Privacy Policy

The data controller responsible for your personal data is:

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at info@blogpump.com.

2.1 Information You Provide

• Account Data — name, email address, and password when you register.
• Profile Data — avatar, company name, website URL, language preferences, and workspace settings.
• Content Data — articles, prompts, custom writing rules, author profiles, and any text you create or upload.
• Payment Data — billing address and payment method details, processed and stored by Stripe, Inc. We do not store full card numbers.
• Communication Data — messages you send through our contact form or support channels.
• Integration Credentials — API keys and tokens for third-party platforms (WordPress, Webflow, Ghost, Shopify, Wix, Zapier) you connect, stored encrypted.
• Documents & Images — files you upload for workspace analysis (PDF, TXT, images), processed temporarily and deleted after analysis.

2.2 Information Collected Automatically

• Usage Data — pages visited, features used, actions taken, timestamps, and session duration.
• Device Data — browser type, operating system, screen resolution, and language settings.
• Log Data — IP address, referral URL, and server response codes.

We process your personal data on the following legal bases under GDPR:

• Contract Performance — to provide, operate, and maintain the BlogPump service, including AI content generation, scheduling, publishing, and integrations.
• Legitimate Interest — to improve our services, analyse usage patterns, prevent abuse, and ensure platform security.
• Consent — to send marketing communications (you may withdraw consent at any time).
• Legal Obligation — to comply with applicable laws, regulations, and legal processes.

Specifically, we use your data to:

• Create and manage your account and workspaces.
• Generate AI-powered articles, images, topics, and author profiles.
• Process payments, subscriptions, and credit transactions.
• Publish content to your connected platforms via integrations.
• Submit URLs to search engines (Google, Bing, Yandex, Seznam, Naver) on your behalf.
• Send transactional emails (welcome, article completion, billing receipts).
• Provide customer support and respond to enquiries.
• Detect, prevent, and address fraud and security issues.

We share your data only with trusted third-party processors necessary to deliver the Service:

OpenAI Data Use: Content sent to OpenAI's API for generation is processed in accordance with OpenAI's API Data Usage Policy. Your content is not used to train OpenAI's models when accessed via the API.

We never sell, rent, or trade your personal data to third parties.

We use the following types of cookies:

• Essential Cookies — required for authentication, session management, and core functionality. Cannot be disabled.
• Preference Cookies — remember your settings such as theme (light/dark) and language.
• Analytics Cookies — help us understand how the Service is used. We use privacy-respecting analytics.

You may manage cookies through your browser settings. Disabling essential cookies will impair core functionality.

We implement industry-standard technical and organisational measures to protect your data:

• All data transmitted over HTTPS with TLS 1.2+ encryption.
• Passwords hashed using bcrypt with salt.
• Integration credentials and API keys encrypted at rest using Fernet symmetric encryption.
• JWT-based authentication with short-lived access tokens and secure refresh token rotation.
• Role-based access controls and per-workspace data isolation.
• Regular server patching and security monitoring.

While we employ commercially reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

FOKUS SOLUTIONS LTD is registered in England and Wales. Your data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA), including the United States (for OpenAI, Stripe, and Firebase services).

Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• UK International Data Transfer Agreement (IDTA) where applicable.
• Data processing agreements with all sub-processors.

• Account Data — retained for the duration of your account. Deleted within 30 days of account deletion.
• Content & Articles — retained until you delete them or close your account.
• Payment Records — retained for 7 years to comply with tax and accounting regulations.
• Server Logs — retained for 90 days, then automatically purged.
• Uploaded Documents — processed temporarily for workspace analysis, then deleted within 24 hours.
• Backups — retained for up to 30 days after data deletion from production systems.

Under GDPR, UK GDPR, and other applicable laws, you have the following rights:

• Right of Access — request a copy of the personal data we hold about you.
• Right to Rectification — request correction of inaccurate or incomplete data.
• Right to Erasure — request deletion of your personal data ("right to be forgotten").
• Right to Restriction — request restriction of processing in certain circumstances.
• Right to Data Portability — receive your data in a structured, machine-readable format.
• Right to Object — object to processing based on legitimate interest or direct marketing.
• Right to Withdraw Consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@blogpump.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority, including the UK Information Commissioner's Office (ICO) at ico.org.uk.

BlogPump is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective date" at the top. Your continued use of BlogPump after changes constitutes acceptance of the revised policy.