Privacy Policy

Effective Date: November 12, 2025
Last Updated: November 12, 2025

Introduction

Welcome to Blend AI ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chat and content generation platform available at https://tryblend.ai (the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Service.

Contact Information:
For privacy-related inquiries, please contact us at: marc@tryblend.ai

1. Information We Collect

1.1 Account Information

When you create a Blend AI account using OAuth authentication, we collect:

  • Email address (from your Google or Apple account)
  • Display name (your Blend AI account name, not your Google/Apple account name)
  • Profile picture (if provided by your OAuth provider)
  • User ID (unique identifier for your account)
  • Account creation date
  • Subscription tier (Free or Paid)
  • Account balance (credits available for AI usage)

OAuth Providers: We currently support Google and Apple sign-in.

1.2 User-Generated Content

To provide our AI services, we collect and process:

  • Chat messages and conversations with AI models
  • Prompts you send to AI systems
  • AI-generated responses created for you
  • Conversation history (stored indefinitely unless you delete it)
  • Conversation titles and custom system prompts
  • Smart notes and annotations you create
  • Edits and modifications to generated content

User Control: You can delete individual messages or entire conversations at any time through your account settings.

1.3 Uploaded Files

When you upload files to use with our AI features, we collect:

  • File content: Documents (PDF, DOCX, TXT, CSV, XLSX), images (JPEG, PNG, SVG, HEIC), videos (MP4), audio files, and archives (ZIP)
  • File metadata: Filename, size, type, upload date
  • Processed content: Extracted text, transcriptions, and parsed data for AI context
  • Generated files: AI-created images, videos, and other content

File Limits: Maximum file size is 100MB per file.
Retention: Uploaded files are retained for 7 days, after which they are automatically deleted unless you manually delete them sooner.

1.4 Technical and Usage Data

To ensure security, prevent abuse, and improve our Service, we collect:

  • IP addresses (for rate limiting and security)
  • Browser fingerprints (screen resolution, timezone, platform, language)
  • Device identifiers stored in cookies, localStorage, sessionStorage, and IndexedDB
  • Request logs including timestamps, models used, request status, and response metadata
  • Error logs and stack traces for debugging
  • Usage analytics including page views, feature usage, and performance metrics
  • Geolocation data derived from IP addresses (country and city level only)

Retention: Technical logs are retained indefinitely for security and service improvement purposes.

1.5 Audio and Voice Data

When using our voice transcription features:

  • Audio recordings from your microphone (when using live transcription)
  • Uploaded audio files for transcription
  • Transcribed text generated from audio
  • Voice activity detection data

Audio Processing: Audio is processed by Groq Whisper API. Raw audio files are stored and can be deleted by you at any time. Audio data is not encrypted during transmission to our transcription service.

1.6 Payment Information

Payment processing is handled by Stripe. We collect:

  • Stripe customer ID
  • Subscription status (active, canceled, past due)
  • Payment history (transaction amounts, dates, invoices)

Important: We do NOT store or have access to your full credit card numbers. Stripe securely processes all payment information in compliance with PCI DSS standards.

Free Credits: New users receive 500 free credits per month. Refunds are not offered for paid credits.

1.7 Communications

We collect:

  • Support tickets and messages you send to our team
  • Feedback submissions
  • Email communication history
  • Email engagement metrics (opens and clicks via Resend)

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

  • Provide AI chat, text generation, image creation, and video generation services
  • Process your prompts through various AI models
  • Store and retrieve your conversation history
  • Transcribe audio files and live voice input
  • Parse and analyze uploaded files to provide context to AI models
  • Maintain your user preferences and settings
  • Generate and deliver AI responses

2.2 Account Management

  • Create and maintain your user account
  • Authenticate you via Supabase Auth
  • Process subscription payments and manage billing
  • Track your credit balance and usage
  • Send transactional emails (welcome emails, password resets, payment confirmts, subscription updates)

2.3 Service Improvement and Analytics

  • Analyze usage patterns to improve our Service
  • Identify, diagnose, and fix technical issues
  • Monitor performance and optimize response times
  • Develop new features based on user needs

Important: We do NOT use your prompts or conversations to train or improve AI models. Our AI providers have zero data retention policies for your content.

