BlessAI API Services - Privacy Policy
Last Updated: January 2025
1. Introduction
This Privacy Policy explains how BlessAI ("we", "us", "our") collects, uses, and protects information when you use our API services. We are committed to protecting your privacy and handling your data responsibly.
Important: BlessAI acts as an intermediary service that transmits data to third-party AI providers (OpenAI, Anthropic, Google). This policy covers BlessAI's data practices. You must also review the privacy policies of your chosen AI provider.
2. Information We Collect
2.1 Blessing Generation Service Data
When you use our blessing generation service, we collect:
- Customer Input Data: Sender name, recipient name, gender information (optional), occasion details, relationship context
- Service Parameters: Selected language, font, frame, text color preferences
- Technical Data: Your domain name, timestamp, selected AI provider
- API Credentials: Your third-party AI provider API key (transmitted securely, not stored)
2.2 Shop Information Service Data
When you use our shop information service, we collect:
- Shop Details: Domain name, shop description, contact information
- Account Information: Admin email address, service plan details
- Usage Data: API call frequency, service usage statistics
- Billing Information: Service plan status, subscription details
3. How We Use Your Information
| Purpose |
Data Used |
Legal Basis |
| Blessing Generation |
Customer input data, service parameters |
Service delivery, legitimate interest |
| Service Coordination |
API credentials, technical data |
Service delivery |
| Account Management |
Shop details, usage data |
Contract performance |
| Usage Analytics |
Aggregated usage statistics |
Legitimate interest |
| Support Services |
Request logs, error data |
Legitimate interest |
4. Data Sharing and Third-Party Services
4.1 Third-Party AI Providers
We transmit blessing generation data to your chosen AI provider:
Your Responsibility: You must review and comply with your chosen AI provider's privacy policy and terms of service. You are responsible for obtaining proper consent from your customers for data transmission to these third-party services.
4.2 No Other Third-Party Sharing
We do not share your data with any other third parties except:
- When required by law or legal process
- To protect our rights or prevent fraud
- With your explicit consent
5. Data Storage and Security
5.1 Data Storage
- Request Logs: Stored for up to 90 days for service improvement and support
- Shop Information: Stored for the duration of your service usage
- Usage Statistics: Stored for billing and analytics purposes
- API Keys: Not stored - transmitted securely to third-party providers
5.2 Security Measures
- All data transmission encrypted using HTTPS/TLS
- Database encryption at rest
- Regular security audits and updates
- Access controls and authentication
- Secure API key transmission (not stored)
6. Data Retention
We retain data for the following periods:
- API Request Logs: 90 days
- Shop Information: Until account deletion or service termination
- Usage Statistics: 3 years for billing and analytics
- Error Logs: 30 days
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request information about data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request a copy of your data
- Restriction: Request limiting processing of your data
- Objection: Object to processing based on legitimate interest
8. International Data Transfers
Your data may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Adequacy decisions by relevant authorities
- Standard contractual clauses
- Other legally recognized transfer mechanisms
9. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
10. Data Processing Purposes
We process your data for the following specific purposes:
- Service Delivery: Providing blessing generation and shop management services
- Quality Assurance: Monitoring service performance and improving our offerings
- Support: Providing customer support and troubleshooting
- Analytics: Understanding usage patterns to improve our services
- Legal Compliance: Complying with applicable laws and regulations
11. Cookies and Tracking
Our API services do not use cookies or tracking technologies. However, standard web server logs may contain technical information such as IP addresses and user agents.
12. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify you within 72 hours if required by law
- Provide information about the nature of the breach
- Explain measures taken to address the breach
- Advise on steps you can take to protect yourself
13. Privacy Policy Updates
We may update this privacy policy from time to time. When we make changes, we will:
- Update the "Last Updated" date
- Notify you of material changes via email or service notifications
- Provide the updated policy on our website
14. Legal Basis for Processing (GDPR)
For users in the European Union, our legal basis for processing includes:
- Contract Performance: Processing necessary for service delivery
- Legitimate Interest: Service improvement, analytics, and support
- Consent: Where you have provided explicit consent
- Legal Obligation: Compliance with applicable laws
16. Supervisory Authority
If you are in the European Union and have concerns about our data practices, you have the right to lodge a complaint with your local data protection supervisory authority.