Legal

Privacy Policy

If you want to understand how BlackSheet collects, stores, uses, shares, protects, and deletes personal data, you are in the right place. This policy explains what happens when you visit blacksheet.io, join our list, request a demo, contact us, apply for a role, or use BlackSheet services.

Effective date: May 24, 2026

Introduction

BlackSheet cares about privacy and is committed to handling personal data responsibly. This Privacy Policy describes how personal data is collected, stored, used, shared, protected, retained, and deleted in connection with BlackSheet websites, products, forms, communications, early access programs, founder plans, career applications, and related services.

The way we process personal data may depend on how you interact with BlackSheet. A visitor reading our website, a person joining the founding list, a creator building a product, a customer buying from a creator, and a candidate applying for a job may each involve different categories of personal data and different processing purposes.

Please read this Privacy Policy before using BlackSheet services. By accessing our website or using our services, you understand that your personal data may be processed as described below. This policy should be read together with any BlackSheet terms, product terms, checkout terms, data processing terms, or other notices that apply to your use of a specific BlackSheet service.

This policy may be updated from time to time. When we make material changes, we may notify registered users by email, product notice, website notice, or another reasonable method. The updated policy will apply from the effective date shown on this page unless a different date is stated.

Overview

This Privacy Policy explains: how and why BlackSheet processes personal data, when personal data may be shared, how users can manage their data, and what rights may be available depending on applicable law.

This policy applies to blacksheet.io, BlackSheet subdomains, BlackSheet product interfaces, forms, pages, applications, communications, support channels, checkout flows, and any other place where BlackSheet makes services available.

BlackSheet may process personal data as a business operating its own website, platform, billing, support, marketing, security, hiring, and product systems. BlackSheet may also process data in connection with products, pages, communities, offers, checkout flows, emails, automations, and other experiences that creators build using the Platform.

We do not sell personal data for money. We may share personal data with service providers, payment processors, creators, integrations, advisers, and authorities only as described in this policy or where otherwise permitted by law.

Glossary

Personal data means any information that identifies you or could reasonably be used to identify you, either directly or when combined with other information.

Processing means any operation performed on personal data, including collection, storage, use, access, analysis, sharing, transfer, correction, deletion, or protection.

Platform means BlackSheet websites, software, product interfaces, forms, checkout experiences, content tools, community tools, automation tools, email tools, and related services.

Creator Content means content, pages, products, lessons, downloads, emails, offers, communities, podcasts, newsletters, media, templates, and other material created or uploaded by a BlackSheet user.

Creator Data means personal data a creator uploads, imports, or collects through their BlackSheet workspace, including buyer, lead, member, subscriber, or customer data.

Customer Data means personal data related to people who purchase, join, subscribe, enroll, request access, or otherwise interact with a creator’s products, offers, pages, or communities through BlackSheet.

Visitor means a person who visits a BlackSheet website or page without creating an account or logging in.

User means any person who interacts with BlackSheet, including visitors, creators, customers, buyers, subscribers, members, leads, job applicants, and support contacts.

Service Provider means a third-party company, contractor, tool, or platform that helps BlackSheet operate, secure, analyze, support, bill, communicate, or improve the Platform.

1. Personal Data Processed by BlackSheet

The personal data processed by BlackSheet may vary depending on how you interact with the Platform, whether you are a visitor, early access applicant, creator, customer, buyer, job applicant, partner, or support contact.

Personal data may be provided directly by you, collected automatically, generated through your use of the Platform, received from service providers, or provided by creators using BlackSheet.

We collect only the data that is reasonably connected to operating the Platform, communicating with you, supporting users, processing payments, improving the product, protecting our services, complying with law, and enabling creators to build and manage their businesses.

