook to publish content, we receive additional data:

From Instagram (publishing). Your Instagram Business or Creator account ID, username, profile picture, and the list of media you publish through BlendIn. We use this information to (a) display your connected Instagram account in the app, (b) publish feed images and carousels on your behalf when you explicitly choose to publish, and (c) track which content was published. We never access your Instagram DMs, stories, followers list, or insights beyond what is needed to publish content.

From Facebook Pages (publishing). Your Facebook Page ID, name, and access token. We use this to publish image and text posts to your Facebook Page when you explicitly choose to publish. We never access your personal Facebook profile, friends list, groups, or any data from the Page beyond what is required for publishing.

We use the information described above only to:

• Provide the Service: create your account, authenticate you, generate content, render carousels, schedule and publish posts, process payments, and serve the app interface.
• Improve the Service: debug errors, monitor performance, prevent abuse, and develop new features. We may use aggregated, de-identified usage statistics for product analytics.
• Communicate with you: send transactional emails (welcome, password reset, billing, win-back, security notices) and respond to support requests. We do not send marketing emails without your explicit consent.
• Enforce our Terms and protect the Service against fraud, abuse, and security threats.
• Comply with legal obligations and respond to lawful requests from authorities.

We share information only with the third-party processors required to operate the Service, and only the minimum needed:

Each processor is bound by its own privacy and security commitments. We do not share data with these processors for any purpose other than operating the Service for you.

We may also share information when we are legally required to do so (subpoena, court order, or to prevent fraud or imminent harm to a person), or as part of a corporate transaction (merger, acquisition, asset sale), in which case the acquirer will be bound by this Privacy Policy or notify you of any changes.

• Account data is retained while your account is active and for up to 30 days after you delete your account, after which it is permanently removed from our production systems. Encrypted backups may persist for up to an additional 30 days before being overwritten.
• Content and brand kits are retained while your account is active and deleted on the same schedule above.
• OAuth tokens (LinkedIn, Instagram, Facebook, Threads) are encrypted at rest with AES-256-GCM and deleted immediately when you disconnect the respective platform from Settings, or when your account is deleted.
• Billing records are retained for the period required by tax and accounting laws in our jurisdiction (typically 7 years).
• Server logs containing IP addresses and request metadata are retained for up to 90 days for security and debugging purposes.

You can request deletion of your account and all associated personal data at any time by emailing support@blendin.ai from the email address registered to your account. We will:

1. Confirm the request within 3 business days.
2. Disconnect any third-party integrations (LinkedIn, Instagram, Facebook, Threads, etc.) from your account.
3. Permanently delete your account and content from production systems within 30 days of the request.
4. Confirm completion in writing.

You can also export your data on request. We will deliver a machine-readable archive of your account, content, and brand kit within 30 days.

We take security seriously. We:

• Encrypt OAuth tokens (LinkedIn, Instagram, Facebook, Threads, Google) at rest with AES-256-GCM and transmit all data over TLS 1.2+.
• Hash passwords with industry-standard algorithms managed by our authentication provider.
• Use Row-Level Security in our database so each user can only access their own rows.
• Apply per-user rate limits on expensive endpoints to prevent abuse.
• Regularly audit our codebase for common vulnerabilities (IDOR, SSRF, XSS, CSRF, open redirect).
• Restrict access to production systems to authorized personnel.

No system is perfectly secure, but we make a continuous, good-faith effort to protect your information. If you believe you've found a security vulnerability, please contact support@blendin.ai with the details.

BlendIn operates globally and uses processors located in multiple jurisdictions, primarily the United States and the European Union. By using the Service you acknowledge that your data may be processed and stored in countries outside your country of residence. Where required by law (e.g., GDPR), our processors operate under appropriate safeguards such as Standard Contractual Clauses.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Deleteyour information ("right to be forgotten").
• Export your information in a portable format.
• Object to or restrict certain processing.
• Withdraw consent to optional processing at any time.
• Lodge a complaint with your local data protection authority.

You can exercise any of these rights by emailing support@blendin.ai. We may need to verify your identity before fulfilling the request.

BlendIn is not intended for users under the age of 16 (or the minimum age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please email support@blendin.ai and we will delete it.

BlendIn integrates with Meta Platforms, Inc. ("Meta") services, specifically Instagram and Facebook, via the Facebook Graph API and Facebook Login for Business. This section describes how we handle data received from Meta.

Data we access from Meta

• Facebook Login: email address, name, profile picture (public_profile and email permissions only).
• Instagram Business: account ID, username, profile picture, published media metadata.
• Facebook Pages: Page ID, Page name, Page access token.
• Threads (when connected): Threads account ID, username, and access token. Threads publishing is currently available to registered testers only, pending Meta App Review.

How we use Meta data

• Facebook Login data is used solely for account authentication and profile display.
• Instagram and Facebook Page data is used solely to publish content you explicitly choose to publish and to display your connected accounts in the app.
• We do not use Meta data for advertising, analytics, or any purpose unrelated to the core publishing functionality.

Data retention for Meta data

• OAuth tokens are encrypted with AES-256-GCM and deleted when you disconnect the platform or delete your account.
• Published content metadata is retained while your account is active and deleted per our standard retention schedule (Section 4).
• We do not store copies of content published to Instagram or Facebook beyond what is needed to display publishing history in the app.

Data sharing

• We do not sell, license, or share Meta platform data with any third party.
• We do not use Meta data to build user profiles for advertising.
• Meta platform data is not transferred to any data broker or advertising network.

User control

• You can disconnect Instagram or Facebook at any time from Settings.
• Disconnecting immediately revokes our access and deletes stored tokens.
• You can request deletion of all Meta-related data by emailing support@blendin.ai.

We use only strictly necessary cookies and local storage to:

• Keep you signed in across browser tabs.
• Remember your theme (light, dark, system) and timezone preferences.
• Persist in-progress generation status so you can refresh without losing your place.

We do not use third-party advertising cookies, behavioral retargeting cookies, or analytics cookies that identify you personally.

We may update this Privacy Policy from time to time. If we make material changes (for example, adding a new category of data we collect or a new third-party processor), we will notify you by email or through a notice in the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

See also the Terms of Service, which govern your use of the Service and are incorporated by reference.

Questions, concerns, or requests about this Privacy Policy?

• Email support@blendin.ai
• Web: blendin.ai

FUENTES DIGITAL VENTURES LLC · Wyoming LLC Filing ID 2024-001561254 · 5830 E 2nd St, Ste 7000 #20312, Casper, WY 82609, USA.