Skip to content
InflozoJoin the waitlist
PricingFeaturesCompareBlogDocsJoin the waitlist
Legal

Privacy Policy

Last updated June 29, 2026

This is plain-English draft legal information published for pre-launch and payment-provider review. It is not final legal advice and will be reviewed before Inflozo opens paid plans.

This policy describes the personal data Inflozo processes, why, and the rights you have over it. Inflozo is pre-launch, so this draft is published for review and will be finalised before paid plans open.

Data we process

  • Account data: your email address, and session and device information used for magic-link sign-in and active-session management.
  • Ghost connection secrets: the Ghost Content and Admin API keys you provide. Your Ghost API keys are encrypted at rest and are only ever used by server-side jobs — they are never exposed to client-side JavaScript.
  • Content snapshots: the posts, pages, tags, authors, and site metadata Inflozo fetches from a connected Ghost site to render your designs.
  • Project data: the themes, components, assets, comments, and version history you create in the builder.
  • Billing data: handled by our payment provider as Merchant of Record; Inflozo stores only a reference to the provider’s record, not your raw card details.
  • Security and usage logs: IP address, security/audit events, and product usage events used to operate and protect the service.

Service providers

We rely on infrastructure and service providers to run Inflozo, including a cloud database and authentication provider, object storage, transactional email, error monitoring, and a payment Merchant of Record (Dodo Payments, with Paddle as fallback). We plan to use Plausible Analytics for privacy-friendly, cookieless aggregate marketing analytics. Each provider processes data only to provide its part of the service.

Where data is stored

Inflozo is built with an EU storage posture: primary databases and object storage are configured for EU jurisdiction. Some providers may process limited data in other regions under appropriate safeguards.

Your rights

Subject to applicable law you can access, correct, export, or delete your personal data, and object to or restrict certain processing. You can export your project data and delete your account, after which we remove your data according to our retention schedule.

Retention

We keep account and project data while your account is active. After an account deletion request, backup purge is targeted within 30 days. Magic-link security logs are retained for 90 days, soft-deleted projects for 30 days, soft-deleted assets for 14 days, pre-migration backups for 30 days, and preview access logs for 30 days with hashed IP addresses. Billing and tax records are retained by the active Merchant of Record for 7 years. Change history and export artifacts follow the plan-based retention windows described in the product terms.

Cookies and tracking

Our use of cookies and any analytics is described in the cookie policy. Analytics and waitlist capture will only run after you have given consent where consent is required.

Contact

For privacy questions or to exercise your rights, email hello@inflozo.com.