Privacy Policy

This Privacy Policy explains what information Blazto ("we", "us") collects when you use the Blazto API platform and dashboard (the "Service"), how we use it, and the choices and rights you have.

1. Information we collect

• Account information: name, email address, organization name, and authentication metadata used to create and secure your account.
• Billing information: billing address and tax identifier where applicable. Payment card details are collected and stored directly by our payment processor (Stripe) and are never stored on our servers.
• API key metadata: labels, key prefix, and last-used timestamps. Full API keys are stored only as a one-way cryptographic hash.
• Connected Platform data: OAuth tokens and identifiers that you explicitly authorize, used solely to perform the actions you request on the social and messaging platforms you connect.
• Usage and log data: API request metadata, error events, IP address, and device information used to operate, secure, and improve the Service.
• Communications: records of support tickets, emails, and other messages you send us.

2. How we use information

• To provide, maintain, secure, and improve the Service;
• To process subscriptions, billing, and tax compliance;
• To send service-related communications and respond to support requests;
• To detect, prevent, and respond to fraud, abuse, or security incidents;
• To comply with legal obligations and enforce our Terms.

3. Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Service), legitimate interests (to secure and improve the Service), consent (where required, e.g. certain cookies), and legal obligations (e.g. tax records).

4. Sharing

We do not sell personal information. We share data only with vetted service providers acting as processors on our behalf, including:

• Hosting & infrastructure: Cloudflare, Supabase;
• Payments: Stripe, Inc.;
• Email delivery: transactional email providers;
• Analytics & error monitoring: privacy-respecting product analytics and error reporting tools.

We may also disclose information when required by law, to respond to lawful requests by public authorities, or to protect the rights, property, or safety of Blazto, our users, or others.

5. International transfers

Your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. Retention

We retain account information for as long as your account is active. After cancellation, we retain limited records as required for legal, tax, accounting, and abuse-prevention purposes, typically for up to seven (7) years. You may request earlier deletion at any time.

7. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest where supported by our infrastructure, hashed API keys, row-level access controls, and least-privilege access for personnel. No system is 100% secure; please report any suspected vulnerability to security@blazto.com.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. To exercise these rights, contact privacy@blazto.com. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use a minimal set of strictly necessary cookies to keep you signed in and to remember your preferences, plus aggregated product analytics to improve the Service. We do not use cookies for third-party advertising.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice.

12. Contact

Privacy questions or data requests: privacy@blazto.com