Categories of personal data we may process

Registration and account data: name, email address, phone number, business name, role, password, workspace information, profile information, and account preferences.
Contact and enquiry data: demo requests, early access requests, messages, support requests, career applications, partnership enquiries, and form submissions.
Business and creator data: product ideas, launch stage, offer type, audience size, pricing interest, plan interest, website preferences, and business goals.
Payment and transaction data: plan selected, billing name, billing email, billing address, payment status, transaction amount, invoice details, refund details, tax information, and payment metadata.
Platform usage data: pages viewed, features used, clicks, searches, settings, product setup steps, content interactions, enrollment activity, checkout activity, and support history.
Device and log data: IP address, browser, device type, operating system, access dates and times, referring pages, session data, error logs, cookies, and similar technical identifiers.
Creator Content and Customer Data: content, leads, buyers, members, subscribers, course progress, access status, purchase history, community participation, messages, and other information managed through a creator workspace.
Offline or event data: information collected when you meet us at an event, join a workshop, attend a webinar, participate in a survey, or communicate with us outside the Platform.

Payment and billing details

When you purchase, reserve, subscribe to, or pay for a BlackSheet plan, we may receive payment-related information from payment processors. This may include the transaction amount, payment status, billing name, billing email, billing address, country, postal code, last four digits of a card, card brand, invoice information, refund status, dispute information, tax information, and fraud or risk signals. We do not intend to store full card numbers or sensitive card verification data on BlackSheet systems unless a payment provider makes that information available in a legally permitted and security-controlled way.

Creator workspace and customer information

If you use BlackSheet as a creator, you may upload or collect customer, lead, buyer, member, student, subscriber, community, and product data. This can include names, emails, purchase records, access status, messages, product participation, course progress, downloads, form answers, community activity, support notes, and other information needed to deliver your products or operate your business.

Career and hiring information

If you apply for a job or contact us about work opportunities, we may process your name, email, phone number, location, resume, portfolio, work history, skills, interview notes, compensation expectations, references, and communications relating to the hiring process.

1.1 Personal Data Collected Directly From You

We collect personal data directly from you when you create an account, join a waitlist, request a demo, submit a form, contact support, apply for a role, purchase or reserve a plan, configure your workspace, publish content, upload files, send messages, or otherwise interact with BlackSheet.

You may also provide personal data when you answer onboarding questions, choose a plan, describe what you want to build, upload content, invite team members, create offers, configure pricing, connect a domain, create email campaigns, set automations, manage members, or use checkout and access features.

Some fields may be required to provide a service, while other fields may be optional. If a field is optional, you can choose whether to provide it. If required information is not provided, certain features may not work or we may be unable to respond to your request.

1.2 Optional, Public, and Creator-Provided Data

Some Platform fields may be optional and are used to personalize the service or improve your experience. Some information you publish, such as public profile details, product pages, biographies, sales pages, community posts, testimonials, or public resources, may be visible to people inside or outside the Platform depending on your settings.

If you are a creator, you are responsible for the personal data you collect from your audience, buyers, members, or subscribers through BlackSheet. You should only collect and upload information you are permitted to process.

Public or shareable content can be indexed, copied, reshared, downloaded, or viewed by people who have access to the page or resource. Before publishing a page, testimonial, post, bio, product description, case study, lesson, comment, or member-facing resource, make sure you have the right to share any personal data included in that content.

1.3 Personal Data From Third Parties

We may receive personal data from third parties such as payment processors, authentication providers, analytics providers, advertising platforms, integration partners, anti-fraud tools, support tools, event partners, or creators using BlackSheet. For example, if you sign in through a third-party service, we may receive profile or account information allowed by that service.

We may also receive information from service providers that help with fraud detection, tax handling, payment verification, email delivery, message delivery, customer support, analytics, or security. If you interact with a creator using BlackSheet, that creator may provide or collect personal data about you through BlackSheet pages, forms, products, checkouts, communities, or access flows.

Where legally permitted, we may use third-party information to verify account details, detect suspicious behavior, prevent abuse, confirm payment status, personalize communication, or complete a transaction you requested.

1.4 Automatically Collected Data

When you access the Platform, we may automatically collect usage, device, log, cookie, and transaction-related information. This may include pages viewed, links clicked, browser type, device details, IP address, approximate location, referral source, session activity, checkout events, form activity, product usage, and error data.

