PRIVACY POLICY
Effective / last updated: 2026-07-07
1. Introduction and Data Controller
This Privacy Policy ("Policy") explains how Miranda Mountain Mediaworks LLC ("Company," "we," "us," or "Blogyeah") collects, uses, and protects personal data in connection with the Blogyeah platform, available at blogyeah.com and app.blogyeah.com, in compliance with the EU General Data Protection Regulation (GDPR).
Controller details:
- Legal name: Miranda Mountain Mediaworks LLC
- Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States
- Contact person: Gergely Nemeti
- Email: info@blogyeah.com
- Website / app: blogyeah.com / app.blogyeah.com
Blogyeah is a B2B SaaS platform for AI-powered blog content automation. Customers connect their WordPress blog and configure AI writer agents; the platform automatically researches topics and generates blog posts, newsletters, and social media content using AI.
2. Categories of Personal Data We Process
| # | Category | Description |
|---|---|---|
| 1 | Customer account data | Name, email address, company information, collected at registration via Supabase Auth |
| 2 | Blog configuration data | WordPress site URL and API credentials, stored encrypted (AES-256-GCM) |
| 3 | Content data | AI-generated blog posts, newsletter drafts, and topic ideas |
| 4 | Payment data | Billing is handled entirely by Stripe; we do not store card numbers |
| 5 | Newsletter subscriber emails | Collected via the customer's public subscribe pages, on the customer's behalf |
| 6 | Usage data | Subscription status, post quotas, service order history |
| 7 | Log data | Standard server logs for security and debugging |
Important distinction between roles: For items 1, 2, 3, 4, 6, and 7, Blogyeah acts as the data controller. For newsletter subscriber emails (item 5), Blogyeah acts as a data processor on behalf of the relevant customer.
3. Legal Basis and Purposes of Processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the SaaS service and performing the contract | Art. 6(1)(b) — performance of a contract |
| Security, fraud prevention, service improvement | Art. 6(1)(f) — legitimate interests |
| Newsletter subscription (for end subscribers) | Art. 6(1)(a) — consent |
| Website analytics (GA4, Microsoft Clarity) | Art. 6(1)(a) — consent |
4. Sub-processors and Recipients
| Provider | Location | Purpose |
|---|---|---|
| OpenAI | USA | AI text generation (blog posts, newsletters, social kits) |
| Black Forest Labs (BFL) | Germany | AI image generation (Flux.2) — blog post cover images |
| Google Cloud / Vertex AI | USA | Text embeddings (Gemini) |
| Google LLC (Google Analytics 4) | USA | Website traffic analytics — consent-based only |
| Microsoft Corporation (Microsoft Clarity) | USA | Session replay and heatmap analysis — consent-based only |
| Google Search Console API | USA | Access to website traffic and search ranking data via OAuth, for monthly analytics reports |
| Stripe | USA | Payment processing and subscription management |
| Supabase | USA | Authentication and database hosting |
| Resend | USA | Transactional and newsletter email delivery |
| Vercel | USA | Web application hosting |
| Hetzner | Germany | API server hosting |
We have entered into data processing agreements with each sub-processor pursuant to Art. 28 GDPR.
5. International Data Transfers
Personal data is transferred to the United States for processing by several sub-processors listed above. These transfers are made under the Standard Contractual Clauses (SCCs) approved by the European Commission, providing appropriate safeguards under Art. 46 GDPR.
6. Data Retention
Account data is retained for the duration of the subscription plus 30 days after cancellation. Anonymized analytics data may be retained for a longer period.
Newsletter subscriber email addresses: Email addresses are retained for as long as the subscriber remains active. Upon unsubscribing, the email address is immediately and permanently deleted from our systems.
7. Your Rights Under the GDPR
Under Articles 15–22 GDPR, you have the right to: access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent.
To exercise these rights, contact us at info@blogyeah.com
Right to lodge a complaint: You may lodge a complaint with the supervisory authority of your habitual residence or place of work, including the Hungarian NAIH (www.naih.hu) or the German BfDI (www.bfdi.bund.de).
8. Children's Data
Blogyeah is a B2B service not directed at individuals under 18.
9. Cookies
Blogyeah uses session cookies for authentication and, where consent is given, analytics cookies (Google Analytics 4, Microsoft Clarity) on the public marketing site. Full details are in our separate Cookie Policy.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated via email.
11. Contact
info@blogyeah.com (contact: Gergely Nemeti)