Privacy Policy for Blogima

Last update: February 2026

1. Introduction

At Blogima, we respect your privacy and are committed to protecting any personal information you provide when using our extension. This Privacy Policy outlines how we collect, use, and protect your information.

2. Information We Collect

When you use Blogima, we may collect the following types of information:

Personal Information: Your Ghost domain, admin domain, and Ghost Content API key, which you voluntarily provide to enable extension functionality.
OpenAI API Key (Optional): If you choose to use AI-powered features, you may provide your OpenAI API key. This key is stored locally in your browser and used directly by the extension to access OpenAI services.
Blog Data: Your blog posts and metadata retrieved using the Ghost Content API key are stored locally in your browser storage for faster access and offline functionality.
Autolink Rules: Your autolink rules (keyword-to-post mappings) are stored locally and synchronized across your devices using browser sync storage.

3. How We Use Your Information

We use the information collected to:

Provide and maintain the functionality of the Blogima extension.
Generate AI-powered link suggestions to help you find related content.
Check for broken internal links in your blog posts.
Analyze your content to provide intelligent link recommendations.
Personalize and optimize your experience.
Improve our extension and offer support.
Monitor for errors and technical issues (using error monitoring services).
Communicate with you regarding updates, features, or other relevant matters.

3.1 Lawful Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following lawful bases:

Contract (Article 6(1)(b)) - Necessary for Service Delivery: Ghost domain, admin domain, and Content API key; blog posts and metadata; backend API processing (link checking, embedding generation); cloud storage of embeddings. Without this data, we cannot provide the core Blogima service.
Consent (Article 6(1)(a)) - Optional Features: OpenAI API key (user-provided); post content sent to OpenAI for AI suggestions. You can withdraw consent at any time by removing your OpenAI API key.
Legitimate Interest (Article 6(1)(f)) - Service Improvement: Error monitoring via Sentry; website analytics via Umami. We balance our legitimate interest in improving the service with your privacy rights. You can object to this processing by contacting us.

4. Storage of Information

Your information is stored in the following ways:

Local Browser Storage: Your Ghost credentials, OpenAI API key (if provided), blog data, and autolink rules are stored securely in your browser's local storage. This data remains on your device and is not automatically transmitted to external servers.
Device Synchronization: Your autolink rules are synchronized across your devices, allowing you to access your rules on multiple devices.
Local Cache: Data used for AI-powered suggestions is downloaded from cloud storage and cached locally on your device for fast access. This data is generated from your post content and stored both in cloud storage and locally.
Cloud Storage (Cloudflare R2): Data used for AI-powered features is stored in Cloudflare R2 cloud storage to enable efficient distribution and synchronization. This data is generated from your post titles and content.

4.1 Data Retention Periods

We retain your data for the following periods:

Local browser storage: Retained until you delete the extension, clear browser data, or request deletion.
Cloud storage (embeddings): Retained until you request deletion or terminate your use of the service.
Backend API processed data: Processed data is not stored long-term; only used for immediate processing (link checking, embedding generation).
Error logs (Sentry): Retained for 90 days for debugging and service improvement purposes.
Broken link cache: Retained locally for 72 hours to reduce API calls.

5. Data Transmission to Third-Party Services

To provide certain features, Blogima transmits specific data to third-party services. We only send the minimum data necessary for each service to function:

Blogima Backend API: We send URLs (in batches) for broken link checking, text content for AI data processing, and your domain and Content API key to enable these features. This data is used solely to provide link checking and AI-powered suggestion services.
OpenAI API (when you provide an API key): When you use AI-powered features like title and description suggestions, your post content (HTML) is sent directly to OpenAI using your own API key. Blogima does not store or have access to your OpenAI API key beyond local storage on your device. Your usage of OpenAI services is subject to OpenAI's privacy policy and terms of service.
Sentry (Error Monitoring): We use Sentry to monitor for errors and technical issues. Error data is sanitized to remove sensitive information such as API keys and personal data before transmission.
Cloudflare R2 (Cloud Storage): Post embeddings are stored in Cloudflare R2 for efficient distribution. This data is generated from your post content and is organized by website using a unique folder hash.

5.1 International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). When we transfer your data to these providers, we ensure appropriate safeguards are in place:

Cloudflare R2 (United States): Standard Contractual Clauses (SCCs) are in place to protect your data.
OpenAI (United States): When you use OpenAI services with your own API key, data transfers are subject to OpenAI's GDPR compliance measures. Please review OpenAI's privacy policy for details.
Sentry (United States): Standard Contractual Clauses (SCCs) are in place to protect your data.
Umami Analytics: GDPR compliant (per Umami's website). Please review Umami's Privacy Policy for more information.

You can request more information about these safeguards by contacting us at contact@blogima.com.

6. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only as necessary to provide and improve our services, or if required by law.

7. Data Security

We take appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Your API keys and sensitive data are stored locally in your browser and are not transmitted to our servers except as necessary for specific features (as described in Section 5).

7.1 Data Breach Notification

In the event of a data breach that may affect your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33/34. We will provide clear information about the nature of the breach, the data affected, and the steps we are taking to address it.

8. Third-Party Services

Blogima integrates with the following third-party services:

OpenAI: Used for AI-powered content suggestions. When you use these features, your post content is sent to OpenAI. Please review OpenAI's Privacy Policy for information on how they handle your data.
Blogima Backend API: Our own backend service used for link checking and AI data processing. Data is processed according to this privacy policy.
Sentry: Used for error monitoring and debugging. Error data is sanitized before transmission. Please review Sentry's Privacy Policy for more information.
Cloudflare R2: Used for cloud storage of post embeddings. Data is stored securely and organized by website. Please review Cloudflare's Privacy Policy for more information.
Umami Analytics: We use Umami Analytics (cloud.umami.is) to collect anonymized website usage statistics on our website (not in the extension). Umami is a privacy-focused, cookie-free analytics tool that is GDPR compliant. No personal data is collected. Please review Umami's Privacy Policy for more information.

9. Your Rights and Choices (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data:

Right of Access (Article 15): You can request a copy of all personal data we hold about you.
Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data.
Right to Erasure (Article 17): You can request deletion of your personal data, subject to legal obligations to retain certain data.
Right to Restriction (Article 18): You can request limitation of processing in certain circumstances.
Right to Data Portability (Article 20): You can receive your data in a structured, machine-readable format.
Right to Object (Article 21): You can object to processing based on legitimate interest.
Right to Withdraw Consent: You can withdraw consent for optional features (e.g., OpenAI usage) at any time by removing your OpenAI API key.

How to Exercise Your Rights

To exercise any of these rights, please contact us at contact@blogima.com. Include your name and the specific right you wish to exercise. We will respond within 30 days (may be extended to 60 days for complex requests).

Local Data Management

Most of your data is stored locally in your browser. You can:

Clear extension data through browser settings
Uninstall the extension (this deletes local data)
Manage autolink rules through the extension interface

Cloud Storage Data

Data stored in cloud storage (embeddings) requires a manual deletion request. Contact us to request deletion of cloud-stored data.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last update" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

Data Controller:
Blogima
Email: contact@blogima.com

Note: Blogima is operated by an independent developer. For data protection inquiries, please contact us at the email address above.