PRIVACY POLICY

Last Updated: April 2026

We are committed to protecting your information and complying with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union's General Data Protection Regulation (GDPR), and applicable U.S. state privacy laws including the California Consumer Privacy Act (CCPA/CPRA).

If you have questions, contact us at:

Email: privacy@goblinkly.com

1. Scope of This Policy

This policy applies to all clients who register for and use our Service. We do not offer our Service to individual consumers; our clients are businesses and professional entities ("Clients"). References to "you" in this policy refer to our Clients and their authorized representatives.

2. Information We Collect

We collect only the information necessary to deliver and improve our Service. Specifically, we collect:

2.1 Account and Identity Information

  • Full name of the authorized account representative
  • Business email address
  • Company or brand name

2.2 Brand and Website Information

  • Brand context documents (e.g., brand guidelines, target audience descriptions, tone-of-voice guides, product/service descriptions) that you upload or provide to us
  • Your website URL(s) for which we manage blog publishing

2.3 OAuth Integration Tokens

To publish blogs to your website (e.g., Webflow) and to access your analytics platforms (Google Analytics 4 / GA4 and Google Search Console / GSC), we use OAuth 2.0 authorization flows. We do not collect or store your website credentials or API keys. Instead:

  • We obtain and securely store OAuth access tokens and refresh tokens that you grant us through the respective platform's authorization screen
  • These tokens are stored encrypted in our database and are used solely to perform the integrations you have authorized

2.4 Analytics Data

When you connect your GA4 and GSC accounts via OAuth, we import and store analytics data (such as page views, click-through rates, keyword rankings, and related performance metrics) in our database. This data is used to display performance statistics and reports within the Service.

2.5 Google User Data — Specific Disclosure

GoBlinkly integrates with Google services (Google Analytics 4 and Google Search Console) via OAuth 2.0. The following applies specifically to data obtained through Google APIs:

  • What we access: Website performance data from your GA4 property (page views, sessions, traffic sources, user engagement metrics) and search performance data from your GSC account (keyword rankings, impressions, click-through rates, crawl data).
  • How we access it: Only after you explicitly authorize GoBlinkly through Google's OAuth consent screen. We request only the minimum scopes necessary to retrieve your analytics and search performance data.
  • How we use it: Solely to populate your GoBlinkly dashboard with performance statistics and to inform content recommendations for your SEO and AEO campaigns. We do not use Google user data for any other purpose.
  • How we store it: Imported Google data is stored encrypted in our database. OAuth access tokens and refresh tokens are stored separately with additional encryption.
  • Sharing: We do not sell, share, transfer, or disclose your Google user data to any third party, except as required by law.
  • Retention and revocation: Google-sourced analytics data is retained for as long as your account is active. You may revoke GoBlinkly's access to your Google account at any time via your Google Account settings at myaccount.google.com. Upon revocation or account closure, your data will be deleted within 60 days.

GoBlinkly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. For more information, visit: https://developers.google.com/terms/api-services-user-data-policy

2.6 Payment Information

Payments for the Service are processed by Stripe, Inc., a third-party payment processor. We do not collect, store, or process your full credit card numbers or banking details. Stripe may collect and process payment information in accordance with its own privacy policy, available at https://stripe.com/in/privacy. We receive and store only transaction confirmation records, invoices, and billing-related metadata (e.g., subscription status, payment date, amount).

3. How We Collect Information

  • Directly from you when you register, set up your account, upload brand documents, and connect integrations
  • Automatically via OAuth flows when you authorize connections to Webflow, GA4, GSC, or other supported platforms
  • From connected third-party platforms (GA4, GSC) once you have authorized access, in order to populate your analytics dashboard
  • From Stripe, upon successful payment transactions

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account
  • To provide the Service, including automated blog writing and publishing to your connected platforms
  • To display analytics and performance statistics from your connected GA4 and GSC accounts
  • To process payments and manage your subscription through Stripe
  • To communicate with you regarding your account, the Service, technical updates, or support requests
  • To improve, debug, and optimize the Service
  • To comply with legal obligations and enforce our Terms of Service
  • To detect and prevent fraud, unauthorized access, or security incidents

5. Legal Basis for Processing (GDPR — EU Clients)

If you are located in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

  • Performance of a Contract (Art. 6(1)(b)): Processing your account information, brand documents, OAuth tokens, and analytics data is necessary to provide the Service you have contracted for.
  • Legitimate Interests (Art. 6(1)(f)): We may process certain data (e.g., service improvement, security monitoring) where our legitimate interests are not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c)): We may process data to comply with applicable Canadian, EU, or U.S. law.
  • Consent (Art. 6(1)(a)): Where we rely on consent (e.g., marketing emails), you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. We share your data only in the following limited circumstances:

  • Stripe: Payment processing. Stripe receives billing information necessary to process your subscription payments.
  • Cloud Infrastructure Providers: We use the following cloud infrastructure providers, both operating servers located in Canada, to store and process your data: (a) Supabase, Inc. — database hosting and storage, including OAuth tokens and analytics data; (b) Amazon Web Services (AWS EC2) — application hosting. Both providers act as data processors under our instruction and process data solely within Canada.

