Back to home

Privacy Policy

Last updated: April 30, 2026

How we process personal data on blog-maker.com and blog-maker.de. GDPR compliant.

1. Controller

Controller for data processing is Digital Mind Agency Ltd., Evagora Pallikaridi 38, 8010 Paphos, Cyprus, registered in the Cypriot company registry under HE 428155. Represented by Oliver Albrecht. Contact: hello@blog-maker.com.

2. What data we collect

We process only the data necessary to operate the service. On registration we store your name, email address, and a hashed password (bcrypt). On creating a brand we store domain, brand voice texts, and WordPress connection data (app-password encrypted at-rest). For article generation we store topics, outlines, pipeline outputs, and final content. If you use Stripe Checkout we forward name, email, and customer ID to Stripe; we only store the Stripe customer ID locally.

3. Cookies

We set technically necessary cookies for login session, locale (de/en), and A/B variant persistence. These are permitted without consent (Art. 6(1)(f) GDPR, legitimate interest). Optional cookies (analytics, marketing) are only set after your consent via the cookie banner.

4. Third parties with consent

With your consent we use: Google Analytics 4 (anonymized IP, reach measurement), Microsoft Clarity (anonymized heatmaps and session replays), Meta Pixel (conversion tracking, custom audiences). You can revoke consent any time via 'Cookie Settings' in the footer.

5. Third parties without consent (data processors)

Necessary for the service: Anthropic PBC (USA, AI article generation via Claude API). Per Anthropic Commercial Terms, API inputs are NOT used to train models by default (source: privacy.claude.com 'Is my data used for model training'). Standard Contractual Clauses (SCC) are auto-incorporated in the Anthropic Commercial DPA. Data is processed and stored in the USA. Stripe Payments Europe Ltd. (Ireland/USA, payment processing, own SCC). Sentry (USA, error tracking with anonymized source maps, SCC). Plesk mail server (EU, transactional mail).

6. Hosting and storage location

Server infrastructure: Davico Deutschland GmbH (dawico.de), certified to ISO 27001 / ISO 50001 / ISO 9001, locations Berlin and Frankfurt am Main, Germany. Data Processing Agreement (DPA) under Art. 28 GDPR is in place. PostgreSQL 16 database encrypted at-rest, daily backups, 30-day retention. Account data, brand data, and article volumes remain in Germany. Only individual API calls to Anthropic Claude leave the EU. On request we can future-set Anthropic's `inference_geo` parameter to anchor inference compute in a specific region (1.1x token surcharge). Anthropic data storage currently remains in the USA with SCC protection.

7. Retention period

Account data is deleted 90 days after account deletion. Articles and brand data are deleted by the user actively. Stripe-related data is kept for 10 years per commercial-law requirements. Server logs are anonymized after 30 days.

8. Your rights (GDPR)

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), objection (Art. 21), data portability (Art. 20). Send an email to hello@blog-maker.com. We respond within 30 days. You can also file a complaint with the relevant supervisory authority (in Cyprus: Office of the Commissioner for Personal Data Protection, https://www.dataprotection.gov.cy).

9. Security

Encrypted connection (TLS 1.3, HSTS), password hashing (bcrypt cost 12), brand credentials AES-256 encrypted, regular security audits, Sentry for real-time error monitoring. In case of data breaches we inform you and the supervisory authority within 72 hours.

10. Changes

We update this policy when features or processors change. Last change: April 30, 2026. We inform you by email about material changes.