🔒 Your Privacy Matters

Privacy Policy

We take your privacy seriously. Learn how we collect, use, and protect your data with enterprise-grade security.

🔐 End-to-End Encryption
🛡️ GDPR Compliant
🔒 Secure API Handling
Last Updated
10/22/2025
Detailed Privacy Information

1. Information We Collect

Account Information

  • Name, email address, and encrypted password
  • Account role (User or Admin) and subscription plan type (Free, Starter, Pro)
  • Billing information processed securely through Stripe (we never store full credit card details)
  • Profile preferences, timezone, and notification settings

Integration & API Data

  • OpenAI API Keys: Encrypted and stored securely - you maintain full ownership and control
  • WordPress Credentials: Site URLs, application passwords (encrypted), and connection status
  • Affiliate Program Data: Amazon Associate IDs, tracking tags (for users with affiliate add-ons)
  • OAuth tokens for Google Sign-In (if used) - stored securely with refresh capabilities

Content & Usage Information

  • Generated blog posts, affiliate reviews, and campaign configurations
  • Content generation history, scheduling data, and publishing status
  • Campaign settings: keywords, tone, writing style, GPT model preferences
  • Usage metrics: monthly post counts, campaign counts, connected sites (for billing cycle tracking)
  • Website interaction data and performance analytics (anonymized where possible)

Subscription & Billing Data

  • Current plan and subscription status (Active, Inactive, Canceled, Past Due)
  • Active add-ons: extra posts, additional sites, affiliate program access
  • Billing cycle dates, subscription start/end dates, and renewal information
  • Payment history and transaction records (via Stripe)
  • Stripe customer IDs and subscription IDs for payment processing

2. How We Use Your Information

Service Delivery

  • Content Generation: Using your OpenAI API key to generate humanized blog posts and affiliate product reviews
  • WordPress Integration: Automatically publishing content to your connected WordPress sites using your credentials
  • Affiliate Marketing: Scraping Amazon product data and generating authentic reviews (for users with affiliate add-ons)
  • Campaign Management: Scheduling, automating, and tracking your content campaigns
  • Image Handling: Processing and uploading featured images and additional images to your WordPress sites

Account & Billing Management

  • Processing payments securely through Stripe for paid plans and add-ons
  • Managing subscription upgrades, downgrades, and cancellations
  • Tracking usage limits: monthly posts, campaigns, connected sites (per your plan)
  • Sending billing notifications, payment confirmations, and subscription renewal reminders
  • Applying billing cycle resets based on your subscription start date

Service Improvement & Analytics

  • Analyzing usage patterns to optimize content generation speed and quality
  • Monitoring system performance and identifying technical issues
  • Understanding feature usage to prioritize improvements and new features
  • Generating anonymized analytics to improve user experience

Communication & Support

  • Sending important account notifications (login alerts, security updates)
  • Providing customer support and responding to your inquiries
  • Sending optional marketing emails about new features, plans, and promotions (opt-out available)
  • Notifying you about service disruptions, maintenance, or policy changes

Security & Fraud Prevention

  • Detecting and preventing unauthorized access to your account
  • Monitoring for suspicious activity, payment fraud, and bot attacks
  • Implementing rate limiting and security measures for API integrations
  • Ensuring compliance with security standards and legal requirements

3. Information Sharing & Third-Party Services

We do NOT sell, trade, or rent your personal information to third parties. We only share data as necessary to provide our service:

Essential Service Providers

  • OpenAI: Your API key is used directly to generate content. We do not share your content with OpenAI beyond the generation request. You control and own your API key.
  • Stripe: Handles all payment processing for subscriptions and add-ons. Stripe is PCI DSS Level 1 certified. We never store your full credit card details.
  • WordPress Sites: Content is published directly to YOUR WordPress sites using YOUR credentials. We do not share your WordPress data with any third party.
  • Amazon (for Affiliate Users): When you use affiliate features, we scrape publicly available product data from Amazon.com. Your Amazon Associate ID is used to generate affiliate links.
  • Google OAuth (Optional): If you sign in with Google, we receive basic profile information (name, email) from Google. You can revoke access anytime via your Google account settings.

Other Legitimate Sharing

  • With Your Explicit Consent: We will ask for permission before sharing data in any other context
  • Legal Compliance: When required by law, court order, or government regulation
  • Security & Fraud Prevention: To protect our users, detect fraud, or prevent abuse of our service
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred (you will be notified)

Important: Your OpenAI API key, WordPress credentials, and affiliate IDs are encrypted at rest and in transit. We implement industry-standard security measures to protect your sensitive data.