Automatic data may also include the pages you visited before and after using BlackSheet, time spent on pages, feature interactions, scroll activity, email engagement, campaign source, operating system, language settings, device identifiers, crash reports, diagnostic data, and security signals.

We use this information to understand how the Platform performs, identify broken flows, improve product design, personalize experiences, measure marketing, detect fraud, protect accounts, maintain logs, and troubleshoot technical issues.

2. Purposes of Processing Personal Data

BlackSheet processes personal data for the purposes below, depending on your relationship with us, the services you use, and the actions you take on the Platform.

2.1 Providing and developing the Platform

Create, authenticate, administer, and secure user accounts and workspaces.
Enable creators to build pages, products, courses, downloads, communities, checkout flows, email journeys, automations, member access, and customer records.
Process form submissions, demo requests, founder access requests, onboarding answers, workspace setup, plan selection, and product configuration.
Publish Creator Content and deliver access to buyers, members, subscribers, students, or customers according to the creator’s settings.
Maintain purchase history, access history, support context, account settings, preferences, product states, and platform activity records.
Develop, test, debug, monitor, and improve product features, page performance, checkout reliability, email delivery, automation logic, and user experience.

2.2 Personalization, analytics, and product improvement

We may use personal data to understand how users move through the Platform, what features are used, where users encounter friction, and what improvements are needed. This may include analysis of browsing behavior, product usage, campaign source, audience segments, device data, support patterns, and conversion paths.

We may also use aggregated or de-identified information to measure product health, plan capacity, launch readiness, performance, user demand, and business metrics. Aggregated or de-identified information is not intended to identify a specific person.

2.3 Marketing, education, and communications

Send newsletters, launch updates, early access messages, product announcements, event invitations, educational resources, and founder access information.
Follow up after demo requests, contact forms, resource downloads, webinars, surveys, support conversations, or plan enquiries.
Measure marketing campaigns, referral sources, email engagement, website visits, and ad performance where permitted.
Show relevant content or messages based on user interests, business stage, product format, or prior interaction with BlackSheet.

2.4 Payments, billing, and plan administration

We process personal data to handle plan purchases, founder lifetime reservations, subscriptions, invoices, renewals, cancellations, upgrades, refunds, disputes, chargebacks, tax records, billing support, payment status, and fraud or risk checks. We may also process plan interest and business stage information to help users select a suitable plan.

2.5 Security, fraud prevention, and platform integrity

We process personal data to authenticate users, verify activity, prevent unauthorized access, detect suspicious behavior, investigate abuse, enforce usage rules, maintain logs, protect accounts, prevent spam, identify security incidents, and protect the Platform, creators, customers, team members, and the public.

2.6 Support, hiring, and business operations

We process personal data to respond to enquiries, provide customer support, troubleshoot technical issues, manage onboarding, maintain support notes, route messages to the correct team, process career applications, schedule interviews, evaluate candidates, manage contracts, and operate internal business systems.

2.7 Legal and compliance purposes

We may process personal data to comply with legal obligations, maintain tax and accounting records, respond to lawful requests, cooperate with authorities, resolve disputes, enforce agreements, defend legal claims, protect legal rights, and document important business decisions.

3. Legal Bases of Processing

Where applicable privacy laws require a legal basis, BlackSheet may process personal data based on consent, performance of a contract, steps taken before entering into a contract, compliance with legal obligations, legitimate interests, protection of rights, or other legal bases permitted by applicable law.

3.1 Consent

We may process personal data based on your consent when you subscribe to optional marketing, agree to cookies where consent is required, join a voluntary program, submit optional information, participate in surveys, or authorize a specific integration or sharing activity. You may withdraw consent at any time where the processing is based on consent.

3.2 Contract and pre-contract steps

We may process personal data when needed to provide the Platform, manage accounts, process payments, deliver product access, send transaction messages, provide support, or take steps you request before entering into a contract, such as responding to a demo request or plan enquiry.

3.3 Legal obligations

We may process personal data when required to comply with tax, accounting, consumer protection, security, employment, corporate, fraud prevention, data protection, or other legal and regulatory requirements.

