Privacy Policy

Effective Date: March 26, 2026

Blendo ("Blendo," "we," "our," or "us") operates the Blendo web platform, including the website located at blendo.com, the application at my.blendo.com, customer-hosted pages served via blendo.site subdomains and custom domains, and all related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard information in connection with the Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of the Service immediately.

1. Definitions

"Account Holder" means any individual or entity that creates an account on the Blendo platform to build, manage, or publish web pages.

"End User" or "Visitor" means any individual who accesses a web page created and published by an Account Holder through the Service.

"Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

"Processing" means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.

2. Our Dual Role: Controller and Processor

Blendo operates in two distinct capacities with respect to Personal Data:

As a Data Controller: We are the controller of Personal Data that we collect directly from Account Holders in connection with their use of the Blendo platform (e.g., account registration, billing, support communications).

As a Data Processor: When Account Holders use our Service to collect information from their End Users (e.g., through forms, analytics, and session recordings), Blendo acts as a data processor on behalf of the Account Holder, who is the data controller. We process End User data solely in accordance with the Account Holder's instructions and this Privacy Policy.

3. Information We Collect

3.1 Account Holder Information

When you create an account, we collect:

  • Full name and email address
  • Password (stored using industry-standard bcrypt hashing; we never store or have access to plaintext passwords)
  • Google account information if you authenticate via Google OAuth (name, email, and Google account identifier only)
  • Billing information processed through Stripe, Inc. (we do not store credit card numbers, CVVs, or full card details on our servers; Stripe is PCI DSS Level 1 certified)
  • Organization or business name, as provided during onboarding
  • API keys generated for programmatic access (stored as hashed values)

3.2 End User Analytics Data

When Visitors access pages published through the Service, our first-party analytics system collects the following information without the use of third-party cookies or cross-site tracking:

  • Pageview data: Pages visited, timestamps, and referral source
  • Engagement metrics: Time on page, scroll depth, and interactions with call-to-action elements
  • Device information: Device type (desktop, mobile, tablet), browser type, and operating system, derived from the User-Agent header
  • Geographic data: Country-level location derived from IP address (we do not perform sub-country geolocation)
  • UTM parameters: Campaign attribution data from URL query parameters (utm_source, utm_medium, utm_campaign)
  • Click coordinates: Anonymized click position data used to generate aggregate heatmap visualizations
  • Behavioral signals: Rapid repeated clicks ("rage clicks") and clicks on non-interactive elements ("dead clicks"), used solely for user experience analysis

Analytics data is transmitted via the browser's Beacon API to a first-party endpoint on the same domain as the published page. No data is sent to third-party analytics services, advertising networks, or data brokers.

3.3 Session Recordings

For Account Holders on qualifying plans, Blendo offers optional session recording functionality that captures a reconstruction of End User interactions with published pages. Session recordings:

  • Record Document Object Model (DOM) changes, mouse movements, scroll events, and click interactions
  • Automatically mask all password input fields — passwords are never captured
  • Respect the blendo-no-record CSS class, which Account Holders may apply to any page element to exclude it from recording
  • Are subject to configurable sampling rates (not all visitors are recorded)
  • Are stored in encrypted cloud storage and automatically deleted in accordance with the Account Holder's plan retention period

Session recordings do not capture keystrokes in password fields, data entered into fields marked as excluded, or any content outside the visible page.

3.4 Form Submission Data

When End Users submit forms on pages published through the Service, the submitted data is collected and stored on behalf of the Account Holder. The nature of this data is determined entirely by the Account Holder's form configuration and may include names, email addresses, phone numbers, messages, and other information the Account Holder chooses to collect. Blendo processes this data solely as a data processor acting on behalf of the Account Holder.

3.5 Payment Transaction Data

For pages that include payment functionality (donations, ticket purchases, product orders), payment processing is handled entirely by Stripe, Inc. Blendo receives and stores: transaction amount, currency, payer email address (if provided), and transaction status. We do not receive, process, or store credit card numbers, bank account information, or other sensitive financial instrument data.

4. How We Use Information

4.1 Account Holder Data

  • To create, maintain, and secure your account
  • To process subscription payments and manage billing
  • To provide customer support and respond to inquiries
  • To send transactional communications (account confirmations, billing receipts, security alerts)
  • To enforce our Terms of Service and prevent fraud or abuse
  • To improve the Service through aggregate usage analysis

4.2 End User Analytics Data

  • To generate aggregate analytics dashboards for Account Holders
  • To produce heatmap visualizations showing aggregate click patterns
  • To calculate engagement metrics (bounce rate, average time on page, scroll depth)
  • To power A/B testing and conversion optimization features
  • To enable conversion funnel analysis
  • To detect user experience issues (rage clicks, dead clicks, form abandonment)

Analytics data is processed at the network edge and aggregated into hourly buckets. Individual-level raw event data is retained for no more than seven (7) days at the edge before deletion. Aggregated, non-identifiable data is retained in accordance with the Account Holder's plan retention period.

