Privacy Policy

Effective Date: February 19, 2026 Last Updated: February 23, 2026

inblog Inc. ("Company," "we," "us," or "our") operates the neopress website builder platform accessible at neopress.io (the "Service"). This Privacy Policy describes how we collect, use, and share information about you when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account using Google or GitHub Sign-In, we access the following information from your account:

• Display name (from your Google or GitHub profile)
• Email address (from your Google or GitHub account)
• Profile picture URL (if available)

We use this information solely to create and maintain your neopress account. We do not access your contacts, calendar, drive files, or any other data from your social login provider. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Legal basis for collection: Performance of the contract (providing the Service you signed up for).

1.2 Payment Information

When you make a purchase, Paddle.com Market Limited ("Paddle") processes your payment as our Merchant of Record. Paddle collects and processes your payment information (such as credit card number, billing address, and transaction details) directly. We do not store your full payment card numbers. For details on how Paddle handles your data, please see Paddle's Privacy Policy.

Legal basis for collection: Performance of the contract and legal obligations (tax/accounting).

1.3 Usage Data

We automatically collect certain information when you use the Service, including:

• IP address
• Browser type and version
• Pages visited and time spent
• Referring URL
• Device information

This data is collected through our backend provider (Supabase) for debugging and service improvement purposes.

Legal basis for collection: Legitimate interest in maintaining and improving the Service.

1.4 User Content

When you create websites using the Service, we store your website content (pages, text, settings) in our database. When you use AI-powered features, your prompts and related content are sent to third-party AI providers for processing (see Section 4).

Legal basis for collection: Performance of the contract.

1.5 Uploaded Files

When you upload files (images, documents, etc.) to the Service, these files are stored on Cloudflare R2 cloud storage infrastructure. Uploaded files may contain metadata (such as EXIF data in images, which can include location information and device details). We do not actively extract or process file metadata, but it may be accessible if included in your uploads. You are responsible for removing sensitive metadata from files before uploading.

Files associated with published websites are publicly accessible via URL.

Legal basis for collection: Performance of the contract.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related information
• Send administrative and transactional emails (e.g., account verification, trial reminders, subscription notifications)
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues and fraudulent activity
• Power AI features for content generation and website building

3. Data Sharing and Third-Party Services

We share your information with the following third-party service providers:

| Service | Country | Purpose | Data Shared | |---------|---------|---------|-------------| | Supabase | United States | Backend infrastructure, database, authentication | Account data, website content, usage logs | | Paddle | United Kingdom | Payment processing (Merchant of Record) | Email, billing information | | Resend | United States | Transactional email delivery | Email address, name | | Cloudflare R2 | United States | File and image storage | Uploaded files | | Anthropic (Claude) | United States | AI content generation | User prompts, page content | | OpenAI (GPT) | United States | AI content generation | User prompts, page content | | Google AI (Gemini) | United States | AI content generation, image analysis | User prompts, page content, uploaded images | | Cerebras | United States | AI content generation | User prompts, page content | | Vercel | United States | Hosting, domain management | Domain configuration | | ScreenshotOne | United States | Reference website screenshots | URLs provided by user | | Pexels | United States | Stock image search (optional) | Image search queries |

We do not sell or share your personal information to third parties for advertising or cross-context behavioral advertising purposes.

4. AI-Powered Features

Use of Third-Party AI Services

The Service uses third-party artificial intelligence services — including Anthropic (Claude), OpenAI, Google AI (Gemini), and Cerebras — to generate website content, provide suggestions, and assist with page creation. When you use AI features, your prompts and related content are sent to these providers for processing.

AI Data Usage

Your interactions with AI features (prompts, inputs, generated outputs) are processed by third-party AI providers subject to their respective data handling policies. We do not use your content to train AI models. Please refer to each provider's terms for details on their data practices.