3.4 Legitimate interests

We may process personal data based on legitimate interests where permitted by law, including improving the Platform, protecting users, detecting abuse, communicating with users, measuring performance, maintaining records, running business operations, and developing new services. When relying on legitimate interests, we consider the purpose, necessity, user expectations, and potential impact on privacy.

3.5 Legal claims and protection of rights

We may process personal data when needed to establish, exercise, investigate, defend, or resolve legal, administrative, regulatory, contractual, or security matters.

3.6 Summary of legal bases

Consent: when you agree to receive marketing, join optional programs, or provide information for a specific purpose.
Contract: when processing is needed to provide services, manage accounts, process payments, deliver access, or support your use of BlackSheet.
Legal obligation: when we need to retain records, process tax or billing information, respond to lawful requests, or meet compliance obligations.
Legitimate interest: when we improve the Platform, prevent abuse, secure our services, communicate with users, analyze performance, or operate our business in a way users can reasonably expect.
Legal claims and protection: when processing is needed to establish, exercise, or defend rights in legal, administrative, or regulatory matters.

4. Processing on Behalf of Creators

Creators may use BlackSheet to collect, upload, manage, or process personal data relating to their customers, buyers, students, members, leads, subscribers, or community participants. In some cases, BlackSheet processes this Creator Data on behalf of the creator and according to the creator’s instructions. In other cases, BlackSheet and the creator may each act independently for their own lawful purposes, such as platform operations, fraud prevention, payments, support, compliance, and service improvement.

Creators are responsible for telling their audience how they use personal data and for obtaining any permissions required to collect or process that data through BlackSheet.

4.1 Creator-controlled data

Creator Data may include buyer records, leads, subscribers, members, students, form answers, access status, purchase history, course progress, community activity, files, support notes, customer tags, segmentation data, email lists, and other information a creator chooses to collect or import.

When a creator decides what data to collect, why to collect it, how to use it, and who should receive access, the creator is responsible for those decisions. BlackSheet provides the infrastructure, tools, and processing needed to operate the creator’s workspace.

4.2 Customer data shared with creators

When a customer, buyer, student, member, subscriber, or lead interacts with a creator’s page, product, offer, form, checkout, community, email, or access flow, BlackSheet may make relevant Customer Data available to that creator so the creator can deliver the product, provide support, manage access, understand purchases, communicate with the customer, and operate their business.

4.3 Creator responsibility

Creators should maintain their own privacy notices where required, collect only appropriate information, honor customer rights, avoid uploading data they are not permitted to use, and configure forms, emails, automations, and integrations in a lawful way.

4.4 BlackSheet platform use of creator-related data

BlackSheet may use creator-related data for platform administration, security, payments, fraud prevention, support, analytics, service improvement, legal compliance, and other purposes described in this policy, even where the creator also uses that data for their own business purposes.

5. Retention of Personal Data

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to provide services, maintain account records, comply with legal obligations, resolve disputes, prevent fraud, enforce agreements, and support legitimate business needs.

Retention periods may vary based on the type of data, the account status, legal requirements, security needs, tax or accounting rules, and whether the information is part of Creator Content, Customer Data, support records, billing records, or business records.

5.1 When processing may end

Personal data may no longer be actively processed when the purpose has been fulfilled, the data is no longer needed for that purpose, an account is closed, a contract ends, consent is withdrawn where consent is the legal basis, or deletion is required by law.

5.2 Residual retention

Some personal data may be retained after account closure or deletion requests if needed for legal, tax, accounting, security, backup, fraud prevention, dispute resolution, audit, or legitimate business purposes. Access to retained data is limited to people and systems that need it for those purposes.

5.3 Backup and technical retention

Data removed from active systems may remain in backups or logs for a limited period until those systems are overwritten or deleted in the ordinary course of operations. We apply safeguards intended to prevent routine access to backup data except where restoration, security, or legal needs require it.

