Security

Accounts & sign-in

Authentication is handled by Supabase Auth, including Google sign-in (OAuth). We don't store your Google password, and you can sign in without sharing one with us. All traffic to BlurbStack is served over HTTPS.

Payments

Payments are processed entirely by Stripe, a PCI-DSS Level 1 certified provider. BlurbStack never sees or stores your full card number — card data goes directly to Stripe. We only keep non-sensitive billing metadata (your plan, subscription status, and customer reference) so the app can unlock the right features.

Your content

Posts, brand kits, and any logos or images you upload are stored in Supabase (database and object storage). Your projects are private to your account. You can delete a post or project at any time, which removes it from your workspace. Background images are generated by Google's Gemini models from the article's reference — BlurbStack does not re-publish copyrighted photos for you.

AI providers

Headlines and captions are generated via OpenAI (GPT-4o) and background images via Google Gemini. The article text and prompts you submit are sent to these providers to generate your post. We don't sell your data, and we don't use your private content to train our own models.

Reporting a vulnerability

Found a security issue? Please email support@blurbstack.com with the details and steps to reproduce. We take reports seriously and will respond promptly.