As Canada is recognized by the European Commission as providing adequate data protection under PIPEDA, no additional transfer mechanisms (such as Standard Contractual Clauses) are required for transfers to these providers.

  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or to protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, or sale of substantially all assets, your information may be transferred. We will notify you via email and/or prominent notice on our website prior to such a transfer.

7. International Data Transfers

We are incorporated in Montreal, Quebec, Canada. Canada is recognized by the European Commission as providing an adequate level of data protection for commercial organizations subject to PIPEDA (Adequacy Decision, 2002).

All GoBlinkly client data is stored and processed on servers physically located in Canada, via Supabase (database) and Amazon Web Services EC2 (application). Canada is recognized by the European Commission as an adequate jurisdiction under PIPEDA, meaning data transfers from the EEA to GoBlinkly do not require additional safeguards such as Standard Contractual Clauses (SCCs).

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account and identity information: Retained for the duration of your subscription and for 1 year after account closure to comply with legal and contractual obligations.
  • Brand context documents: Retained for the duration of your subscription. Upon account closure, documents will be deleted within 90 days unless you request earlier deletion.
  • OAuth tokens: Retained for as long as the integration is active. Revoked or expired tokens are deleted promptly.
  • Analytics data (GA4/GSC imports): Retained for the duration of your subscription to support historical reporting. Upon account closure, this data is deleted within 90 days.
  • Payment records: Retained for 6 years to comply with Canadian tax and accounting obligations (Income Tax Act, R.S.C. 1985, c. 1 (5th Supp.), s. 230). Note: a 7-year retention period is commonly applied in practice as a conservative buffer to account for audit windows — this is currently under review with our accountant and will be confirmed before go-live.

9. Your Rights

Depending on your location, you may have the following rights with respect to your personal information. To exercise any of these rights, contact us at privacy@goblinkly.com.

9.1 Rights for All Clients

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete information.
  • Right to Deletion: You may request that we delete your personal information, subject to legal retention obligations.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

9.2 Additional Rights for EU/EEA Clients (GDPR)

  • Right to Restriction of Processing: You may request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: You may request your data in a structured, machine-readable format (Art. 20 GDPR).
  • Right to Object: You may object to processing based on legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (DPA). A list of EU DPAs is available at: https://edpb.europa.eu.

9.3 Additional Rights for California Clients (CCPA/CPRA)

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties with whom we share it.
  • Right to Delete: Subject to exceptions, you may request deletion of your personal information.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Security

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, loss, disclosure, or alteration. These measures include:

  • Encryption of data in transit using TLS (Transport Layer Security)
  • Encryption of sensitive data at rest, including OAuth access and refresh tokens
  • Role-based access controls limiting employee access to client data on a need-to-know basis
  • Secure storage of credentials and secrets using a dedicated secrets management system
  • Regular security reviews and vulnerability assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected Clients and applicable regulatory authorities in accordance with applicable law (within 72 hours under GDPR; as required under applicable Canadian breach notification requirements under PIPEDA).

In addition, as required by Webflow's Developer Policy, GoBlinkly will notify Webflow at privacy@webflow.com of any security breach that impacts Webflow end users or their data.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. Our Service is intended solely for business use by adult representatives of commercial entities. If we become aware that we have inadvertently collected information from a minor, we will take steps to delete it promptly.

12. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., Stripe, Google). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

  • Sending an email notification to the address associated with your account, at least [30] days before the change takes effect; and
  • Posting the updated policy on our website with a revised "Last Updated" date.

Your continued use of the Service after the last updated date of the updated policy constitutes your acceptance of the changes. If you do not agree with the changes, you must stop using the Service and may close your account.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Province of Quebec and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. For EU clients, this policy is also subject to GDPR. For California clients, this policy is also subject to CCPA/CPRA.

15. Contact Us

For questions, requests to exercise your rights, or concerns about this policy, please contact our privacy team:

GoBlinkly

Email: privacy@goblinkly.com

Response Time: We aim to respond to all privacy requests within 30 days.

Data-driven content, zero guesswork.
Quick Links
Features
FAQ
Company
About Us
Privacy Policy
Terms and Conditions
Contact
Email
info@goblinkly.com
Follow us

© 2026 Goblinkly — Built for founders who want predictable content growth.

Privacy Policy
Terms and Conditions