Privacy Policy

Introduction

Instablog is a Software-as-a-Service (SaaS) platform operated by ANKT SERVICES, a société par actions simplifiée (SAS) based in Angers, France. We are committed to protecting your privacy and ensuring compliance with the EU General Data Protection Regulation (GDPR) and applicable French data protection laws.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Instablog website and services, whether as a visitor or a registered user. It also outlines your rights regarding your personal data and how you can exercise them.

ANKT SERVICES is the "data controller" for the personal data processed in connection with Instablog. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at support@instablog.so.

Disclaimer on Generated Content: Instablog provides tools that generate content (including text and images) based on your inputs. While this policy covers how we handle personal data, you remain solely responsible for the review, legality, and publication of any content you choose to generate and use. Instablog is not responsible for any generated content you publish or for any consequences arising from its use.

Personal Data We Collect

We collect and process personal data from both website visitors and registered users of Instablog. The types of data we collect include:

Identity and Contact Data

When you create an account, we collect your name and email address. These are used for account registration, login authentication, and to communicate with you (e.g., sending service updates or billing receipts).

Account Credentials and Content

For registered users, we store login credentials (such as your password, securely hashed) and any content you generate or upload to your Instablog account (including AI-generated blog posts or other text you create on our platform).

Usage Data

We automatically collect certain information about how you interact with our website and app. This includes your IP address, browser type, device information, pages or features used, date/time of visits, and other usage logs. For example, we may log actions like the templates you use or the number of blog posts generated. This data helps us understand service usage and improve performance.

Cookies and Similar Technologies

We use cookies and similar tracking technologies on our site (see Cookies and Analytics section below for details). These may collect information about your browsing behavior on Instablog (e.g., which pages you visited) and technical information (like IP and device identifiers).

Payment and Billing Information

If you purchase a subscription, payment details (such as credit card number, billing name and address) are collected and processed securely by our third-party payment processor (Stripe). We do not store your full payment card details on our servers; we receive confirmation of your payment and basic billing info (e.g., last four digits of your card, expiration, transaction ID).

Customer Support Data

If you contact us for support or use our live chat (powered by Crisp), we will collect the information you choose to provide in those interactions. This may include your contact details (like email) and the content of your correspondence (questions, feedback, problem descriptions).

We do not knowingly collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.), nor do we target our service to children under 16. Instablog is intended for use by businesses and adults.

Legal Bases for Processing

We only collect and use your personal data when we have a valid legal basis under GDPR. Depending on the specific context, one or more of the following legal bases apply:

Contract (GDPR Art. 6(1)(b))

Much of our data processing is necessary to provide you with the Instablog service under our Terms of Service. For example, we need your name and email to create your account and authenticate you, and we need to process your content through our AI engines to deliver the blog generation features you requested.

Legitimate Interests (GDPR Art. 6(1)(f))

We process certain data to further our legitimate business interests, in ways that do not override your privacy rights. For instance, we analyze usage logs to improve our platform and fix bugs, and we may use your email to send essential service updates or offer customer support. You can object to processing based on legitimate interests at any time (see the "Your Rights" section).

Legal Obligation (GDPR Art. 6(1)(c))

In some cases, we have a legal obligation to process or retain data. For example, financial regulations may require us to keep billing records and invoices for a certain period.

Consent (GDPR Art. 6(1)(a))

Generally, we do not base our service on consent, except for specific scenarios. We will obtain your consent before using non-essential cookies or analytics (where required by law) and before sending you any promotional communications. You have the right to withdraw consent at any time.

How We Use Personal Data

We use your personal data for the following purposes:

Providing the Instablog Service: Creating and maintaining your user account, authenticating logins, and delivering AI-generated SEO blog content.
Payment Processing: Processing subscription payments, managing billing cycles, sending invoices/receipts through our partner Stripe.
Analytics and Improvement: Analyzing aggregated, de-identified usage patterns to improve features, fix technical issues, and optimize user experience using tools like PostHog. We do not reuse your identifiable prompts or outputs to train public models for other customers.
Customer Support: Assisting with questions, feedback, or issues via email or Crisp live chat.
Communication: Sending service-related emails for account verification, password resets, subscription confirmations, and important updates.
Security and Abuse Prevention: Monitoring for suspicious activities, protecting against fraud, and maintaining platform integrity.
Legal Compliance: Retaining records for tax audits and responding to valid legal requests.

We rely on legitimate interests for quality and safety monitoring. You may object to this processing—particularly any analysis of your content for improvement purposes—by contacting support@instablog.so. We will honor your objection unless we must retain the data to provide the core Service or comply with legal obligations.

We do not use your personal data for automated decision-making, profiling, or purposes other than those described above.

