Privacy Policy

1. Who we are

NibPost is a service that turns your Notion workspace into a hosted blog or website, with themes, custom domains, SEO, analytics, and built-in subscriber collection. For any privacy question or request, contact us at privacy@nibpost.com.

2. Information we collect

Account information. When you sign up, we collect your name, email address, and a password (stored only as a salted hash — we never see your plaintext password). We also store session tokens to keep you signed in.

Information from Notion. When you connect Notion, we receive — via Notion's OAuth flow — an access token and your workspace ID, and we read the content of the Notion databases you choose to connect. See Section 3 for the full detail of what we access and store.

Blog configuration. The settings you create: blog name, chosen subdomain, any custom domain, theme and appearance options, field mapping, plan, and trial status.

Your blog's subscribers. Email addresses (and confirmation/unsubscribe tokens, signup source, and subscription status) collected through the subscribe form on a blog you publish. You are the controller of this data; we process it on your behalf (see Section 8).

Your blog's visitor analytics. When someone visits a blog you publish, we record the page path, referrer, any UTM parameters, an approximate location (country and city), the device type, browser, and operating system, a random session identifier, time spent on the page, and link-click events. Importantly: we do not store visitors' IP addresses — the IP is used only momentarily to estimate the approximate country/city (via our host's edge geolocation or, as a fallback, the third-party service ip-api.com) and is then discarded. The session identifier is a random value stored in the visitor's browser sessionStorage (it is not a cookie and is cleared when the tab closes). We do not use advertising or cross-site tracking cookies.

Payment information. Payments are processed by our Merchant of Record, FastSpring. They collect and process your billing and card details directly under their own privacy policy; NibPost never receives or stores your full card number. We retain only a subscription/account identifier and your current plan. (We may add additional payment providers, such as Payoneer, in the future.)

Communications & logs. Messages you send us, and standard technical logs generated by our hosting infrastructure to operate and secure the Service.

3. Data we access from Notion (in detail)

With your authorization, NibPost requests the Notion permissions to read content, read your user information (without your email), and (optionally) insert content to scaffold a starter template. From the Notion databases you connect, we read and store rendered copies of:

• Posts: title, slug, excerpt, full post content, cover and social-share images, meta title and description, publish date, and flags such as featured/gated and tags.
• Pages: title, slug, and page content.
• Tags: name, slug, description, and cover image.
• Authors: name, slug, bio, avatar, and — if you provide them — author email, website, and social handles (Twitter/X, LinkedIn, Facebook, Instagram, YouTube).
• Connection metadata: the Notion access token, workspace ID, and the IDs of the connected databases.

We store these copies in our database so your blog loads quickly and stays online even when Notion is unreachable. We access your Notion only to sync the databases you connected — we do not read other parts of your workspace. You can disconnect Notion or delete your blog at any time, which removes the synced content and revokes the token (you may also revoke NibPost's access from within Notion). Any personal data you place in your Notion content (for example, an author's email) is your responsibility and will be published as part of your blog.

4. How we use information

• To provide, operate, and maintain the Service (sync Notion, render and host your blog, run analytics, deliver emails).
• To authenticate you and keep your account secure.
• To process subscriptions, trials, and refunds (via FastSpring).
• To send you transactional and service emails (and, where you opt in, product updates).
• To respond to your requests and provide support.
• To detect, prevent, and address abuse, fraud, or technical issues.
• To comply with legal obligations.

5. Cookies & tracking

In the NibPost dashboard we use a single essential session cookie to keep you logged in. We do not use advertising or cross-site tracking cookies. The visitor analytics on blogs you publish rely on a random session ID in the browser's sessionStorage rather than cookies, and do not track visitors across other websites.

6. How we share information

We do not sell your personal data. We share it only with service providers ("sub-processors") that help us run the Service, each bound to protect it:

• Notion — the source of your blog content (only the databases you connect).
• Vercel — application hosting, content delivery, and edge geolocation.
• ip-api.com — fallback IP-based geolocation (country/city only; IP not stored by us).
• FastSpring — payment processing as Merchant of Record.
• Resend — delivery of transactional emails and your blog's newsletter campaigns.

We may also disclose information if required by law, to enforce our Terms, to protect the rights and safety of users or the public, or in connection with a merger, acquisition, or sale of assets (you will be notified of any such change).

7. Data retention & deletion

We retain your account and blog data for as long as your account is active. If you delete your account (or it is scheduled for deletion), we remove your personal data and synced Notion content from our active systems, except where we must retain limited records to comply with legal, tax, or accounting obligations. Residual copies may persist in encrypted backups for a limited period before being overwritten. You can request deletion at any time by emailing privacy@nibpost.com.

8. Your role as a blog owner (controller vs. processor)

For your own account information, NibPost is the data controller. For the subscriber emails and visitor analytics of blogs you publish, you are the data controller and NibPost acts as your data processor. You are responsible for having an appropriate privacy notice on your blog, a lawful basis for collecting your visitors' and subscribers' data, and for honoring their privacy rights.

9. Your rights

Depending on where you live (for example under the EU/UK GDPR or the CCPA), you may have the right to access, correct, delete, export, or restrict the processing of your personal data, to object to certain processing, and to withdraw consent. To exercise any of these, email privacy@nibpost.com; we will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

10. International data transfers

NibPost and its providers may process your data in countries other than your own, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

11. Security

We protect your data with measures including encryption in transit (HTTPS), hashed passwords, and access controls. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. We will post the new version here and update the "Last updated" date; material changes may also be notified by email.

14. Contact us

Questions about this Policy or your data? Email privacy@nibpost.com or hello@nibpost.com.