Privacy Policy

Blendoo AI Last updated: May 17, 2026

1. Introduction

This Privacy Policy explains how Blendoo AI ("we", "us", "our") collects, uses, shares, and protects personal data when you use Blendoo ("the Service"), a multi-model AI chat platform.

Blendoo AI is the data controller for the personal data described in this policy. This policy should be read together with our Terms of Service.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are and How to Contact Us

For any privacy-related question, request, or complaint, contact us at:

3. Data We Collect

3.1 Accoun Data

When you create an account, we collect:

  • Email address

  • Authentication credentials (passwords are hashed by our authentication provider; we never see them in plain text)

  • Display name (optional)

  • For OAuth sign-ups (Google, Apple): the basic profile information those providers share with us, such as your email address

3.2 Content You Submit

  • Chat queries and messages you send to AI models

  • Conversations and their history, titles, and metadata

  • Trust verification requests and the answers submitted for verification

  • Social Studio content — brand profiles (names, colors, voice/tone descriptions, logos) and image-generation prompts

  • Uploaded content — images and other files you submit for analysis or generation

  • Files and documents pasted into conversations

3.3 AI-Generated Content

  • AI model responses to your queries

  • Trust Scores, verification results, and Trust Certificates

  • Generated images

  • Conversation summaries produced by automatic memory compaction

3.4 Memory Data

When the Memory feature is enabled (it is on by default), the Service extracts and stores facts and preferences derived from your conversations to personalize future responses. You can disable Memory at any time in Settings → Memory.

3.5 Usage and Billing Data

  • Subscription plan, status, and billing period

  • Credit usage, token counts, per-model usage breakdowns, and estimated costs

  • Payment is processed by Stripe — we do not store your full card numbers. We store a Stripe customer identifier and subscription metadata.

3.6 Technical and Analytics Data

  • Log data, including request timestamps, model used, and response metadata

  • Usage velocity counters (hourly/daily credit consumption) used for rate limiting

  • Abuse-detection signals and account flags

  • Device, browser, and approximate technical information sent automatically by your client

  • Locale/language preference (used to serve localized content)

3.7 Sharing and Collaboration Data

  • Conversation share links and tokens

  • Records of conversations you have joined as a participant

  • The "Friends & Family" network derived from your shared-conversation participation

  • For shared conversations, the email addresses of participants are visible to other participants and to anyone with a public read-only link

4. How We Use Your Data

We use personal data to:

  • Provide, operate, and maintain the Service

  • Generate AI responses, Trust Scores, and Trust Certificates

  • Personalize responses using the Memory feature (when enabled)

  • Process payments, manage subscriptions, and enforce credit limits

  • Enforce usage limits, rate limits, and detect abuse or fraud

  • Provide customer support and respond to your requests

  • Improve and develop the Service, including aggregate analytics

  • Comply with legal obligations and enforce our Terms of Service

  • Communicate with you about your account, security, and material changes to the Service

We do not sell your personal data.

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area, the United Kingdom, and similar jurisdictions, we rely on the following legal bases:


| Purpose | Legal Basis |
|---------|-------------|
| Providing the Service and your account | Performance of a contract |
| Processing payments and subscriptions | Performance of a contract |
| Memory personalization | Consent (you may disable it at any time) |
| Abuse detection, security, rate limiting | Legitimate interests |
| Analytics and Service improvement | Legitimate interests |
| Legal and regulatory compliance | Legal obligation |
| Marketing communications (if any) | Consent |

6. AI Model Providers and Sub-processors

To deliver the Service, we share data with third-party processors that act on our behalf:

ProviderPurposeData SharedOpenAIAI model responsesQuery content, conversation contextAnthropicAI model responsesQuery content, conversation contextGoogle (Gemini)AI model responses, image generation, web-grounded searchQuery content, conversation context, search queriesSupabaseDatabase, authentication, file storage, OAuthAccount data, content, all stored dataStripePayment and subscription processingEmail, billing metadata, payment detailsCloud hosting / CDNHosting the Service and serving generated imagesTechnical data, generated content

When you submit a query, its content (and, where relevant, conversation context and Memory) is sent to the selected AI model provider to generate a response. Trust verification additionally submits content to multiple model providers and to web-based search for source verification.

