Terms of Service

1. Introduction

This Privacy Policy explains how Blend Marketing Limited (“we”, “us”, or “our”), trading as Schema Engine, collects, uses, stores, and shares personal data when you use the Schema Engine service (“the Service”) and visit our website at https://schemaengine.blendb2b.com (“the Website”).

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

Please read this Privacy Policy carefully. By using the Service or the Website, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Blend Marketing Limited
Company Number: 07358192
Registered Office: Unit 2, East Throp House, Paddock Road, Caversham, Reading, Berkshire, England, RG4 5BY
Email: support@schemaengine.ai
Website: https://schemaengine.blendb2b.com

3. Personal Data We Collect

3.1 Data You Provide to Us

When you install and use the Service, we may collect the following personal data directly from you or from your HubSpot account via OAuth:

  • Account and identity data: Your name, email address, and HubSpot user ID as provided through the HubSpot OAuth authentication process.
  • HubSpot Portal data: Your HubSpot Hub ID, portal name, and account domain.
  • Billing data: Subscription tier selection and billing status. Payment card details are collected and processed directly by our payment processor, Stripe, and are never stored on our systems.
  • Communication data: Any information you provide when contacting us for support, including your name, email address, and the content of your correspondence.

3.2 Data We Collect Automatically

When you use the Service or visit the Website, we may automatically collect:

  • Usage data: Information about how you interact with the Service, including pages selected for schema generation, generation timestamps, generation status (success or failure), and feature usage.
  • Technical data: IP address, browser type and version, operating system, time zone setting, and general location data derived from your IP address.
  • Website analytics data: Pages visited, referring URLs, time spent on pages, and navigation paths through the Website. This data is collected via cookies and similar tracking technologies (see Section 10).

3.3 Data We Access from HubSpot

In order to provide the Service, we access the following data from your HubSpot Portal via the HubSpot API:

  • Page content: The publicly rendered HTML content of your selected HubSpot website pages. This content is accessed temporarily for the purpose of generating schema markup and is not permanently stored.
  • Page metadata: Page IDs, page URLs, page titles, domain information, and page update timestamps.
  • Head HTML: The existing head HTML of your pages, accessed for the purpose of inserting, updating, and managing schema markup.

We do not access your HubSpot CRM data, contact records, deal pipelines, marketing emails, forms, workflows, or any other HubSpot data beyond what is strictly necessary to deliver the schema markup generation service.

4. How We Use Your Personal Data

We use your personal data for the purposes set out in the table below, along with the lawful basis we rely on for each purpose under the UK GDPR.

Purpose Data Used Lawful Basis
To provide the Service, including generating and applying schema markup to your HubSpot pages Account data, HubSpot Portal data, page content, page metadata, head HTML Performance of a contract (Article 6(1)(b))
To manage your subscription and process billing Account data, billing data Performance of a contract (Article 6(1)(b))
To communicate with you about the Service, including service notifications and support responses Account data, communication data Performance of a contract (Article 6(1)(b))
To monitor and improve the performance, reliability, and security of the Service Usage data, technical data Legitimate interests (Article 6(1)(f)) — maintaining and improving the Service
To analyse how visitors use our Website Website analytics data, technical data Consent (Article 6(1)(a)) via cookie consent
To detect, prevent, and address fraud, abuse, security issues, and technical problems Technical data, usage data Legitimate interests (Article 6(1)(f)) — protecting the Service and our users
To comply with legal obligations All categories as necessary Legal obligation (Article 6(1)(c))

5. Third-Party AI Processing

A core function of the Service is the use of third-party artificial intelligence (AI) models to generate schema markup. This section provides specific information about how your data is processed in this context.

5.1 What Data Is Sent to AI Providers

When schema markup is generated for one of your pages, the publicly rendered HTML content of that page is transmitted to a third-party AI provider for processing. This content may include text, headings, metadata, and any other information visible on the rendered page.

5.2 AI Providers We Use

We currently use the following AI providers to power the Service:

We may change or add AI providers from time to time. We will update this Privacy Policy to reflect any material changes to the AI providers we use.

5.3 How AI Providers Handle Your Data

Page content is sent to AI providers via their API for the sole purpose of generating schema markup. We select AI providers and configurations that do not use customer input data to train or improve their models. However, AI providers may temporarily process and log data in accordance with their own privacy policies and data processing terms, which are outside of our control.

5.4 Data Retention by AI Providers

We do not control the data retention practices of third-party AI providers. We encourage you to review the privacy policies of the AI providers listed above for information about their data handling practices.

5.5 International Transfers

The AI providers we use are based in the United States. This means your page content is transferred outside the United Kingdom for processing. See Section 8 for further details on international transfers and the safeguards we rely on.

6. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

  • AI service providers: As described in Section 5, page content is shared with third-party AI providers for the purpose of generating schema markup.
  • Payment processor: Stripe, Inc. processes your payment information on our behalf. Stripe acts as an independent data controller for payment data. Stripe’s privacy policy is available at https://stripe.com/privacy.
  • HubSpot: The Service operates within and connects to the HubSpot platform. HubSpot, Inc. may process data in accordance with its own terms and privacy policies.
  • Hosting and infrastructure providers: We use cloud hosting providers to operate the Service. These providers may process data on our behalf as data processors under appropriate data processing agreements.
  • Error monitoring services: We use Sentry for error tracking and monitoring. Sentry may receive technical data and error logs to help us identify and resolve issues with the Service.
  • Analytics providers: We use analytics tools on our Website (see Section 10 on Cookies) which may receive anonymised or pseudonymised usage data.
  • Professional advisers: We may share data with our legal, accounting, or other professional advisers where necessary.
  • Law enforcement and regulators: We may disclose your personal data where required by law, regulation, legal process, or governmental request.

