Skip to content

Privacy Policy

Last updated: March 19, 2026

This Privacy Policy explains how Lucent Enterprises Ltd (“Textual,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Textual blogging platform at textual.blog and any associated services.

Lucent Enterprises Ltd is the data controller responsible for your personal information. We are incorporated in British Columbia, Canada, and our contact details are listed at the bottom of this page.

1. Information We Collect

a) Information you provide

  • Account information: When you sign up through Google OAuth, we receive your name, email address, and profile picture from your Google account.
  • Blog content: The blog posts and other content you create and publish through the platform.
  • Payment information: If you subscribe to a paid plan, your payment details (credit card number, billing address) are collected and processed directly by Stripe. We receive only a partial card number, expiration date, and billing status from Stripe. We never store your full card details on our servers.
  • Communications: Any messages you send us through email or support channels.

b) Information collected automatically

  • Analytics data: We track page views on your published blogs. This includes the page URL, referral source, and a timestamp.
  • IP addresses: We collect the IP address of visitors who view published blog posts for analytics purposes (page view counting) and for security and abuse prevention. IP addresses are not associated with individual reader profiles.
  • Session cookies: We use session cookies to keep you logged in and to maintain your preferences. See section 5 for details.

c) Information we do NOT collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. We do not use tracking cookies or third-party advertising pixels. We do not sell your personal information.

2. How We Use Your Information

We use your information for the following purposes:

  • Providing the service: Creating and maintaining your account, hosting and publishing your blog content, connecting custom domains, and delivering your blog to readers.
  • Analytics: Providing you with page view statistics and referral data for your blog.
  • Payment processing: Processing subscriptions and payments for paid plans.
  • Communications: Sending service-related emails such as account confirmations, billing receipts, security alerts, and important platform updates.
  • Security and abuse prevention: Detecting and preventing fraud, spam, abuse, and security incidents.
  • Improving the service: Understanding how the platform is used so we can fix bugs and develop new features.

We do not use your personal information for advertising. We do not sell, rent, or share your data with third parties for their marketing purposes.

3. Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a lawful basis for processing, we rely on the following:

  • Performance of a contract: Processing your account data, blog content, and payment information is necessary to provide the Textual service you signed up for. This is the primary lawful basis for most of our data processing.
  • Consent: We rely on consent for optional processing, such as sending newsletter emails to blog subscribers who opt in. You may withdraw consent for optional processing at any time without affecting your ability to use the core service.
  • Legitimate interest: We process certain data (such as IP addresses for page view tracking, and usage patterns for service improvement) based on our legitimate interest in operating and improving the platform, provided this does not override your rights.
  • Legal obligation: We may process data when required to comply with applicable laws, such as tax or financial reporting requirements.

4. Third-Party Service Providers

We share your information with the following third-party service providers, solely for the purposes described below. Each provider acts as a data processor on our behalf:

  • Google (OAuth): Authenticates your identity when you sign in. We receive your name, email, and profile picture. Google Privacy Policy
  • Vercel (hosting and content storage): Hosts the Textual platform and stores blog content. Vercel Privacy Policy
  • Neon (database): Stores your account information, blog metadata, and analytics data in a PostgreSQL database. Neon Privacy Policy
  • Stripe (payments): Processes credit card payments and manages subscriptions for paid plans. Stripe is a PCI-DSS Level 1 certified provider. Stripe Privacy Policy
  • Resend (email): Delivers transactional emails (confirmations, receipts, notifications) and blog newsletter emails for subscribers who opt in. Resend Privacy Policy

We do not share your personal information with any other third parties except where required by law.

5. Cookies

Textual uses only essential session cookies to keep you logged in and maintain your session state. These cookies are strictly necessary for the platform to function and expire when your session ends or after a set period of inactivity.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under most jurisdictions, though we disclose their use here for transparency.

6. International Data Transfers

Lucent Enterprises Ltd is based in Canada. However, some of our third-party service providers (including Vercel and Neon) may process and store data in the United States or other countries outside your jurisdiction. When your data is transferred internationally, we ensure appropriate safeguards are in place:

  • Canada has been recognized by the European Commission as providing an adequate level of data protection under GDPR.
  • For transfers to the United States, our processors rely on Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework, or equivalent safeguards.
  • We ensure all processors maintain appropriate technical and organizational measures to protect your data.

7. Data Retention

We retain your data for the following periods:

  • Account data (name, email, profile): Retained for as long as your account is active. Deleted within 30 days of account closure.
  • Blog content (posts): Retained for as long as your account is active. Deleted within 30 days of account closure or content deletion.
  • Analytics data (page views, IP addresses): Retained for up to 24 months, then automatically purged. IP addresses associated with page views are retained for no more than 90 days before being anonymized.
  • Payment records: Transaction records are retained for 7 years as required for tax and financial reporting purposes.
  • Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently removed.

8. Data Security

We take reasonable technical and organizational measures to protect your personal information, including:

  • Encryption in transit (TLS/SSL) for all data transmission
  • Encryption at rest for stored data
  • Secure authentication through Google OAuth (we never handle your password directly)
  • Access controls limiting who within our organization can access personal data
  • Regular security reviews of our infrastructure and code

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
  • Report the breach to the Office of the Privacy Commissioner of Canada as required by PIPEDA.
  • Provide details about the nature of the breach, the data affected, the likely consequences, and the measures taken to address it.

10. Your Rights

Depending on your location, you may have some or all of the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Data portability: Request your data in a structured, commonly used, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at support@textual.blog. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

11. GDPR (European Economic Area & United Kingdom)

If you are located in the EEA or UK, you have the rights described in section 10 above under the General Data Protection Regulation (GDPR) and UK GDPR. Our lawful bases for processing are described in section 3. You may contact your local supervisory authority if you believe your data protection rights have been violated.

12. CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt out of sale: We do not sell your personal information to third parties, so this right does not apply. For the avoidance of doubt: we do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

13. PIPEDA (Canadian Residents)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the right to:

  • Access the personal information we hold about you and be informed of its use.
  • Challenge the accuracy and completeness of your personal information and have it amended as appropriate.
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.

If you have a complaint about our handling of your personal information, you may contact the Office of the Privacy Commissioner of Canada.

14. Children's Privacy

Textual is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child under 13 has created an account, please contact us immediately.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a notice on the platform and, where we have your email address, sending you an email at least 30 days before the changes take effect.

The “Last updated” date at the top of this page indicates when this policy was most recently revised. Your continued use of Textual after the effective date of a revised policy constitutes acceptance of the changes.

16. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a complaint about how we handle your personal information, please contact us:

Lucent Enterprises Ltd
Victoria, British Columbia, Canada
support@textual.blog