These providers process data under their own terms and privacy policies. We select providers that offer appropriate data-protection commitments and, for business/API use, generally do not train their models on data submitted through their APIs. We do not control changes to third-party policies.

7. AI Training

We do not use your conversation content to train our own AI models. We do not operate proprietary foundation models. AI responses are generated by third-party providers as described in Section 6; their use of API-submitted data is governed by their respective terms.

8. Data Sharing and Disclosure

We may share personal data:

  • With sub-processors listed in Section 6, strictly to operate the Service

  • With other users when you share a conversation or verification result — shared content and participant emails become visible to recipients, and public share links are accessible to anyone with the URL

  • For legal reasons — to comply with law, legal process, or enforceable governmental requests

  • To protect rights and safety — to enforce our Terms, prevent fraud or abuse, or protect the rights, property, and safety of Blendoo, our users, or the public

  • In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this policy

9. Public and Shared Content

When you share a conversation or a Trust verification result, you generate a link that makes that content publicly accessible to anyone who has it. Revoking a share disables the link and removes participant access going forward, but content that was already viewed or copied cannot be recalled. You are responsible for deciding what to share.

10. Data Retention

  • Account and content data are retained while your account is active.

  • Usage and billing records are retained as required for accounting, tax, and legal compliance.

  • Memory data is retained while Memory is enabled; disabling Memory stops further extraction.

  • Abuse and security flags are retained as needed for fraud prevention and platform integrity.

  • When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is required by law or for legitimate ongoing purposes (such as financial records).

Content already transmitted to third-party AI providers is subject to those providers' retention practices.

11. International Data Transfers

Our providers may process data in countries outside your own, including the United States. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

12. Data Security

We protect personal data using measures including:

  • Encryption in transit (HTTPS/TLS)

  • Row-Level Security (RLS) in the database, so users can only access their own data

  • Hashed authentication credentials

  • Access controls and the principle of least privilege for internal systems

  • Webhook signature verification for payment events

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you

  • Rectify inaccurate or incomplete data

  • Erase your data ("right to be forgotten")

  • Restrict or object to certain processing

  • Data portability — receive your data in a structured, machine-readable format

  • Withdraw consent at any time (e.g., by disabling Memory)

  • Lodge a complaint with a supervisory authority

To exercise these rights, contact privacy@blendoo.ai. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law.

EEA/UK users may complain to their local data protection authority. As Blendoo AI is governed by the laws of the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is also competent.

14. Children's Privacy

The Service is not intended for anyone under 16 years of age. You must be at least 16 to use the Service. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@blendoo.ai and we will delete it.

15. Cookies and Local Storage

We use cookies and similar local-storage technologies to:

  • Keep you signed in (authentication sessions)

  • Remember preferences such as language

  • Support core functionality of the Service

We do not use third-party advertising cookies. Your browser settings can be used to manage or block cookies, though doing so may affect functionality.

16. Automated Decision-Making

The Service uses automated processing for:

  • Credit limits and rate limiting — requests may be blocked when usage thresholds are reached

  • Abuse detection — anomalous usage may be flagged for review

These automated processes are subject to human review before any account suspension or ban. They do not produce legal or similarly significant effects without the possibility of human intervention.

AI-generated content, Trust Scores, and Trust Certificates are informational and do not constitute decisions about you.

17. Third-Party Integrations (MCP)

If you connect Blendoo to an external AI client via the Model Context Protocol (MCP), authorization is handled through an OAuth 2.1 consent flow. The connected client receives an access token scoped to your account and can invoke the tools you authorize. You can review and manage these connections through your account.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The "Last updated" date at the top reflects the latest revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

19. Contact

For questions, requests, or complaints about this Privacy Policy or our handling of personal data:

Access top-tier AI models for research, writing, summarization, and real work — all in one place.

Product

Features

Experts

Pricing

Company

About

Contact

© blendoo.ai — All rights reserved.

Terms of Service

Privacy Policy