Privacy Policy | Blog Monkee

Privacy Policy

Last updated: [DATE]

This Privacy Policy describes how [LEGAL ENTITY NAME] (“Blog Monkee”, “we”, “our”, “us”) collects, uses, and shares information about you when you use blog.monkee.ai, monkee.ai, any subdomain of monkee.ai, or the Blog Monkee dashboard (collectively, the “Service”).

1. What we collect

Account data

  • Email address — required to create an account and receive billing, security, and transactional emails.
  • Password — stored as a bcrypt hash. We never store or transmit plaintext passwords.
  • Role — user or administrator, for access control.

Integration credentials you provide

To publish content on your behalf, Blog Monkee stores the credentials you choose to connect:

  • WordPress Application Passwords — stored encrypted at rest, used to call the WordPress REST API.
  • WP Engine API credentials — stored encrypted at rest, used to bulk-import your WPE sites.
  • Easy Blog Networks API key + email — stored encrypted at rest.
  • Google Service Account JSON (optional) — stored encrypted at rest.
  • AWS S3 credentials (for your own client asset buckets, if configured) — stored encrypted at rest.

Usage data

  • Blog posts, outlines, campaigns, and metadata you generate through the Service.
  • Log data: IP address, user agent, timestamps of API calls, error logs for diagnostic purposes.
  • Aggregated job metrics (e.g., content generation latency, success/failure rates).

Cookies

We use a single session cookie (bm_jwt) in your browser’s localStorage to keep you signed in. We do not use third-party tracking cookies, advertising cookies, or cross-site identifiers.

2. How we use what we collect

  • To operate the Service: generate content on your instruction, publish it to the destinations you’ve connected, and keep your account secure.
  • To bill you: forward relevant account information to our payment processor, [STRIPE / OTHER], which handles all card data. We never see or store your full card number.
  • To communicate with you: send transactional emails, security alerts, and — only if you opt in — product updates.
  • To improve the Service: analyze aggregated, non-personal usage patterns.

We do not train any AI model on your content. We do not sell your data. We do not share your generated content with advertisers or any party other than the publishing destinations you explicitly configure.

3. Third parties we share with

Blog Monkee is a pipeline — it relies on third-party services to function. Data flows to each of the following, strictly scoped to what’s needed for each operation:

  • Google Gemini API — receives topic, outline, brand profile context, and SERP analysis. Covered by Google’s Gemini API Terms.
  • OpenAI API (fallback) — receives the same content-generation prompts as Gemini. Covered by OpenAI’s Terms.
  • Unsplash + Pexels APIs — receives search queries derived from your post content.
  • AWS S3 — in the region you specify or default us-east-1.
  • WordPress REST API — we transmit your finished posts to the WordPress sites YOU connect, using the credentials YOU provided.
  • Bing IndexNow — we submit URLs of your published posts. No account data transmitted.
  • Google PubSubHubbub or self-hosted WebSub hub — we submit your feed URL. No account data transmitted.
  • Render.com — all Service compute and database hosting. Covered by Render’s Privacy Policy.
  • [Nodemailer / SendGrid / Postmark] — receives your email address and the contents of transactional messages.
  • [STRIPE / OTHER] — receives billing information. We never see or store full card numbers.

4. Data location

The Service is hosted on Render in the [us-west / us-east / oregon] region. Your data is stored in PostgreSQL on Render and Redis on Render, both in the same region. Third-party services listed above may process data in other regions (typically United States). If you require EU data residency, contact help@monkee.ai — we offer custom deployment options on Network plans.

5. Data retention

  • Account data: retained for the life of your account, plus 30 days after cancellation for account-recovery purposes, then deleted.
  • Integration credentials: deleted immediately when you disconnect an integration or cancel your account.
  • Generated content: retained while your account is active. After cancellation, deleted after 30 days. Content that has been published to WordPress remains on your WordPress sites regardless — Blog Monkee does not host your published content.
  • Log data: retained for 30 days for diagnostic purposes, then automatically purged.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data; object to certain processing; and withdraw consent. To exercise any of these rights, email privacy@monkee.ai. We respond within 30 days.

EU/UK residents (GDPR/UK-GDPR)

You have additional rights including the right to lodge a complaint with your data protection authority. Our legal basis: contract performance (operating the Service) and legitimate interest (security, fraud prevention, product improvement).

California residents (CCPA/CPRA)

You have the right to know, delete, correct, and opt out of sale/sharing of your personal information. We do not sell your personal information.

7. Security

See our Security page for details on our infrastructure, encryption, and incident response.

8. Children

Blog Monkee is not intended for anyone under 16. We do not knowingly collect data from children.

9. Changes to this policy

When we materially change this policy, we’ll email you at the address on file and update the “Last updated” date above. Continued use of the Service after an update constitutes acceptance of the revised policy.

10. Contact

[LEGAL ENTITY NAME]
[LEGAL ENTITY ADDRESS]
Data requests: privacy@monkee.ai
General: help@monkee.ai