5.4 Creator workspace retention

Creator Content and Customer Data may be retained according to the creator’s settings, account status, product delivery obligations, customer access needs, and applicable legal requirements. If you are a customer of a creator, some requests about Creator Data may need to be directed to or coordinated with that creator.

6. Sharing of Personal Data

BlackSheet does not sell personal data for money. We may share personal data only when needed for the Platform, business operations, legal compliance, security, or user-requested integrations.

6.1 User consent or direction

We may share personal data when you direct us to do so, such as when you connect an integration, submit a form to a creator, authorize a payment, request support, register for an event, apply for a role, or otherwise consent to a specific sharing activity.

6.2 Service providers

We may share personal data with service providers that help us host, operate, secure, analyze, improve, support, market, bill, and communicate through the Platform. These providers may include infrastructure hosts, database providers, email providers, analytics tools, customer support tools, security providers, payment processors, accounting tools, automation tools, communication tools, and technical contractors.

6.3 Payments, tax, fraud, and billing

Payment and billing data may be shared with payment processors, card networks, banks, tax tools, accounting providers, anti-fraud providers, dispute management providers, and other entities needed to process payments, prevent fraud, verify transactions, comply with law, issue invoices, handle refunds, or resolve chargebacks.

6.4 Creators and creator customers

If you interact with a creator through BlackSheet, we may share relevant information with that creator, such as your name, email address, purchase details, access status, product participation, form answers, messages, course progress, community activity, and support context. We may also display creator-provided public content to visitors, customers, members, or subscribers according to the creator’s settings.

6.5 Integrations and third-party services

If a creator or user connects a third-party tool, BlackSheet may share personal data with that tool according to the integration configuration. This can include payment tools, email tools, analytics tools, ad platforms, CRM systems, video providers, calendar tools, support tools, file storage tools, and automation services.

6.6 Advertising and analytics providers

Where permitted by law, we may share limited identifiers, event data, cookie data, or usage data with analytics and advertising providers to measure campaigns, understand performance, improve audience relevance, limit repetitive ads, or understand how visitors find BlackSheet. You may have controls through cookie settings, browser settings, device settings, or opt-out mechanisms provided by those providers.

6.7 Professional advisers and business operations

We may share personal data with lawyers, accountants, auditors, insurers, investors, security advisers, consultants, and other professional advisers where reasonably necessary for business operations, compliance, financing, insurance, corporate governance, risk management, or dispute resolution.

6.8 Legal requests, safety, and protection

We may share personal data with courts, regulators, law enforcement, government authorities, or other parties when we believe disclosure is required or permitted by law, necessary to comply with legal process, needed to protect safety, or needed to investigate fraud, security incidents, abuse, illegal activity, violations of terms, or threats to rights and property.

6.9 Corporate transactions

If BlackSheet is involved in a merger, acquisition, financing, reorganization, sale of assets, transfer of business, or similar transaction, personal data may be shared with or transferred to relevant parties as part of that transaction, subject to appropriate safeguards where required.

6.10 Sharing summary

With your consent: when you authorize a specific sharing activity.
With service providers: hosting, cloud infrastructure, email delivery, analytics, customer support, automation, security, payment, accounting, and communication providers.
With payment processors: to process payments, refunds, invoices, taxes, disputes, chargebacks, and fraud checks. Full card details are handled by payment providers under their own terms and policies.
With creators: when customers, students, members, leads, or buyers interact with creator content, products, offers, checkouts, communities, or pages through BlackSheet.
With customers or visitors: when creators publish public content, profile details, product pages, offer pages, or community content that is intended to be visible.
With integrations: when you connect third-party services, apps, APIs, payment tools, analytics tools, email tools, or automation tools to BlackSheet.
With professional advisers: lawyers, accountants, auditors, insurers, security advisers, and business advisers when needed.
With authorities or legal parties: when required by law, legal process, government request, court order, or when needed to prevent harm, fraud, abuse, or security incidents.
With business successors: in connection with a merger, acquisition, investment, financing, restructuring, sale of assets, or similar business transaction.

