Privacy Policy

Who we are

reblogger.ai.ai is a brand of the twentyfirst media group, operated by FollowerX GmbH, Bei St. Annen 2, 20457 Hamburg, Germany. For legal information, see our Imprint. This Privacy Policy explains how we process personal data in accordance with the GDPR, TTDSG/ePrivacy, and, where applicable, CCPA/CPRA.

Categories of personal data we process

• Account data: email, password hash, language, plan/subscription info, billing identifiers (e.g., Stripe customer ID)
• Company/user profile data: name, address, phone, VAT number (if provided)
• Authentication and session data: session tokens, JWT claims, last login timestamp
• Usage and API data: API keys, WordPress plugin keys (hashed in DB), request metadata, logs, rate/credit usage
• Content data: topics or source URLs submitted, generated article content, associated images
• Payment data: handled by Stripe; we receive status and identifiers, not full card details
• Technical data: IP address, user agent, device information, timestamps
• Cookies and similar technologies: session/auth cookies, CSRF, guest attempt cookie

Purposes and legal bases (GDPR Art. 6)

• Provide and operate the service, including account and session management (Art. 6(1)(b))
• Process payments and manage subscriptions via Stripe (Art. 6(1)(b) and (f))
• Generate content via external AI providers and serve images (Art. 6(1)(b))
• Secure the service, prevent abuse, enforce limits, and debug (Art. 6(1)(f))
• Comply with legal obligations (Art. 6(1)(c))
• Communicate service updates and transactional notices (Art. 6(1)(b) and (f))

Authentication and accounts

We use NextAuth with email (SMTP via one.com) and credentials authentication. Passwords are stored as bcrypt hashes. Sessions use JWT strategy. Account and session details are stored in our database via Prisma.

Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

Subprocessors and recipients

We may also share data where required by law or to protect our rights and users.

International transfers

When data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures as needed.

Cookies and similar technologies (TTDSG/ePrivacy)

We use essential cookies for authentication sessions, CSRF protection, and to count limited guest attempts. See our Cookie Policy for details. We currently do not deploy analytics or marketing cookies; if implemented later, we will request consent and update this Policy.

Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Object to processing of your personal data
• Request data portability

You also have the right to lodge a complaint with a supervisory authority. For Germany, this is typically your state's data protection authority.

California privacy rights (CCPA/CPRA)

For California residents, we disclose the categories of personal information collected (identifiers, customer records, commercial information, internet activity), purposes (as above), sources (you, devices, service providers), and disclosures to service providers. We do not sell or share personal information as defined by the CCPA/CPRA. You may exercise rights to access, deletion, and correction as described in this Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: