Privacy Policy

Thank you for choosing nxtblog.ai (“we”, “us”, or “our”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our SaaS platform (“Service”), which integrates with Content Management Systems (CMS) and uses OpenAI’s API to help you create and manage blog articles.

Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understood this policy.

1. Data Controller Contact Information

Johnny Kessler
Grindelallee 7
20146 Hamburg, Germany
Email: [email protected]

We are the entity responsible for the collection and processing of your personal data in connection with the Service.

2. Data We Collect

Account Information:

  • Registration Data: When you sign up or log in through Google or GitHub, we receive your name and email address.
  • Billing Information: We use Stripe for payment processing. Stripe may collect your billing and payment details, including credit card information and billing address. We do not store full credit card details on our servers.

User-Generated Content:

You may upload and publish content (e.g., blog articles, images) to your CMS through our Service. This content may contain personal data if you choose to include it. You have full control over the content you create and publish.

Website and Analytics Data:

We use Google Analytics 4 (“GA4”) to collect usage data, such as pages visited, session duration, and interactions with our platform. GA4 may process your IP address and other online identifiers. GA4 is used without placing non-essential cookies where possible, in accordance with EU guidance.

Third-Party Integrations:

If you integrate your CMS or use third-party services through our platform, we may process data that flows through these integrations. For example, we receive the URL and general information about your website to facilitate content publishing.

3. How We Collect Your Data

Directly from You:

  • When you register or log in using Google or GitHub sign-in
  • When you provide content or interact with our platform
  • When you submit payment information via Stripe’s portal

Automatically:

  • Through GA4 tracking when you use our Service
  • By accessing public information from your website integrations

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and under the following legal bases:

  • Providing Our Service: To authenticate your account, integrate with your CMS, create and manage blog articles. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
  • Billing and Payments: To process your subscription fees and handle invoicing via Stripe. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and Legal obligation (Art. 6(1)(c) GDPR) for accounting purposes.
  • Analytics and Improvements: To understand how our Service is used and to improve it. GA4 helps us measure performance without reliance on invasive cookies. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) in optimizing our platform.
  • Compliance and Enforcement: To comply with applicable laws, respond to requests from authorities, and enforce our Terms of Service. Legal basis: Legal obligation (Art. 6(1)(c) GDPR) and Legitimate interests (Art. 6(1)(f) GDPR).

5. Data Sharing and Transfers

Third-Party Processors:

  • Stripe: For payment processing. Stripe may process your billing details subject to their own privacy policy.
  • Google Analytics 4: For analytics. GA4 may process IP addresses and usage data to help us understand user behavior.
  • OpenAI: We use OpenAI’s API to generate content. Your content, which may contain personal data, is sent to OpenAI for processing. While we do not actively pseudonymize or anonymize this data, we encourage you to avoid including unnecessary personal data in content you submit for processing.

Our servers are located in the EU. Some of our processors (such as OpenAI, Google, and Stripe) may store or process data outside the European Economic Area. In such cases, we rely on EU Standard Contractual Clauses (SCCs) or other appropriate safeguards to ensure your data receives an adequate level of protection.

6. Data Retention

We keep personal data only as long as it is necessary for the purposes described in this Policy, including fulfilling contractual obligations and meeting legal retention requirements. After that, we delete or anonymize your data.

Account and associated data are deleted when you request account deletion or when it is no longer needed to provide the Service.

If you wish to have your data deleted, please contact us at [email protected]. We will handle your request in accordance with GDPR requirements.

7. Your GDPR Rights

Under the GDPR, you have certain rights regarding your personal data:

  • Right of Access: You can request information about your personal data we hold.
  • Right to Rectification: You can request corrections to your personal data if it is inaccurate or incomplete.
  • Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data, subject to certain legal limitations.
  • Right to Restriction of Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format.
  • Right to Object: You may object to processing based on our legitimate interests or direct marketing.
  • Right to Withdraw Consent: If you have given consent, you can withdraw it at any time.

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with a supervisory authority. In Germany, you can contact the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).

8. Data Security

We take appropriate technical and organizational measures to secure your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit (e.g., HTTPS), restricted access controls, and regular security assessments.

9. Children’s Data

Our Service is not intended for children under 16 years of age. We do not knowingly process personal data of children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

10. Cookies and Tracking Technologies

We primarily rely on GA4 for analytics. GA4 may process user data in a manner that reduces reliance on cookies or does not require a cookie banner under current regulations. Should we implement other cookies or tracking technologies in the future, we will update this policy and ensure compliance with applicable cookie consent requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data processing practices, please contact us at:

Email: [email protected]

By using our Service, you agree to the terms of this Privacy Policy.