7. Integrations and Third-Party Services

The Platform may allow you to connect or use third-party services, such as payment processors, analytics tools, email tools, social platforms, video tools, form tools, automation services, customer support tools, or calendar tools. When you connect or use these services, personal data may be shared with them according to your settings and their policies.

BlackSheet is not responsible for the privacy practices of third-party services. You should review their terms and privacy policies before using them.

7.1 User-configured integrations

Creators may connect third-party services to a BlackSheet workspace to support email delivery, payment processing, analytics, ads, CRM workflows, video hosting, domains, webhooks, file storage, calendars, support, or automation. The data shared depends on the integration, the permissions granted, and the workflow configured by the user.

7.2 Direct interaction with third parties

If you click a link, watch embedded media, complete a payment, sign in through another service, or interact with a tool operated by a third party, that third party may collect personal data directly from you. Their privacy policy, terms, and settings apply to their processing.

7.3 Responsibility for connected services

Creators are responsible for choosing integrations that are appropriate for their audience and for configuring those integrations in a lawful way. BlackSheet may limit, suspend, or remove integrations that create security, privacy, legal, or platform integrity risks.

8. International Transfers

BlackSheet may use infrastructure, service providers, or business tools located in different countries. This means personal data may be transferred to or processed in countries other than the country where you live. Where required, we use appropriate safeguards intended to protect personal data during international transfers.

International processing may occur when we use global cloud infrastructure, support tools, analytics systems, email providers, payment services, security tools, collaboration tools, or contractors located outside your jurisdiction.

Where applicable law requires transfer safeguards, we may use contractual protections, organizational safeguards, technical controls, access restrictions, encryption, vendor review, or other measures intended to protect personal data when it is transferred across borders.

Privacy laws differ by country. By using BlackSheet or submitting information to us, you understand that your personal data may be processed in jurisdictions where privacy rules may not be identical to those in your location, subject to the safeguards described in this policy and applicable law.

9. Your Rights in Relation to Personal Data

Depending on applicable law and your location, you may have rights relating to your personal data. These rights may include:

Confirmation of whether we process your personal data.
Access to a copy of personal data we hold about you.
Correction of incomplete, inaccurate, or outdated information.
Deletion, anonymization, or blocking of data that is unnecessary, excessive, or processed unlawfully.
Portability of certain personal data where applicable.
Information about the categories of third parties with whom data is shared.
Withdrawal of consent where processing is based on consent.
Objection to certain processing activities where permitted by law.
Restriction of processing in certain circumstances.
The right to complain to a competent data protection authority.

To exercise a privacy right, contact us at privacy@blacksheet.io. We may ask for information needed to verify your identity and protect your privacy. Some requests may be limited by legal obligations, security requirements, account records, creator instructions, or our need to provide the Platform.

9.1 How we handle requests

We will respond to privacy requests within a reasonable period and in accordance with applicable law. If a request is complex, if we receive a high volume of requests, or if we need additional verification, our response may take longer. When required, we will explain the reason for any delay.

To protect your privacy, we may ask you to confirm your identity, provide account details, verify email ownership, or provide other information needed to make sure we are responding to the correct person or authorized representative.

9.2 Limits on requests

Some requests may be denied, limited, or delayed where permitted by law, including when a request is manifestly unfounded or excessive, when fulfilling the request would affect another person’s rights, when the data is needed for legal or security purposes, or when BlackSheet must retain information to comply with obligations or defend claims.

9.3 Requests involving creator data

If your request relates to data controlled by a creator, such as enrollment information, member records, community activity, product access, or creator-managed customer data, we may need to forward or coordinate the request with that creator. Creators may have their own privacy obligations and response procedures.

9.4 Marketing opt-outs

You can opt out of marketing emails by using the unsubscribe link in the message or by contacting us. Opting out of marketing does not stop essential service messages, such as account, payment, security, support, legal, or transactional communications.

10. Marketing Communications

If you join our list, request access, register for updates, download resources, attend events, or otherwise ask to hear from BlackSheet, we may send product, marketing, launch, educational, and company communications. You can unsubscribe using links in our emails or by contacting us. We may still send non-marketing messages about your account, payments, security, support, or service use.