2.4 Security and Abuse Prevention

  • Implement rate limiting to prevent spam and abuse (100 requests per 20 seconds per IP)
  • Detect and prevent fraudulent activity
  • Protect against unauthorized access
  • Monitor for violations of our Terms of Service

2.5 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service and other policies
  • Protect our rights and the rights of our users

3. Third-Party Services and Data Processors

We work with trusted third-party service providers to deliver our Service. Your data may be shared with the following categories of providers:

3.1 Infrastructure and Hosting

  • Vercel: Web hosting, analytics, and speed insights (servers globally distributed)
  • Supabase: Database, authentication, and storage (servers located in the United States)
  • UploadThing: File upload and storage

3.2 AI Model Providers

When you use our Service, your prompts and uploaded content are sent to third-party AI providers to generate responses:

  • OpenRouter: Multi-model API gateway
  • Google AI (Gemini): Text and multimodal AI models
  • OpenAI (GPT): Text generation models
  • Anthropic (Claude): Text generation models
  • Groq: Fast inference and audio transcription (Whisper)
  • Fal.ai: Image and video generation models
  • Perplexity: Web search and research capabilities

Zero Data Retention: All AI providers we work with have zero data retention policies. Your prompts and content are NOT used to train or improve their models. Servers are located worldwide.

3.3 Payment Processing

  • Stripe: Secure payment processing, subscription management, and billing (PCI DSS compliant)

3.4 Email Services

  • Resend: Transactional email delivery with open and click tracking

3.5 Monitoring and Performance

  • Vercel Analytics: Privacy-focused usage analytics
  • Vercel Speed Insights: Performance monitoring
  • Upstash: Rate limiting, caching, and background job processing
  • React Scan: Development performance monitoring (development environment only)

4. Data Sharing and Disclosure

4.1 We DO Share Data With:

  • AI providers to generate responses to your prompts
  • Payment processors (Stripe) to handle billing and subscriptions
  • Email services (Resend) to send transactional emails
  • Hosting and infrastructure providers to deliver the Service

4.2 We DO NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or marketing companies
  • Use your conversations for marketing purposes
  • Allow AI providers to train on your data

4.3 We MAY Disclose Data:

  • For legal reasons: To comply with laws, regulations, legal processes, or governmental requests
  • To protect rights: To protect the rights, property, or safety of Blend AI, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With your consent: When you explicitly authorize us to share your information

5. Data Retention

5.1 Active Accounts

  • Account information: Retained while your account is active
  • Conversations and messages: Retained indefinitely unless you delete them
  • Uploaded files: Automatically deleted after 7 days or when you manually delete them
  • Smart notes: Retained indefinitely unless you delete them
  • Request logs and error logs: Retained indefinitely for security and debugging

5.2 Deleted Accounts

When you delete your account:

  • Your account information and user-generated content will be permanently deleted
  • Files you uploaded will be removed from our storage
  • Some aggregated, anonymized analytics data may be retained
  • Backups may retain data for up to 30 days before permanent deletion

5.3 User Control

You have full control over your data:

  • Delete individual messages within conversations
  • Delete entire conversations
  • Delete uploaded files manually
  • Request account deletion by contacting marc@tryblend.ai

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

  • Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Encryption at rest: Data stored in our databases is encrypted by Supabase
  • Secure authentication: Powered by Supabase Auth with industry-standard OAuth 2.0
  • Environment variable protection: API keys and sensitive credentials are securely managed
  • Rate limiting: Protection against brute force and denial-of-service attacks

6.2 Access Controls

  • Role-based access control limiting employee access to user data
  • Admin-only access to sensitive operations
  • Audit logging of administrative actions

6.3 Third-Party Security

We rely on the security measures of our trusted partners:

  • Supabase for database security
  • Vercel for infrastructure security
  • Stripe for PCI DSS compliant payment processing

Note: While we implement strong security measures, no system is completely secure. We do not currently have SOC 2 certification, a formal incident response plan, or a bug bounty program, but we continuously work to improve our security posture.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use cookies necessary for the Service to function:

  • Authentication cookies: Managed by Supabase to keep you logged in
  • Session management cookies: To maintain your session state

7.2 Identification Technologies

To provide service to guest users and prevent abuse:

  • blend_ai_cookie_id: Identifies guest users for rate limiting
  • localStorage: Persistent user identification
  • sessionStorage: Session-specific data storage
  • IndexedDB: Client-side data caching

7.3 Analytics Cookies

  • Vercel Analytics: Privacy-focused usage analytics to understand how users interact with our Service
  • Vercel Speed Insights: Performance monitoring to optimize load times

Your Choices: Most web browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of our Service.

8. Your Privacy Rights

8.1 Access Rights

You have the right to:

  • View your personal information
  • Access your conversation history
  • Download your uploaded files

8.2 Deletion Rights

You can:

  • Delete individual messages or conversations
  • Delete uploaded files
  • Request deletion of your entire account and associated data

8.3 Correction Rights

You can update or correct:

  • Your display name and profile information
  • Account preferences and settings

8.4 Data Portability

You can request an export of your data in a machine-readable format (JSON).