Cookies and Analytics

Cookies are small text files placed on your device that help our site function and gather information. When you visit Instablog, we use both essential and non-essential cookies:

Essential Cookies

These cookies are necessary for the website and service to operate properly. They include:

Session cookies to keep you logged in
Preference cookies to remember your settings
Security cookies for fraud prevention
Chat support cookies (Crisp) to maintain your conversation

Analytics Cookies

We use PostHog for analytics to understand how visitors use our site. These cookies track:

Pages visited and time spent
Features used and user flows
Technical information (browser, device type)

We will request your consent for analytics cookies when you first visit our site. You can opt-out at any time through your browser settings.

Third-Party Cookies

Our partners may set cookies:

Stripe: For secure payment processing and fraud prevention
Crisp: For chat support functionality
PostHog: For analytics (with your consent)

Managing Cookies

You can control cookies through your browser settings or our cookie banner. Note that blocking essential cookies might impact core functionality like staying logged in.

Disclosure of Your Data to Third Parties

We do not sell or rent your personal information. However, we share certain data with trusted third-party service providers who help us run Instablog:

Service Providers

Stripe (Payment Processing)

Handles all payment transactions securely. We don't store credit card numbers. Stripe is PCI-DSS Level 1 certified and processes payments according to the highest security standards.

PostHog (Analytics)

Provides product analytics to help us understand user interactions. Configured to avoid collecting directly identifying personal data.

OpenAI & Google (AI Services)

Process your text prompts to generate blog content. They receive only the content necessary for AI generation, operate under strict confidentiality agreements, and—through enterprise controls—we prevent them from using your prompts or outputs to train their own foundation models.

Crisp (Customer Support)

Powers our live chat support. Based in France and GDPR-compliant. Processes chat communications and maintains session continuity.

Legal Disclosures

We may disclose personal data when required by law, court order, or to protect our legal rights. This includes responding to lawful requests from law enforcement or regulatory authorities.

International Data Transfers

Instablog is based in France, but some of our service providers are located outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place:

Safeguards for International Transfers

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs to ensure equivalent data protection for transfers outside the EEA.
EU-U.S. Data Privacy Framework: Where applicable, we rely on the DPF for transfers to certified U.S. companies.
Adequacy Decisions: For countries with adequate data protection laws as determined by the EU Commission.

Our main processors that may involve international transfers include:

Stripe (United States) - DPF certified and uses SCCs
OpenAI (United States) - Protected by SCCs
Google (Multiple locations) - Uses SCCs and binding corporate rules
PostHog (United States/EU) - Uses SCCs for non-EU processing

Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law:

Data Type	Retention Period	Reason
Account Information	Active account lifetime + 30 days	Service provision
Generated Content	Until deletion by user or account closure	User control
Usage Logs	12 months	Security and debugging
Analytics Data	24 months (aggregated)	Service improvement
Support Records	24 months	Customer service quality
Financial Records	10 years	French legal requirement

After retention periods expire, data is securely deleted or anonymized. Backups may retain data temporarily but are purged according to our backup rotation schedule.

Your Rights Under GDPR

Learn more about your data protection rights: Your Rights Under EU Data Protection Law

As an individual in the European Union, you have the following rights regarding your personal data under the EU Data Protection framework:

Right to Access

Request a copy of your personal data and information about how we use it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

Right to Restriction

Request limited processing of your data in certain situations.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to certain processing activities, especially for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint

File a complaint with the CNIL (French Data Protection Authority) or your local EU data protection authority.

How to Exercise Your Rights

Contact us at support@instablog.so. We will respond within one month as required by GDPR. We may need to verify your identity before processing certain requests.

Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Measures

TLS/HTTPS encryption for all data in transit
Encryption at rest for sensitive data
Secure password hashing (bcrypt)
Regular security updates and patches
Firewalls and intrusion detection systems
Regular security audits and penetration testing

Organizational Measures

Access control on need-to-know basis
Two-factor authentication for administrative access
Staff training on data protection
Confidentiality agreements with all personnel
Incident response plan for security breaches
Regular backups with encryption

In the unlikely event of a data breach that poses risk to your rights, we will notify you and the CNIL within 72 hours as required by GDPR.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

When we make changes:

We will update the "Last Updated" date at the top
For significant changes, we will notify you by email or website notice
Continued use after updates signifies acceptance of the revised policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can reach us at:

ANKT SERVICES (Instablog)

Attn: Privacy Team

C/O WEFORGE- 25 RUE LENEPVEU

49100 ANGERS, France

SIREN: 843 902 156

VAT Number: FR78 843 902 156

Email: support@instablog.so

DPO: support@instablog.so

Vous pouvez également nous contacter en français à la même adresse email pour toute question relative à vos données personnelles.

Supervisory Authority

You have the right to lodge a complaint with the French Data Protection Authority:

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
Website: www.cnil.fr
Online complaint form: File a complaint
GDPR Resources: GDPR Guide (French)

Instablog Privacy Policy