Marketing communications may be personalized based on your business stage, plan interest, content viewed, resources requested, demo activity, event participation, or prior engagement with BlackSheet. We may also use analytics to understand whether emails were delivered, opened, clicked, or resulted in a request.

If you are a creator, your own marketing communications to your audience are your responsibility. You should only send emails, messages, or automated campaigns to people where you have the right to do so.

11. Cookies, Pixels, and Similar Technologies

We may use cookies, pixels, local storage, analytics tags, and similar technologies to operate the Platform, remember preferences, understand usage, measure campaigns, personalize experiences, prevent abuse, and improve performance. You can usually control cookies through your browser settings, but disabling cookies may affect how the Platform works.

11.1 Types of technologies we may use

Essential technologies: used for security, authentication, navigation, checkout, account access, and core Platform operation.
Preference technologies: used to remember settings, forms, interface choices, and user preferences.
Analytics technologies: used to understand site visits, product usage, errors, conversion paths, and feature performance.
Marketing technologies: used to measure campaigns, understand referral sources, personalize messages, and improve launch communication.

Some cookies or pixels may be placed by third-party service providers. Your browser, device, and third-party tools may provide controls for limiting or deleting cookies.

12. Security

BlackSheet uses reasonable technical, administrative, and organizational measures designed to protect personal data from unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, infrastructure security, monitoring, restricted permissions, and operational safeguards.

No system is completely secure. The security of your data also depends on how you protect your account, device, credentials, and integrations.

12.1 Security measures

Our security practices may include account access controls, role-based permissions, secure hosting, monitoring, logging, backup controls, vulnerability review, limited internal access, vendor review, incident response procedures, and operational safeguards appropriate to the nature of the data and the services being provided.

12.2 User responsibilities

You are responsible for protecting your account credentials, using secure devices, managing team access, reviewing integrations, keeping contact information current, and notifying us if you suspect unauthorized access or account compromise.

12.3 Security incidents

If we become aware of a security incident involving personal data, we will take steps to investigate, contain, and address the incident. Where required by law, we will notify affected users, creators, customers, authorities, or other relevant parties.

13. Children’s Privacy

BlackSheet is not intended for children under 13, and we do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will take appropriate steps to delete it or restrict its use, except where limited retention is necessary to prevent misuse or comply with law.

Creators should not use BlackSheet to knowingly collect personal data from children without having the permissions, notices, safeguards, and legal basis required by applicable law.

14. Account Closure and Deletion

If you close an account or request deletion, we will take reasonable steps to delete or anonymize personal data where required and where technically possible. Some data may remain in backups, legal records, accounting records, fraud prevention records, security logs, creator records, or other systems where retention is permitted or required.

Deleting a creator workspace may affect access to products, pages, offers, emails, automations, customer records, files, and member experiences connected to that workspace. Before deleting a workspace, creators should export any data they are permitted to keep and notify their customers where needed.

When a customer asks us to delete information tied to a creator’s workspace, we may need to involve the creator if the creator controls that data or if deletion would affect product delivery, legal records, customer access, or another person’s rights.

15. Changes to This Policy

We may modify this Privacy Policy at any time. When we make changes, the updated version will be posted on this page with a revised effective date. If changes are material, we may provide notice by email, through the Platform, or through another reasonable method.

Prior versions of this policy may be replaced by the updated version. Continued use of BlackSheet after an updated policy becomes effective means the updated policy applies to your use of the Platform from that date onward.

16. Controller Contact Information

For privacy questions, requests, or complaints, contact BlackSheet at privacy@blacksheet.io. You may also reach us through the BlackSheet contact page.

If BlackSheet appoints a formal data protection contact or representative for a specific jurisdiction, those details may be added to this policy or provided through the Platform.

When contacting us, please include enough information for us to understand your request, identify the relevant account or interaction, and verify that we are communicating with the right person. Please do not send sensitive personal data unless it is necessary for your request.

Contact: support@blacksheet.io