LEGAL

Privacy Policy

Last updated: March 2026

EsyBlog is a writing tool. Trust is the product. This document explains what we collect, why we collect it, and the promises we make about your content. We wrote it to be read, not filed.

1. What We Collect

We collect three kinds of information:

  • Account data. Your name, email, hashed password, and billing details if you're on a paid plan.
  • Content. The drafts, outlines, datasets, and voice profiles you create inside EsyBlog. You own this. We store it so you can keep working on it.
  • Usage data. Logs, error traces, feature usage, and aggregated metrics we use to keep the product running and improve it.

2. How We Use Data

We use what we collect to:

  • Provide, maintain, and secure the service.
  • Process payments and send billing receipts.
  • Answer support requests and fix bugs.
  • Send essential service notifications (outages, security issues, terms changes). Marketing emails are opt-in and separate.
  • Understand how the product is used in aggregate, so we can make it better.

That's it. We don't sell your data to anyone, ever.

3. AI Training Data Policy

We do not use customer data or customer-generated articles to train any AI model, ours or anyone else's. This is a hard commitment, not a default setting you have to opt out of.

Your drafts, your outlines, your datasets, your voice profiles, and the content our engine generates for you are yours. They are not a training corpus. They are not a competitive advantage we extract from your work. When we evaluate model performance, we use public benchmarks and data we've licensed or created ourselves. Never customer content.

Third-party model providers we use for inference are contractually bound not to train on the prompts and completions we send them on your behalf. We maintain zero-data-retention agreements where available.

4. Third-Party Services

We use a small, deliberate set of vendors to run EsyBlog. Rather than list specific companies (which change), we'll be transparent about the categories:

  • Cloud hosting and edge delivery.
  • Database and object storage.
  • Payment processing and subscription billing.
  • Transactional email delivery.
  • Privacy-respecting product analytics.
  • Customer support tooling for our contact form.
  • AI model inference providers under strict data agreements.

Every vendor we choose signs a data processing agreement, handles data within jurisdictions we trust, and is reviewed before onboarding.

5. Cookies

We use a minimal set of cookies: essential ones for authentication and security, and a lightweight analytics cookie to understand aggregate usage. Full details, including names and durations, live in our Cookie Policy.

6. Your Rights

No matter where you live, you can ask us to show you the data we hold about you, correct it, delete it, or export it in a portable format. If you're in the EU or UK, you have these rights under the GDPR. If you're in California, you have them under the CCPA/CPRA. We honor the same rights for everyone else, because it's the right thing to do.

To exercise any of these rights, write to us through the contact form. We respond within 30 days.

7. Data Retention

We keep your content as long as your account is active. If you delete content, it's removed from live systems immediately and purged from backups within 30 days. If you close your account, we delete personal data and content within 30 days, keeping only what we're legally required to retain (invoices, tax records) for the minimum period.

8. Security

We encrypt data in transit with TLS and at rest in our databases. Access to production systems is restricted, logged, and audited. We run regular vulnerability scans and fix issues quickly. No system is perfectly secure, but we take this seriously. The alternative is a product nobody can trust.

If we ever experience a breach that affects your data, we'll notify you without undue delay and explain what happened, what we're doing about it, and what you should do.

9. International Transfers

EsyBlog is based in the United States, and data may be processed there or in other jurisdictions where our vendors operate. When we transfer personal data out of the EU/UK, we rely on Standard Contractual Clauses and equivalent safeguards to keep your rights intact.

10. Changes

We may update this Privacy Policy as the product and the law evolve. When we do, we'll update the "last updated" date and, for material changes, notify account holders directly. We won't weaken the AI training commitment above without telling you clearly and in advance.

11. Contact

For any privacy-related request (access, correction, deletion, portability, or general questions), please use our contact form. A real person will read your message.