5. International Data Transfers

We transfer your personal information to overseas recipients as follows:

| Recipient | Country | Data Transferred | Purpose | Retention Period | |-----------|---------|------------------|---------|-----------------| | Supabase Inc. | United States | Account data, website content, usage logs | Backend infrastructure, database, authentication | Duration of account | | Paddle.com Market Limited | United Kingdom | Email, billing information | Payment processing as Merchant of Record | Per Paddle's retention policy | | Cloudflare Inc. (R2) | United States | Uploaded files (images, documents) | File storage for user websites | Duration of account | | Anthropic / OpenAI / Google / Cerebras | United States | User prompts, page content | AI-powered content generation | Per each provider's data policy | | Resend Inc. | United States | Email address, name | Transactional email delivery | Per Resend's retention policy | | Vercel Inc. | United States | Domain configuration | Hosting and domain management | Duration of account | | ScreenshotOne | United States | URLs provided by user | Reference website screenshots | Not retained | | Pexels | United States | Image search queries | Stock image search | Not retained |

Legal basis for transfer: These transfers are necessary for the performance of our contract with you (providing the Service).

Right to refuse: You may refuse the overseas transfer of your personal information by contacting us. However, refusal may result in inability to use certain features of the Service that depend on overseas infrastructure.

6. Data Retention

We retain your personal information and User Content for as long as your account is active. Upon account deletion:

• Account data (name, email): Deleted within a reasonable timeframe, typically 30 days
• Website content (pages, media, files): Deleted within a reasonable timeframe, typically 30 days
• Payment records: Retained as required by tax and accounting laws (typically 5 years)
• AI interaction logs: Deleted within a reasonable timeframe, typically 30 days
• Backup copies: May persist in encrypted backups for up to 90 days before automatic deletion

Published websites will be taken offline immediately upon account deletion or cancellation.

Data Destruction Methods

When personal information is no longer needed, we destroy it without delay using the following methods:

• Electronic files: Permanently deleted using technical methods that render recovery impossible
• Paper documents: Destroyed by shredding or incineration

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under South Korean PIPA (Personal Information Protection Act):

• Right to access your personal information
• Right to correct inaccurate information
• Right to request deletion of your data
• Right to request disclosure of data usage
• Right to withdraw consent
• Right to refuse overseas transfer of personal information

Under EU/UK GDPR:

• Right of access, rectification, and erasure
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent

Under California CCPA/CPRA:

• Right to know what personal information is collected
• Right to correct inaccurate personal information
• Right to delete personal information
• Right to opt-out of the sale or sharing of personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination

To exercise any of these rights, you may contact us at the email address listed below. We will respond to your request within the timeframe required by applicable law.

8. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Access restrictions based on the principle of least privilege
• Regular security monitoring and vulnerability assessments

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights, we will:

• Notify affected individuals without undue delay
• Notify the Personal Information Protection Commission (PIPC) within 72 hours of becoming aware of the breach, as required by Korean PIPA
• Notify relevant supervisory authorities as required by applicable law (e.g., GDPR, CCPA)

10. Children's Privacy

Our Service is not directed to children. In the United States, we do not knowingly collect personal information from children under the age of 13, in accordance with COPPA. In South Korea, we do not knowingly collect personal information from children under the age of 14 without verifiable parental consent, in accordance with PIPA. In the European Union and United Kingdom, we do not knowingly collect personal information from children under the age of 16, in accordance with GDPR.

If we become aware that we have collected data from a child under the applicable age, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page, updating the "Last Updated" date, and by email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Personal Information Protection Officer

In accordance with South Korean PIPA, the following person is designated as the Personal Information Protection Officer responsible for handling all matters related to personal data:

• Name: Sangwon Im
• Title: CEO
• Email: contact@email.neopress.ai
• Phone: +82-503-7150-2997

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: contact@email.neopress.ai
• Phone: +82-503-7150-2997
• Company: inblog Inc.
• Address: 304, 27, Nambusunhwan-ro 218-gil, Gwanak-gu, Seoul 08787, South Korea