Privacy Policy
| Operator | blogger4me (ABN 46 930 759 486) |
| ABN | 46 930 759 486 |
| Contact | hello@blogger4me.com |
| Postal address | 416A Nepean Highway, Chelsea Heights, Victoria, Australia 3196 |
| Jurisdiction | Victoria, Australia |
| Last updated | 20 May 2026 |
| Effective date | 31 May 2026 |
| Next review | 30 November 2026 |
1. Plain-English Summary
We sell downloadable PDF kits to bloggers. To do that, we collect your first name, your email address, your blog URL, and your blog name at checkout. We use Stripe to process your payment, Resend to email you the kit, Supabase to keep your order record, and Kit (ConvertKit) to send you marketing emails if you opt in.
We never sell your data. We don't share your email with other companies. You can ask to see what we hold, correct it, or delete it at any time by emailing hello@blogger4me.com.
If you're in the EU or UK, this policy gives you the GDPR rights you're entitled to — access, rectification, erasure, portability, objection, and withdrawal of consent. If you're in Australia, this policy aligns with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
The rest of this document is the detail behind those statements.
2. What Data We Collect, Why, and Where It Goes
| Data | When collected | Why we need it | Where it lives | How long we keep it |
|---|---|---|---|---|
| First name | At Stripe Checkout | Personalises your kit | Stripe + Supabase + Kit (if you opted in) | 7 years (tax) / until you ask us to delete it from Kit |
| Email address | At Stripe Checkout | Delivers the kit. Sends receipt. Sends marketing emails if you opted in. | Stripe + Supabase + Resend + Kit (if you opted in) | 7 years (tax) / until you unsubscribe from Kit |
| Blog URL | At Stripe Checkout | Personalises the kit with your actual website | Stripe + Supabase | 7 years (tax) |
| Blog name | At Stripe Checkout | Personalises the kit with your actual blog name | Stripe + Supabase | 7 years (tax) |
| Billing country | Auto-detected by Stripe at checkout | Routes you to the correct kit variant (A4 + AU English for AU/UK/NZ/EU/RoW; US Letter + US English for US/CA). This routing is automated based on your billing country; you don't make a manual choice. | Stripe + Supabase | 7 years (tax) |
| Payment information (card details) | At Stripe Checkout | To process your payment | Stripe only — we never see or store your card details | Per Stripe's retention policy |
| Pages visited on blogger4me.com | If you accept analytics cookies | To understand which pages help bloggers and which don't | Google Analytics 4 (anonymised) | 14 months |
| IP address | Auto-logged by Vercel + Stripe | Fraud prevention. Security logging. | Vercel + Stripe security logs | 90 days (Vercel) / per Stripe |
| Support emails | If you email us | To answer your question | Gmail (or our chosen support inbox) | 24 months after last contact |
| Marketing consent (opt-in or opt-out) | At Stripe Checkout (separate optional checkbox) | Establishes the legal basis for sending you marketing emails and the abandoned cart sequence | Stripe + Supabase | Until you unsubscribe + 30-day operational grace, then permanent deletion |
We only collect the four checkout fields above (name, email, blog URL, blog name). We do not ask for your date of birth, phone number, mailing address, niche, audience size, traffic level, income level, or any other identifying information. Your niche is implicit from the kit you buy.
Abandoned cart sequence: Stripe Checkout includes an optional checkbox where you can opt in to our marketing emails. If you tick the box and then leave checkout without completing your purchase, we may send you a short follow-up sequence (maximum three messages) via Resend. If you didn't tick the box, no follow-up is sent. Every message includes a functional unsubscribe link and our sender identification, consistent with the Spam Act 2003 (Cth) and the GDPR consent / withdrawal requirements.
3. Who Else Processes Your Data (Sub-Processors)
We use other businesses to operate blogger4me. Each one is a "sub-processor" under GDPR terminology. Here is the full list:
| Sub-processor | What they do | Where they store data | Data Processing Agreement |
|---|---|---|---|
| Stripe | Processes your payment | United States, with Standard Contractual Clauses (SCCs) for EU/UK buyers | stripe.com/legal/dpa |
| Vercel | Hosts the blogger4me.com website and runs the PDF generation function | United States, with SCCs for EU/UK | vercel.com/legal/dpa |
| Supabase | Stores your order record (name, email, blog details, what you bought) | Oceania (Sydney, ap-southeast-2), with SCCs for EU/UK buyers | supabase.com/legal/dpa |
| Resend | Sends the transactional email that delivers your kit | United States, with SCCs | resend.com/legal/dpa |
| Kit (ConvertKit) | Sends marketing emails if you opt in | United States, with SCCs | kit.com/legal/dpa |
| Google (Analytics 4) | Anonymised website analytics if you accept cookies | United States, with SCCs | business.safety.google/processorterms/ |
If we add or change a sub-processor, we update this list before the change takes effect.
4. International Transfers
Most of our sub-processors are based in the United States. Supabase order records are stored in Oceania (Sydney, ap-southeast-2 region). We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for transferring your personal data outside the EU/UK to US-based sub-processors.
For Australian buyers, the Australian Privacy Principles (APP 8) require us to take reasonable steps to ensure overseas recipients handle your data consistently with the APPs — the SCCs and each sub-processor's published DPA satisfy that obligation.
