DeutschBack to home

Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:
Simon Feldhusen, Theresenstraße 27, 65779 Kelkheim (Hornau)
Email: info@stec-online.com

2. Collection and Processing of Personal Data

We process personal data only to the extent necessary to provide our services or where you have given explicit consent.

2.1 User Account & Authentication

A user account is required to use BlogBoost.io. We process the following data:

  • Email address (required)
  • Display name (optional)
  • Time of registration and last activity

Authentication is handled by Supabase (Supabase Inc., San Francisco, USA). The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

2.2 Usage Data / Log Data

When accessing our services, technical access data (IP address, browser type, access timestamp) is temporarily stored in server logs. This data is automatically deleted after 30 days. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in system security).

2.3 Content Pipeline & AI Processing

To generate content, we use third-party AI services (in particular OpenRouter). Topics and keywords you have configured are transmitted to these services. Personal data is only processed if you explicitly embed it in your topics.

2.4 Analytics

We use PostHog (PostHog Inc.) for anonymised usage analysis. Data is processed exclusively on EU servers (eu.posthog.com). For unauthenticated visitors, processing only occurs after you give consent via the cookie banner (Art. 6(1)(a) GDPR). For logged-in users, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in product improvement). You can withdraw your consent at any time via the cookie banner at the bottom of the page.

2.5 Error Monitoring

We use Sentry (Functional Software Inc., San Francisco, USA) to detect and resolve technical errors. Sentry captures server-side error logs and technical diagnostic data. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in system stability). Sentry does not set browser cookies.

3. Disclosure to Third Parties

We only share your data with:

  • Supabase – Authentication and data storage (EU data centre available)
  • OpenRouter – AI text generation (USA, Standard Contractual Clauses)
  • Resend – Transactional emails (USA, Standard Contractual Clauses)
  • PostHog – Anonymised usage analytics (EU servers)
  • Sentry – Error monitoring (USA, Standard Contractual Clauses)

4. Cookies

We use the following categories of cookies:

  • EssentialNEXT_LOCALE (language preference, 1 year) and Supabase session cookies (login, session duration). No consent required.
  • Analytics – PostHog cookies (ph_*): usage analysis. Only set after you consent via the cookie banner. You can withdraw consent at any time by clearing your browser storage or opening the site in a private window.

5. Your Rights

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR) – via account settings or by email request
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

To exercise your rights, contact us at: info@stec-online.com

6. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

7. Data Security

All connections to BlogBoost.io are encrypted via TLS/HTTPS. Sensitive data (API keys, tokens) is never included in logs or client responses.

Last updated: 2026