Privacy Policy

Effective date: June 1, 2026 · Version: 2026-06-01

Contents

  1. Who we are
  2. Personal data we collect
  3. How we use your data
  4. Sub-processors and third parties
  5. International data transfers
  6. Data retention
  7. Your rights
  8. Cookies
  9. Security
  10. Children's privacy
  11. Changes to this policy
  12. Contact us

Unomage sp. z o.o. ("Unomage", "we", "us", "our") operates the Unomage platform — an AI-powered blog post generation and publishing service. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

By creating an account or using our services, you confirm that you have read and understood this policy.

1. Who we are

Unomage sp. z o.o. is the data controller responsible for your personal data.
Registered in Poland under Polish commercial law.

For all privacy-related enquiries, contact us at [email protected].

2. Personal data we collect

Account and identity data

  • Full name and email address (provided at registration)
  • Password (stored as a one-way cryptographic hash; we never have access to your plaintext password)
  • Country and preferred language (selected during registration)

Social login data

  • When you sign in with Google or Apple, we receive your name and email address from those providers. We do not receive your password or payment details from them.

Service configuration data

  • WordPress site URL, username, and application password (stored encrypted)
  • Telegram chat ID (only if you choose to connect the Telegram approval bot)
  • Content preferences: niche, audience, tone, post length, language, schedule settings

Content data

  • Blog topics, keywords, and briefs you submit for generation
  • AI-generated blog posts stored in your account
  • Author voice/persona configurations

Subscription and billing data

  • Subscription plan and status, credit balance, billing history
  • Payment card details are processed and stored exclusively by Stripe. We do not see or store your full card number.

Technical and usage data

  • IP address (used for security checks via Cloudflare Turnstile)
  • Browser type, device characteristics (collected by Cloudflare for fraud prevention)
  • Session data (stored in a server-side session cookie)
  • Generation pipeline logs (job status, timestamps, error messages)

Contact form data

  • Name, email address, and message content submitted via the contact form

Consent records

  • Date, time, and version of the Terms of Service and Privacy Policy you accepted at registration
  • Marketing email consent status and the date it was last changed

3. How we use your data

PurposeLegal basis
Creating and managing your accountPerformance of contract
Generating and publishing AI blog postsPerformance of contract
Processing payments and managing subscriptionsPerformance of contract
Sending transactional emails (account confirmation, password reset, billing receipts)Performance of contract
Sending marketing emails about new features and offersConsent (opt-in; you may withdraw at any time in account settings)
Fraud prevention and security checks (Cloudflare Turnstile)Legitimate interest
Complying with legal obligationsLegal obligation

4. Sub-processors and third parties

We share personal data only with the following categories of service providers who process it on our behalf under a Data Processing Agreement (DPA). We do not sell your personal data to any third party.

ProviderPurposeLocation
HostingerWebsite hosting and infrastructureLithuania (EU)
AnthropicAI content generationUSA
StripePayment processingUSA
CloudflareSecurity (Turnstile CAPTCHA), CDN, DDoS protectionUSA
GoogleOAuth sign-in ("Sign in with Google")USA
AppleOAuth sign-in ("Sign in with Apple")USA
TelegramOptional approval bot notifications (only if you connect Telegram)UAE / UK

Note on Cloudflare Turnstile

We use Cloudflare Turnstile, an invisible security widget that protects our login and registration forms from bots. Turnstile collects device and browser signals (including IP address) to verify that you are a human. This processing is subject to the Cloudflare Turnstile Privacy Addendum.

Note on Telegram

Connecting the Telegram approval bot is entirely optional. If you choose to connect it, we store only your Telegram chat ID. Telegram operates under its own Privacy Policy and we have no Data Processing Agreement with Telegram. By connecting the bot you acknowledge that notifications will be processed by Telegram's infrastructure.

Note on AI providers

To generate blog posts, we send your content briefs, keywords, and configuration preferences to our AI provider(s). We currently use Anthropic. We may also use OpenAI, Google (Gemini), or Mistral in the future. All AI providers we use have signed a DPA with us and are prohibited from using your data to train their own models.

5. International data transfers

Some of our sub-processors are based in the United States. We ensure that any transfer of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to the USA is made using appropriate safeguards:

  • EU–US Data Privacy Framework (DPF) — Anthropic, Stripe, Cloudflare, and Google are certified under the DPF.
  • Standard Contractual Clauses (SCCs) — included in the DPA with Anthropic and Stripe for additional protection.

6. Data retention

Data typeRetention period
Account and profile dataFor the duration of your account, plus 3 years after deletion
Generated content (blog posts)For the duration of your account; deleted within 30 days of account deletion
Billing and transaction records5 years (required by Polish and EU tax law)
Consent records5 years from the date of consent (required to demonstrate compliance)
Contact form messages2 years
Server and pipeline logs90 days

7. Your rights

Depending on your location, you have the following rights regarding your personal data:

EU, UK, and Switzerland (GDPR / UK GDPR / nDSG)

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (subject to legal retention obligations)
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to restrict processing — request that we limit how we use your data
  • Right to withdraw consent — withdraw marketing consent at any time in your account settings
  • Right to lodge a complaint — you may lodge a complaint with your national data protection authority (in Poland: UODO — uodo.gov.pl)

United States — California (CCPA / CPRA)

  • Right to know what personal data we collect and how it is used
  • Right to delete your personal data
  • Right to correct inaccurate personal data
  • Right to opt out of the sale or sharing of personal data — we do not sell or share your personal data for cross-context behavioural advertising
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

We use only strictly necessary cookies required to operate the service:

  • PHPSESSID — server-side session cookie; keeps you logged in during your browser session
  • form_key — CSRF protection token; prevents cross-site request forgery attacks
  • store — remembers your selected language/country store view

We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required because all cookies we set are strictly necessary for the service to function.

If we add analytics tools (such as Google Analytics) in the future, we will update this policy and implement appropriate consent mechanisms for EU/UK users before doing so.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS) for all data between your browser and our servers
  • Passwords stored as one-way cryptographic hashes
  • Sensitive credentials (e.g. WordPress application passwords) stored encrypted at rest
  • Access to personal data restricted to personnel who need it to provide the service
  • Cloudflare protection against DDoS attacks and malicious traffic

No system is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by law.

10. Children's privacy

Our service is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date at the top of this page. The version in force at any time is the one published at /privacy-policy. Continued use of the service after notification constitutes acceptance of the updated policy.

12. Contact us

Unomage sp. z o.o.
For privacy requests, data deletion, data export, or any other data protection enquiry:
[email protected]