Privacy Notice
Last updated: 8 May 2026
1. Who we are
The Blog Mum Studio is operated by Stephanie Trump, a sole trader based in the United Kingdom, trading as "The Blog Mum Studio". For privacy matters we are the data controller of the personal data described below. Contact: theblogmum@gmail.com.
2. What we collect and why
| Category | Purpose | Legal basis (UK GDPR) |
|---|---|---|
| Account data (name, email, password hash) | Create and secure your account | Contract |
| Creator profile (niches, kids' ages, location, work status, platforms, goals) | Personalise the briefs and content the AI generates for you | Contract |
| Content you create (briefs, captions, planner entries, logged posts) | Provide the core service and store your work | Contract |
| Support messages | Reply to your enquiries | Legitimate interests / contract |
| Usage and device data (IP, browser, pages viewed, errors) | Security, fraud prevention, debugging, improving the product | Legitimate interests |
| Subscription / purchase status | Grant access to paid features and reflect entitlements | Contract |
Payment card details are collected and processed by Paddle, not by us — see "Who we share data with" below.
3. Who we share data with
- Hosting and database: Lovable Cloud (powered by Supabase) — stores your account, creator profile, and content.
- AI generation: Lovable AI Gateway, which routes prompts to providers such as Google and OpenAI to generate briefs and captions. Inputs sent for generation are processed only to return a response.
- Email: our email service provider, used to deliver transactional and account emails.
- Merchant of Record: Paddle.com Market Limited acts as Merchant of Record for all orders. Paddle handles payment, subscription management, tax compliance, invoicing, and customer service for purchases. See Paddle's privacy notice at paddle.com/legal/privacy.
- Professional advisers and authorities: where required by law or to protect our rights.
4. International transfers
Some of the providers above process data outside the UK/EEA (for example in the US). Where this happens we rely on appropriate safeguards such as the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or adequacy decisions.
5. How long we keep your data
We keep account and content data for as long as your account is active. If you delete your account we delete or anonymise your personal data within 30 days, except where we need to keep records for legal, tax, or accounting reasons (typically up to 6 years for purchase records).
6. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten");
- restrict or object to processing;
- data portability;
- withdraw consent (where we rely on consent);
- complain to the UK's Information Commissioner's Office (ico.org.uk).
To exercise any of these, email theblogmum@gmail.com. We respond within one month.
7. Security
We use encryption in transit (HTTPS), encryption at rest, access controls, and row-level security on our database to protect your data. No system is perfectly secure — please tell us promptly if you suspect a problem with your account.
8. Cookies
We use a small number of essential cookies and similar technologies to keep you signed in and to remember your preferences. We do not currently use third-party advertising cookies. If we add analytics or marketing cookies in future we will update this notice and ask for your consent where required.
9. Changes
We may update this notice from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be communicated by email or in-app notice.