Back to CandleBlog

Privacy Policy

Last updated: April 12, 2026

CandleBlog (“we,” “us,” or “the Service”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use CandleBlog, including all features and subdomains operated by CandleBlog.

By using CandleBlog, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password (stored encrypted). If you sign up with Google OAuth, we receive your name, email, and profile picture from Google.

Profile Data: Information you choose to add to your profile — bio, headline, location, website, avatar, background image, experience, education, certifications, and pronouns.

Content: Articles, comments, likes, saved posts, and any other content you create or interact with on the Service.

Usage Data: IP address, browser type, device information, pages visited, time spent, and interaction patterns. This is collected automatically via cookies and similar technologies.

Payment Data: If you subscribe or withdraw earnings, we collect payment method details via our third-party payment processor (e.g., Stripe). We do not store full credit card numbers on our servers.

Referral Data: Referral codes, referral relationships, and tree structure to calculate your RRR discount.

2. How We Use Your Data

  • To provide and operate the Service
  • To authenticate you and secure your account
  • To process subscriptions, payouts, and referral tracking
  • To calculate earnings and platform fees based on views and RRR
  • To display your content to other users as you have configured
  • To send transactional emails (verification, withdrawal confirmations, security alerts)
  • To detect and prevent fraud, abuse, and violations of our Terms
  • To improve the Service through aggregate analytics
  • To comply with legal obligations

3. Legal Basis (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data on the following legal bases:

  • Contract: To provide the Service you've signed up for.
  • Legitimate interest: To secure the Service, prevent fraud, and improve features.
  • Consent: For marketing emails and optional cookies (you can withdraw consent anytime).
  • Legal obligation: To comply with tax, accounting, and law enforcement requests.

4. Sharing Your Data

We do not sell your personal data. We share data only with:

  • Service providers: Hosting (Cloudflare, AWS), payments (Stripe, PayPal), email delivery, analytics, and AI services. These providers are contractually bound to handle your data securely.
  • Public content: Articles, comments, profile info you publish are visible to everyone on the Service.
  • Legal requirements: When required by law, court order, or to protect our rights, users, or the public.
  • Business transfers: If CandleBlog is acquired, your data may transfer to the new owner under this Privacy Policy.

5. Your Rights (GDPR / CCPA)

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data via your profile settings.
  • Erasure (Right to be Forgotten): Delete your account and all associated data from Settings → Danger Zone → Delete my account.
  • Portability: Request your data in a machine-readable format.
  • Restriction: Limit how we process your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: For any consent-based processing.
  • Complaint: Lodge a complaint with your local data protection authority.

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@chapteral.com or use the account settings page where applicable.

6. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, we delete your profile, content, and personal data within 30 days, except where we are required by law to retain certain information (e.g., financial records for tax purposes, which we may retain for up to 7 years in anonymized form).

7. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, secure password hashing (bcrypt), and access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and you use the Service at your own risk.

8. International Transfers

CandleBlog operates globally. Your data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection. By using the Service, you consent to such transfers.

9. Cookies

We use cookies for authentication, preferences, analytics, and (if applicable) advertising. You can control cookies through your browser settings. Disabling cookies may limit functionality of the Service.

10. Children's Privacy

CandleBlog is not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If we discover such data, we will delete it promptly.

11. Third-Party Links

Articles on CandleBlog may contain links to third-party sites. We are not responsible for the privacy practices of those sites. Review their privacy policies before providing personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Service. Continued use of CandleBlog after changes constitutes acceptance of the updated Policy.

13. Contact

For privacy questions or to exercise your rights, contact us at privacy@chapteral.com.

See also: Terms of Service · Refund Policy