Note: Data export functionality is currently in development. Please contact marc@tryblend.ai to request a data export.

8.5 How to Exercise Your Rights

  • In-app: Use your account settings to update information or delete content
  • Email: Contact marc@tryblend.ai for data requests, account deletion, or privacy inquiries
  • Response time: We aim to respond within 1 business day

9. Children's Privacy

No Age Restrictions: Our Service does not have specific age restrictions. However, we recommend that users under 18 seek parental guidance before using AI services.

No Age Verification: We do not implement age verification processes.

If you believe we have inadvertently collected information from a minor without appropriate consent, please contact us immediately at marc@tryblend.ai so we can take appropriate action.

10. International Data Transfers

10.1 Server Locations

  • Supabase servers: United States
  • Vercel edge network: Global (with data centers worldwide)
  • AI providers: Servers located worldwide

10.2 European Users

If you are accessing our Service from the European Economic Area (EEA), United Kingdom, or Switzerland, please note:

  • Your data may be transferred to and processed in the United States and other countries
  • We do not currently have a GDPR representative in the EU
  • We rely on standard contractual clauses and the adequacy decisions by relevant authorities

By using our Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

11. AI-Specific Disclosures

11.1 How Our AI Service Works

  • Third-party processing: Your prompts and uploaded files are sent to third-party AI providers to generate responses
  • Multiple models: We offer access to various AI models from different providers based on your selection
  • Zero training: Your data is NOT used to train or improve AI models

11.2 AI Content Accuracy and Limitations

  • Probabilistic nature: AI responses are generated using statistical models and may contain inaccuracies, errors, or "hallucinations"
  • No guarantees: We do not guarantee the accuracy, completeness, or reliability of AI-generated content
  • User responsibility: You are responsible for verifying the accuracy of AI outputs before relying on them
  • Not professional advice: AI-generated content should not be considered as professional advice (legal, medical, financial, etc.)

11.3 Content Ownership

  • Your inputs: You retain all rights to the prompts and content you provide
  • AI outputs: You own the AI-generated content, subject to the terms of our AI providers
  • Commercial use: Commercial use of AI-generated content is allowed
  • License to us: By using the Service, you grant us a license to process your content solely to provide the Service

12. Audio and Voice Processing

12.1 Voice Features

Our Service includes:

  • Live transcription via microphone access
  • Audio file upload and transcription
  • Voice activity detection

12.2 Audio Data Handling

  • Processing: Audio is processed by Groq's Whisper API for transcription
  • Storage: Raw audio files are stored and associated with your account
  • Encryption: Audio data is not encrypted during transmission to the transcription service (transmitted over HTTPS)
  • Retention: Audio files are retained based on the same retention policy as other uploaded files (7 days or until manually deleted)
  • Deletion: You can delete transcriptions and audio files at any time

13. Email Communications

13.1 Transactional Emails

We send transactional emails including:

  • Welcome messages when you create an account
  • Password reset instructions
  • Payment receipts and subscription notifications
  • Critical service updates

These emails cannot be opted out of as they are necessary for the Service.

13.2 Marketing Emails (Future)

We may introduce marketing emails in the future, including:

  • Product updates and announcements
  • Feature highlights and tips
  • Special offers

Opt-out: If we introduce marketing emails, you will be able to unsubscribe at any time via a link in each email.

13.3 Email Tracking

We use Resend for email delivery, which includes:

  • Open tracking to verify successful delivery
  • Click tracking to understand engagement

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes

We will notify you of material changes by:

  • Email notification to your registered email address
  • In-app notification when you next log in
  • Prominent notice on our website

14.2 Your Acceptance

  • Continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy
  • We encourage you to review this Privacy Policy periodically
  • The "Last Updated" date at the top indicates when the policy was last modified

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: marc@tryblend.ai
Company: Blend AI
Website: https://tryblend.ai
Response Time: We aim to respond to all privacy inquiries within 1 business day

Data Protection Officer: marc@tryblend.ai

16. Additional Information

16.1 Guest Users

For users who access limited features without creating an account:

  • We use browser fingerprinting and cookies for identification
  • Limited data collection (IP address, usage patterns)
  • Rate limiting applies to prevent abuse

16.2 No Data Sales

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Thank you for trusting Blend AI with your data. We are committed to protecting your privacy while delivering powerful AI capabilities.

This Privacy Policy is effective as of November 12, 2025.

Business name: My AI playground

Have questions about this privacy policy? Contact us

HomeAboutSupportPricing