Home / Legal

Privacy Policy

Last updated: June 26, 2026

This Privacy Policy describes how Blitz Agent ("we", "us") collects, uses, shares, and protects personal data when you use our website at blitzagent.studio, web application, and APIs (collectively, the "Service").

For questions or requests, contact [email protected].

1. Who we are

Blitz Agent is an AI agent and system prompt builder for teams. We act as the data controller for personal data described in this policy, except where we process data solely on behalf of customers as a processor under a separate agreement.

2. Data we collect

Account and profile data

Product and usage data

Payment data

Payments are handled by Stripe. We receive billing metadata (such as customer ID, plan, and transaction status) but do not store full payment card numbers on our servers.

Technical data

3. How we use data

We process personal data to:

We do not use your prompts or project content to train public foundation models. When you invoke AI features, your inputs are transmitted to the LLM provider needed to fulfill that request.

4. Legal bases (EEA/UK)

Where GDPR applies, we rely on:

5. Sharing and subprocessors

We share data with service providers that help us operate the Service:

Providers are bound by contractual obligations to protect data and process it only on our instructions. We may also disclose data if required by law or to protect rights, safety, and security.

6. International transfers

We may process data in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms for transfers from the EEA/UK.

7. Retention

We retain personal data while your account is active and for a limited period afterward where needed for billing, security, dispute resolution, or legal compliance. You may export or delete your account from Account privacy settings. Some logs or backups may persist for a short period before automatic deletion.

8. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure; please use a strong password and protect your credentials.

9. Your rights

Depending on your location, you may have the right to:

California residents may have additional rights under the CCPA/CPRA, including knowing what personal information is collected and requesting deletion, subject to exceptions. We do not sell personal information as defined by the CCPA.

Submit requests via Account privacy settings or email [email protected]. We may verify your identity before fulfilling requests.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided data and we will delete it.

11. Cookies

We use essential cookies for sign-in and optional Google Analytics. Details are available in our Cookie Policy, accessible from the site footer and cookie banner.

12. Changes

We may update this policy when our practices change. We will post the revised policy here and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.

13. Contact

[email protected]