Privacy Policy
Last updated: January 20, 2025
1. Introduction
Welcome to ContentJet ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI content generation platform.
By using ContentJet, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
Identity Data:
First name, last name, username, profile picture
Contact Data:
Email address, billing address
Financial Data:
Payment method details, billing history, subscription plan (Payment data is processed securely by Stripe — we never store your full card details)
Content Data:
Text inputs, prompts, keywords, tone preferences, generated content, saved templates, content history
Account Preferences:
API key configurations, usage settings, notification preferences
2.2 Information Collected Automatically
Technical Data:
IP address, browser type and version, operating system, device type, time zone, language preferences
Usage Data:
Pages visited, features used, AI generation frequency, session duration, click patterns, error logs
Cookie Data:
Session identifiers, authentication tokens, preference settings
3. How We Use Your Information
We use your data only when legally permitted:
Service Delivery:
- Create and manage your account
- Process AI content generation requests
- Handle payments and subscriptions
- Store your content history
- Provide customer support
Service Improvement:
- Analyze usage patterns to improve features
- Debug technical issues
- Optimize AI generation quality
- Develop new features
Communication:
- Send transactional emails (invoices, password resets)
- Notify about service updates
- Respond to support requests
- Send marketing emails (only with your consent)
Legal Compliance:
- Comply with legal obligations
- Prevent fraud and abuse
- Enforce our Terms of Service
4. Third-Party Services
We use the following third-party services to operate ContentJet:
Clerk (Authentication)
- Purpose: User authentication, account management
- Data Shared: Email, name, OAuth tokens, session data
- Privacy Policy: https://clerk.com/privacy
Stripe (Payments)
- Purpose: Payment processing, subscription management
- Data Shared: Billing details, transaction data
- Privacy Policy: https://stripe.com/privacy
- Note: Stripe is PCI DSS Level 1 certified. We never store your full card details.
OpenAI (AI Content Generation)
- Purpose: Processing content generation requests
- Data Shared: Your prompts and input text
- Privacy Policy: https://openai.com/privacy
- Important: OpenAI does NOT use API-submitted data to train their models. Your content remains private.
Vercel (Hosting)
- Purpose: Application hosting, CDN, performance
- Data Shared: IP address, access logs
- Privacy Policy: https://vercel.com/legal/privacy-policy
Database Provider
- Purpose: Data storage via Prisma ORM
- Data Shared: Account and content data (encrypted)
We do NOT sell your personal information to any third party.
5. Cookies and Tracking
Essential Cookies (Required)
- Authentication session (via Clerk)
- Security tokens
- These cannot be disabled
Functional Cookies (Optional)
- UI preferences (theme, language)
- Saved settings
Analytics Cookies (Optional)
- Usage statistics
- Performance monitoring
- Can be disabled in settings
Managing Cookies
- Adjust cookie preferences in your browser settings
- Disable optional cookies via Dashboard → Settings → Privacy
- Note: Disabling essential cookies may break functionality
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Duration of account + 30 days after deletion |
| Content History | Until manually deleted or account closure |
| Payment Records | 7 years (legal/tax requirement) |
| Usage Logs | 90 days |
| Backups | Up to 90 days after data deletion |
Account Deletion:
You can delete your account via Dashboard → Settings → Account. All associated data will be removed within 30 days, except where retention is required by law.
7. Data Security
We implement industry-standard security measures:
Technical:
- HTTPS/TLS encryption in transit
- Database encryption at rest
- Secure API authentication
- Regular security audits
Organizational:
- Role-based access control
- Multi-factor authentication (via Clerk)
- Limited employee access on need-to-know basis
Third-Party Security:
- Clerk: SOC 2 Type II certified
- Stripe: PCI DSS Level 1 certified
- Vercel: Enterprise-grade security
Data Breach Protocol
In the event of a data breach affecting your personal data:
- We will notify affected users within 72 hours
- We will inform relevant authorities as required by law
- We will take immediate steps to contain and remediate
8. Your Rights
You have the following rights regarding your personal data:
| Right | How to Exercise |
|---|---|
| Access | Dashboard → Settings → Privacy → Download My Data |
| Correction | Edit your profile in account settings |
| Deletion | Dashboard → Settings → Account → Delete Account |
| Portability | Export data in machine-readable format via settings |
| Objection | Opt out of marketing via email preferences |
| Withdraw Consent | Disable optional cookies, unsubscribe from emails |
To exercise any right:
- Use the in-app options listed above, OR
- Email: privacy@contentjet.com
- We will respond within 30 days
9. GDPR Compliance (EU/UK Users)
If you are located in the EU, EEA, or UK:
Legal Basis for Processing:
- Contract: Providing our service to you
- Legitimate Interest: Improving our platform, security
- Legal Obligation: Tax records, legal compliance
- Consent: Marketing communications, optional cookies
Additional Rights:
- Lodge a complaint with your local supervisory authority
- Object to automated decision-making
- Request restriction of processing
Data Controller: ContentJet
Contact: dpo@contentjet.com
10. CCPA Compliance (California Users)
If you are a California resident:
- Right to Know: What data we collect and why
- Right to Delete: Request deletion of your data
- Right to Opt-Out: We do NOT sell personal information
- Non-Discrimination: We will not treat you differently for exercising your rights
To exercise CCPA rights:
Email privacy@contentjet.com with subject "CCPA Request"
11. Children's Privacy
ContentJet is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such data, please contact us immediately at privacy@contentjet.com. We will delete the information within 72 hours.
12. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. For EU/UK users, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Service provider compliance certifications
- Encryption and security measures
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email to your registered address
- Notice in your dashboard
- Updating the "Last Updated" date
Continued use after changes constitutes acceptance. If you disagree, please stop using the service and contact us to delete your account.
14. For Developers (Boilerplate Users)
If you are using ContentJet as a boilerplate to build your own SaaS application:
⚠️ Important:
- You MUST create your own privacy policy for your end users
- You become the data controller for your users' data
- This policy covers ContentJet's handling of developer/buyer data ONLY
- Consult a legal professional for your specific needs
15. Contact Us
Privacy Questions:
Email: privacy@contentjet.com
General Support:
Email: support@contentjet.vercel.app
Data Protection Officer:
Email: dpo@contentjet.com
Mailing Address:
ContentJet
123 Main Street
San Francisco, CA 94102
United States
Response Time: Within 48 business hours
© 2025 ContentJet. All rights reserved.