Privacy policy
Last updated: 3 July 2026
1. Who is responsible for your data
Content Engine is the data controller for personal data collected through this website and the service. Data controller details: [COMPANY NAME], [ADDRESS], [CONTACT EMAIL]. Complete before launch.
2. What we collect and why
- Free sample requests: the website address you enter, an optional email address, and your IP address. We use these to produce your sample article, to send it to you if you asked us to, and to prevent abuse of the free offer (the IP address is used for rate limiting). Legal basis: legitimate interests.
- Account and billing data: your name, email address, business name and subscription history. We use these to run your subscription, provide the customer portal and send service emails. Legal basis: performance of a contract.
- Payment data: handled by Stripe. We never see or store your full card details; we hold only a reference to your Stripe customer record and invoice status.
- Delivery credentials: if you connect a WordPress site, the application password you provide is stored encrypted and used solely to publish your content.
- Website content: to build your content profile we read the publicly available pages of the website you give us. This may incidentally include personal data your site displays publicly.
- Service logs: standard technical logs (IP address, pages requested, errors) kept for security and troubleshooting. Legal basis: legitimate interests.
3. Cookies
We use a single first-party session cookie that is essential for the site and portal to function (keeping you logged in, protecting forms). We do not use advertising cookies or third-party tracking cookies.
4. Who we share data with
We use a small number of processors to run the service:
- Stripe for payments and invoicing.
- Resend for sending transactional email.
- Cloudflare for bot protection on the free sample form.
- AI model providers (via OpenRouter) that process your public website text and our article briefs to generate your content. We do not send them your account or payment details.
- Our hosting provider, which stores the service's data in the UK.
We do not sell personal data to anyone.
5. How long we keep data
- Account and billing records: for the life of your account and afterwards as required for tax and accounting (typically 6 years).
- Free sample records: retained so the one-per-website limit works. The optional email address can be removed on request.
- Technical logs: rotated on a short cycle, typically within 90 days.
6. Your rights
Under UK GDPR you can ask for access to your personal data, correction, deletion, restriction of processing, portability, and you can object to processing based on legitimate interests. To exercise any of these, contact us using the details above. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).
7. Security
Data is stored on servers in the UK. Passwords are hashed, secrets and delivery credentials are encrypted at rest, connections use HTTPS, and access to production systems is restricted.
8. Changes to this policy
If we make significant changes we will email account holders before they take effect and update the date at the top of this page.