5. Lawful Basis for Processing (GDPR)
If you're in the EU or UK, GDPR requires us to tell you the legal basis we rely on for each kind of processing:
| Processing | Lawful basis |
|---|---|
| Storing your order, delivering the kit, sending the receipt | Contract — Article 6(1)(b). We need this data to deliver what you bought. |
| Sending marketing emails | Consent — Article 6(1)(a). You opt in at signup. You can withdraw at any time via one-click unsubscribe. |
| Analytics cookies (GA4) | Consent — Article 6(1)(a). You decide via the cookie banner. |
| Fraud prevention, security logging | Legitimate interests — Article 6(1)(f). We have a legitimate interest in preventing fraud and securing our systems. |
| Keeping records for tax and consumer law | Legal obligation — Article 6(1)(c). Australian tax law and consumer law require us to keep certain records. |
6. Your Rights
Whether you're in Australia, the EU, or the UK, you have the following rights over the data we hold about you. To exercise any of them, email hello@blogger4me.com with the subject line "Privacy request".
| Right | What it means | How we respond |
|---|---|---|
| Access | See a copy of all data we hold about you | We send a CSV or JSON file within 30 days of your request (the maximum allowed under both GDPR Article 12 and APP 12 — usually we respond within 5 business days) |
| Rectification | Correct anything that's wrong | We update the record on the same day and confirm |
| Erasure (right to be forgotten) | Delete your data | We delete your data on request, except where retention is required by law: (a) financial transaction records — 7 years under ATO rules; (b) evidence of consumer guarantee claims — 6 years under the ACL statute of limitations; (c) any record subject to a current dispute. Marketing list deletion is immediate. We tell you which records we're keeping and why. |
| Portability | Get your data in a machine-readable format | CSV or JSON, within 30 days |
| Object | Stop us using your data for marketing | We unsubscribe you immediately. One click on any email also does this. |
| Withdraw consent | Change your mind about marketing or cookies | One-click unsubscribe (marketing) or the cookie banner (analytics) |
If we can't action your request, we explain why in writing. You always have the right to complain to your local privacy regulator — for Australians, that's the Office of the Australian Information Commissioner (OAIC). For EU residents, the supervisory authority in your country. For UK residents, the Information Commissioner's Office (ICO).
7. Marketing Emails and Unsubscribe
If you opt in to marketing emails, we send you occasional updates about new kits, refinements to existing kits, and post-publish distribution tips. We use Kit (ConvertKit) to send them. Every marketing email includes:
- A clear identification of who's sending it (blogger4me)
- Our legal entity name, ABN, and postal address in the footer
- A one-click unsubscribe link
- Sender information that remains accurate for at least 30 days after sending
This satisfies the Spam Act 2003 (Cth) and the GDPR consent / withdrawal requirements simultaneously.
We do not buy email lists. We do not sell our email list. We do not share our email list with any third party, ever.
8. Cookies
We use cookies on blogger4me.com. The full breakdown is in the Cookie Policy at blogger4me.com/cookie-policy. In short:
- Strictly necessary cookies (session, checkout) — always on, no consent required
- Analytics cookies (Google Analytics 4) — only fire if you accept them via the cookie banner
EU and UK visitors see a banner with real "Accept" and "Reject" buttons before any analytics cookies are set. Australian visitors see the same banner — we apply the strictest standard globally rather than discriminating by location.
9. Data Breach Notification
If we discover a data breach that's likely to cause serious harm:
- For all affected individuals globally, we notify you directly as soon as practicable after we become aware of the breach and complete our assessment.
- For Australian buyers under the Notifiable Data Breaches scheme, we have up to 30 calendar days from becoming aware to assess whether the breach is "eligible" — and we notify the OAIC and affected individuals as soon as practicable once assessed.
- For EU and UK buyers under GDPR Article 33, we notify the relevant supervisory authority within 72 hours of becoming aware of the breach where feasible.
In practice: if your data is exposed, you'll hear from us directly with what happened, what we're doing about it, and what (if anything) you should do.
10. Children
blogger4me's kits are sold to adult bloggers. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected data from a child under 16 — whether you're the child, a parent, a guardian, or a third party — email hello@blogger4me.com with the subject "Child data" and we will delete the data within 5 business days.
We monitor regulatory developments in this area, including Australia's Children's Online Privacy Code (expected registered by 10 December 2026), and will update this policy if scope changes.
11. Changes to This Policy
We update this policy when our practices change, when a new sub-processor is added, or when the law changes. The Australian Privacy Act small business exemption applies to blogger4me at launch. Tranche 2 reforms to remove this exemption have been agreed in principle by government but have not been legislated as at May 2026 — expected 2026–2027. blogger4me operates as if the Privacy Act applies in full from launch, so no major policy change will be required when Tranche 2 takes effect.
Material changes are notified to current buyers by email at least 14 days before they take effect. The version number and "last updated" date at the top of this policy always reflect the current version.
12. Contact
| hello@blogger4me.com | |
| Subject line | "Privacy request" (helps us route it correctly) |
| Response time | 30 days maximum; usually within 5 business days |
| Postal address | 416A Nepean Highway, Chelsea Heights, Victoria, Australia 3196 |
If you're not satisfied with our response, you can complain to your local privacy regulator (see Section 6).