4. Data Security Measures

We implement comprehensive security measures to protect your data:

Encryption

  • Data in Transit: All data is transmitted over HTTPS with TLS 1.2+ encryption
  • Data at Rest: Sensitive data (API keys, passwords, credentials) is encrypted using AES-256 encryption
  • Password Hashing: User passwords are hashed using bcrypt with salt
  • API Key Encryption: OpenAI API keys and WordPress application passwords are encrypted before storage

Access Controls

  • Role-based access control (User vs. Admin privileges)
  • Session management with secure, HTTP-only cookies
  • Account lockout mechanisms after failed login attempts
  • Two-factor authentication support (via OAuth providers)

Infrastructure Security

  • Hosted on secure, monitored cloud infrastructure
  • Regular security patches and updates
  • Database backups and disaster recovery procedures
  • Rate limiting and DDoS protection
  • Continuous monitoring for suspicious activity

Application Security

  • Input validation and sanitization to prevent injection attacks
  • CSRF protection on all forms and state-changing operations
  • Secure API endpoints with authentication and authorization checks
  • Bot detection and prevention measures for web scraping features

Note: While we implement industry-standard security measures, no system is 100% secure. We encourage you to use strong, unique passwords and protect your account credentials.

5. Your Rights & Data Control

You maintain full control over your data. You have the right to:

Access & Portability

  • View Your Data: Access all your account information, settings, and generated content from your dashboard
  • Export Content: Download all your blog posts, campaigns, and configurations at any time
  • Data Portability: Request a complete export of your personal data in a machine-readable format

Update & Correction

  • Profile Settings: Update your name, email, and preferences directly in your account settings
  • Integration Credentials: Update or remove OpenAI API keys, WordPress connections, and affiliate IDs anytime
  • Content Management: Edit, delete, or unpublish any generated content from your dashboard

Deletion & Account Closure

  • Account Deletion: Request complete account deletion through your settings or by contacting support
  • Data Retention After Cancellation: Access your data until your current subscription period ends, then it will be permanently deleted
  • Right to be Forgotten: Request permanent deletion of all your personal data (subject to legal retention requirements)

Marketing & Communications

  • Opt-Out: Unsubscribe from marketing emails via the link in any promotional email
  • Notification Preferences: Control which notifications you receive in your account settings
  • Essential Communications: You will still receive critical account and billing notifications

GDPR Rights (EU Users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

6. Cookies & Tracking Technologies

Essential Cookies (Required)

  • Authentication: Session cookies to keep you logged in securely
  • Security: CSRF tokens to prevent cross-site request forgery attacks
  • Preferences: Remember your language, timezone, and UI preferences

Analytics Cookies (Optional)

  • Usage Analytics: Anonymized data about how you use our service to improve features
  • Performance Monitoring: Tracking page load times and error rates to optimize performance
  • A/B Testing: Testing new features and designs to enhance user experience

Third-Party Tracking

  • Stripe: Payment processing cookies (only on checkout pages)
  • Google OAuth: Authentication cookies (only if you sign in with Google)

Control Your Cookies: You can control and delete cookies through your browser settings. Note that disabling essential cookies may impact core functionality.

7. Data Retention & Deletion Policy

Active Accounts

  • Account Data: Retained as long as your account is active
  • Generated Content: Stored indefinitely unless you delete it manually
  • Usage History: Billing cycle data retained for the current month plus 12 months for accounting
  • Campaign History: Retained until you delete the campaign or your account

After Subscription Cancellation

  • Grace Period: You retain full access to your data until your current subscription period ends
  • Export Window: Download all your content and data before your subscription expires
  • Automatic Deletion: Account and content data permanently deleted after subscription expiration (unless you reactivate)
  • Billing Records: Payment history retained for 7 years to comply with tax and accounting regulations

Account Deletion Request

  • Immediate Processing: Account deletion requests are processed within 48 hours
  • Data Removal: All personal data, content, campaigns, and integrations permanently deleted
  • Exceptions: Billing records retained for legal compliance (anonymized where possible)
  • Irreversible: Deletion is permanent and cannot be undone

Legal Retention Requirements

  • Transaction records: 7 years (tax compliance)
  • Security logs: 1 year (fraud prevention)
  • GDPR requests: 3 years (legal compliance)

Important: Content published to your WordPress sites is NOT deleted when you delete your Ritzy Writer account. You must manually remove content from your WordPress sites if desired.

8. Children's Privacy

Ritzy Writer is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@ritzywriter.com. We will promptly investigate and delete any such information from our systems.

Our service requires payment processing and professional content generation capabilities intended for business use, making it inappropriate for minors.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws:

  • EU-US Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements: All third-party service providers sign data processing agreements ensuring GDPR compliance
  • Adequate Safeguards: We ensure equivalent levels of data protection regardless of location

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • Material changes: Email notification to all users at least 30 days before the changes take effect
  • Minor updates: Dashboard notification and "Last Updated" date at the top of this policy
  • Continued use: Your continued use of Ritzy Writer after changes take effect constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Contact Us & Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries:
privacy@ritzywriter.com
Support & Account Issues:
support@ritzywriter.com
GDPR & Data Protection Requests:
dpo@ritzywriter.com
Response Time:
We respond to all privacy inquiries within 48 hours, GDPR requests within 30 days

🔒 Your Privacy Matters: We are committed to protecting your personal information and respecting your privacy rights. If you have any concerns, please don't hesitate to reach out.

🔒 Your Privacy is Protected

Ready to Create ContentSafely & Securely?

Your data is safe with us. Start creating amazing content with complete peace of mind and enterprise-grade security.

🔐 End-to-end encryption
🛡️ GDPR compliant
🔒 Secure API handling