4.3 AI-Powered Features

Blendo uses artificial intelligence to assist Account Holders with content generation, design suggestions, SEO optimization, and image generation. When AI features are used:

  • Account Holder inputs (text prompts, page content) are sent to our AI service provider for processing
  • AI-generated outputs are stored as part of the Account Holder's page content
  • We do not use Account Holder content or End User data to train AI models
  • Token usage is tracked per account for billing and quota enforcement purposes

5. Data Sharing and Disclosure

We do not sell, rent, or trade Personal Data to third parties. We share information only in the following limited circumstances:

5.1 Service Providers

  • Cloudflare, Inc. — Content delivery, edge computing, DNS, and DDoS protection. Cloudflare processes request metadata (IP addresses, headers) in the course of delivering the Service.
  • Stripe, Inc. — Payment processing. Stripe's handling of payment data is governed by the Stripe Privacy Policy.
  • Anthropic, PBC — AI content generation. Prompts and generated content are processed in accordance with Anthropic's Privacy Policy. Anthropic does not use API inputs to train models.
  • Resend, Inc. — Transactional email delivery. Email addresses and message content are processed solely for delivery.
  • Hetzner Online GmbH — Server infrastructure hosting.

5.2 Legal Requirements

We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to: comply with a legal obligation or valid legal process; protect and defend our rights or property; prevent fraud or address security issues; or protect the personal safety of users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, Personal Data may be transferred as part of that transaction. We will notify affected users via email and/or prominent notice on the Service prior to any such transfer.

6. Data Storage and Security

We implement industry-standard technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit via TLS 1.2+ for all data transmissions
  • Encryption at rest for stored data
  • Bcrypt hashing for passwords and API keys
  • Role-based access controls and principle of least privilege
  • Regular security assessments of our infrastructure
  • IP-restricted API tokens for infrastructure access

Data is stored on infrastructure located in the European Union (Hetzner, Germany) and distributed globally via Cloudflare's edge network. Cloudflare edge nodes process data transiently in the geographic region closest to the End User.

7. Data Retention

  • Account data: Retained for the duration of the account and for thirty (30) days following account deletion, after which it is permanently erased.
  • Edge analytics events: Raw event data is retained at the edge for no more than seven (7) days, then permanently deleted. Aggregated hourly data is retained per the Account Holder's plan (30 days to 2 years).
  • Session recordings: Retained per the Account Holder's plan retention period, then automatically deleted from storage.
  • Form submissions: Retained until deleted by the Account Holder or upon account termination.
  • Payment records: Retained for seven (7) years to comply with financial reporting and tax obligations.

8. Cookies and Tracking Technologies

Blendo uses a minimal, privacy-respecting approach to cookies and tracking:

  • Authentication cookies: Session cookies are used on my.blendo.com to maintain your authenticated session. These are strictly necessary for the Service to function and cannot be disabled.
  • A/B testing cookies: When an Account Holder runs an A/B test, a first-party cookie (_blendo_variant) is set on the published page domain to ensure consistent variant assignment. This cookie expires after thirty (30) days.
  • Session identifiers: A random session identifier is stored in the browser's sessionStorage (not a cookie) for analytics continuity within a single browsing session. This identifier is never transmitted to third parties and is automatically cleared when the browser tab is closed.

We do not use: Third-party cookies, cross-site tracking pixels, browser fingerprinting, advertising identifiers, or any form of cross-domain tracking.

9. Your Rights

9.1 Account Holders

You have the right to:

  • Access your Personal Data by logging into your account
  • Correct inaccurate data through your account settings
  • Delete your account and associated data by contacting us at privacy@blendo.com
  • Export your data, including form submissions (CSV export), page content, and subscriber lists
  • Restrict processing by disabling specific features (analytics, session recording) in your site settings
  • Object to processing by contacting us at the address below

9.2 End Users

If you are a Visitor to a page published through the Service and wish to exercise your data rights (access, correction, deletion), please contact the Account Holder who operates the page directly. As a data processor, we will assist the Account Holder in responding to your request in accordance with applicable law.

If you are unable to identify or reach the Account Holder, you may contact us at privacy@blendo.com and we will use reasonable efforts to direct your request appropriately.

9.3 California Residents (CCPA)

If you are a California resident, you have the right to: request disclosure of the categories and specific pieces of Personal Data we have collected; request deletion of your Personal Data; and opt out of the "sale" of Personal Data. Blendo does not sell Personal Data. To exercise your rights, contact us at privacy@blendo.com.

9.4 European Economic Area Residents (GDPR)

If you are located in the EEA, our legal bases for processing your Personal Data are: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), compliance with legal obligations, and consent (where explicitly obtained). You have the right to lodge a complaint with your local supervisory authority.

10. International Data Transfers

Our primary servers are located in Germany (EU). Data may be processed transiently on Cloudflare's global edge network in regions outside the EEA. Cloudflare maintains appropriate safeguards for international data transfers, including Standard Contractual Clauses. For transfers to the United States, our service providers participate in the EU-U.S. Data Privacy Framework where applicable.

11. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children under 16. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@blendo.com.

12. Third-Party Links

Pages published through the Service may contain links to third-party websites or services that are not operated by Blendo. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will: update the "Effective Date" at the top of this page; notify Account Holders via email at least thirty (30) days prior to the changes taking effect; and, where required by law, obtain consent.

Continued use of the Service after the effective date of any updated Privacy Policy constitutes acceptance of the revised terms.

14. Data Processing Agreement

Account Holders who require a formal Data Processing Agreement (DPA) for compliance with GDPR or other data protection regulations may request one by contacting privacy@blendo.com. We will execute a DPA incorporating Standard Contractual Clauses upon request at no additional charge.

15. Contact

If you have questions about this Privacy Policy, your Personal Data, or our privacy practices, please contact:

Blendo
Email: privacy@blendo.com