← Back to home

Privacy Policy

Last updated: June 1, 2025

1. Introduction

ContentAI (“we,” “our,” or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25).

2. Information We Collect

  • Account data: email address, name, and password (hashed) when you register.
  • Content data: topics, tones, and generated content you create using our service.
  • Usage data: page views, feature usage, and session duration for analytics.
  • Payment data: billing information processed securely by Stripe — we never store card numbers.
  • Technical data: IP address, browser type, device identifiers, and cookies.

3. How We Use Your Information

  • To provide, maintain, and improve the ContentAI service.
  • To process payments and manage subscriptions.
  • To send transactional emails (account confirmations, billing receipts).
  • To send marketing emails where you have given consent (you may opt out at any time).
  • To analyze usage patterns and improve our product.
  • To comply with legal obligations.

4. Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contract performance: to deliver the service you signed up for.
  • Consent: for marketing communications and optional analytics.
  • Legitimate interests: for security monitoring and fraud prevention.
  • Legal obligation: to comply with applicable laws.

5. Data Sharing and Third Parties

We share your data only with:

  • Supabase — database and authentication (EU-hosted, SOC 2 compliant).
  • Anthropic — AI content generation (your prompts are sent to their API; see Anthropic's privacy policy).
  • Stripe — payment processing (PCI DSS Level 1 compliant).
  • Resend — transactional email delivery.
  • Law enforcement — only when required by law or court order.

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Generated content is retained until you delete it. You may request deletion of your account and all associated data at any time.

7. Your Rights

Under PIPEDA and Quebec Law 25, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Withdraw consent for optional processing (e.g., marketing emails).
  • Request deletion of your personal information.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise these rights, contact us at privacy@contentai.app. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We use optional analytics cookies with your consent. You may withdraw cookie consent at any time via the cookie settings banner or your browser settings.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), row-level security on all database tables, hashed passwords, and regular security audits. However, no system is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on our website.

11. Contact

For privacy inquiries, contact our Privacy Officer at privacy@contentai.app.