We do not sell your personal data to any third party. We do not use your HubSpot installation data for marketing purposes unless you have provided separate, explicit consent.

7. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law. The specific retention periods are:

Data Category Retention Period Rationale
Account and identity data Duration of your subscription plus 12 months To provide the Service and handle any post-termination queries
Billing data 6 years from the date of the relevant transaction To comply with UK tax and accounting obligations
Page content (for AI processing) Not retained beyond the generation process Transmitted to AI providers in real time and not stored on our systems
Generated schema markup Duration of your subscription plus 12 months For audit trail and to support the Service
Usage and technical data 24 months from collection For service improvement and security monitoring
Communication data 24 months from last communication To manage support queries and maintain service quality
Website analytics data As determined by the relevant analytics provider See Section 10 on Cookies

When your data is no longer required, we will securely delete or anonymise it. Where data has been shared with third-party processors, we will take reasonable steps to ensure those processors also delete the data in accordance with their obligations.

8. International Data Transfers

Your personal data may be transferred to, stored in, or processed in countries outside the United Kingdom, including the United States, where our AI providers and certain infrastructure providers are based.

Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data in accordance with UK data protection law. These safeguards may include:

  1. transferring data to countries that the UK Secretary of State has determined provide an adequate level of data protection;
  2. using standard contractual clauses approved by the UK Information Commissioner’s Office (ICO);
  3. relying on the recipient’s binding corporate rules where applicable; or
  4. obtaining your explicit consent to the transfer where no other safeguard is available.

You may request further information about the specific safeguards applied to transfers of your personal data by contacting us using the details in Section 2.

9. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions and exceptions.

  • Right of access: You have the right to request a copy of the personal data we hold about you (a “subject access request”).
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure: You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: Where we process your personal data on the basis of consent or for the performance of a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent: Where we rely on your consent to process your personal data (such as for analytics cookies), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to complain: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been infringed.

To exercise any of these rights, please contact us using the details in Section 2. We will respond to your request within one month of receipt. If your request is complex or we receive a large number of requests, we may extend this period by a further two months, in which case we will notify you.

We may ask you to verify your identity before processing your request. There is generally no charge for exercising your rights, but we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive.

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

10.2 Cookies We Use

Our Website uses the following categories of cookies:

Category Purpose Examples Lawful Basis
Strictly necessary Essential for the Website to function correctly. These cannot be disabled. Session cookies, CSRF protection, cookie consent preferences Legitimate interests / exemption under PECR
Analytics Help us understand how visitors interact with the Website by collecting information anonymously. HubSpot analytics, LinkedIn Insight Tag, Meta Pixel Consent
Functional Enable enhanced functionality and personalisation, such as remembering your preferences. Language preferences, user settings Consent

10.3 Third-Party Cookies

Our Website includes tracking pixels and similar technologies from third-party services, including:

These third-party services may set their own cookies and collect data in accordance with their own privacy policies. We do not control the cookies set by these third parties.

10.4 Managing Cookies

When you first visit our Website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the Website.

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling cookies may affect the functionality of the Website.

11. Children’s Data

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that data as soon as reasonably practicable.

12. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of sensitive data at rest and in transit (including HubSpot OAuth tokens);
  • Secure HTTPS connections for all data transmissions;
  • Access controls limiting who within our organisation can access personal data;
  • Regular security monitoring and logging;
  • Use of reputable, security-certified cloud infrastructure providers; and
  • Input validation, output sanitisation, and rate limiting on API endpoints.

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your personal data.

13. Data Processors

Where third parties process personal data on our behalf (as data processors), we ensure that appropriate data processing agreements are in place that require those processors to:

  1. process personal data only on our documented instructions;
  2. ensure that persons authorised to process the personal data are subject to confidentiality obligations;
  3. implement appropriate technical and organisational security measures;
  4. assist us in responding to data subject rights requests;
  5. delete or return all personal data at the end of the processing relationship; and
  6. make available all information necessary to demonstrate compliance.

14. Automated Decision-Making

The Service uses AI to generate schema markup based on your page content. This is an automated process, but it does not produce decisions that have a legal or similarly significant effect on you as an individual. The schema markup generated is applied to your website pages and does not affect your personal rights or status.

You retain full control over which pages have schema markup applied and may disable the Service at any time.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Where we make material changes, we will notify you by email or through a prominent notice on our Website or within the Service.

We encourage you to review this Privacy Policy periodically. The date of the most recent revision is indicated at the top of this document.

17. Complaints

If you have any concerns about how we handle your personal data, we encourage you to contact us first using the details in Section 2 so that we can try to resolve the matter directly.

If you are not satisfied with our response, or if you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/

18. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Blend Marketing Limited
Email: support@schemaengine.ai
Address: Unit 2, East Throp House, Paddock Road, Caversham, Reading, Berkshire, England, RG4 5BY