Bylinedesk

Legal

Privacy Policy

How Bylinedesk handles personal information across the website, account flows, workspaces, and managed editorial services.

Effective date: May 4, 2026

This Privacy Policy explains how Bylinedesk Inc. ("Bylinedesk," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with the Bylinedesk websites, public article pages, managed editorial desk, admin and client workspaces, account setup flows, and related services (collectively, the "Services").

1. Scope

This Privacy Policy applies to personal information we process when you:

  • Visit a Bylinedesk website or public article page.
  • Request a walkthrough, contact us, or communicate with us.
  • Receive or accept an account invitation.
  • Use an admin, operator, or customer workspace.
  • Review, edit, approve, schedule, or publish article drafts.
  • Provide customer source materials, editorial context, instructions, drafts, comments, or other content for use with the Services.

If Bylinedesk processes personal information on behalf of a customer under a separate customer agreement or data processing addendum, that customer may be the controller or business responsible for the personal information, and Bylinedesk may process it as a service provider or processor under that agreement.

2. Personal Information We Collect

We collect personal information from the following sources.

Information You Provide

We may collect information you provide directly, including:

  • Contact details, such as name, work email, company, website, and message content when you request a walkthrough or contact us.
  • Account information, such as email address, authentication details, assigned tenant, role, and workspace access state.
  • Customer workspace content, such as source lists, desk configuration, editorial instructions, company context, article drafts, review notes, approval decisions, scheduled publication details, and published article metadata.
  • Communications with us, including support requests, operational questions, product feedback, and legal or privacy requests.

Information Collected Automatically

When you use the Services, we may collect technical and usage information, including:

  • IP address, browser type, device type, operating system, referring pages, and approximate location inferred from IP address.
  • Pages viewed, features used, timestamps, session information, and workspace actions such as article status changes or review decisions.
  • Cookies or similar technologies needed for authentication, session management, security, and basic service operation.
  • Server logs and diagnostic information used to maintain, secure, debug, and improve the Services.

Information From Customers And Third Parties

We may receive information from customers, authorized users, public sources, or service providers, including:

  • Information supplied by a customer administrator to invite or manage users.
  • Public source material, links, excerpts, and metadata used to prepare article opportunities.
  • Information returned by service providers that support authentication, email delivery, hosting, security, logs, or AI-assisted workflow steps.
  • Information from connected systems if a customer authorizes Bylinedesk to connect to them.

3. Customer Content And AI-Assisted Processing

Bylinedesk uses AI-assisted workflows to help monitor sources, identify article opportunities, plan article angles, prepare drafts, review drafts, revise drafts, and support editorial quality checks.

To provide those functions, we may process customer-provided materials, source materials, prompts, generated outputs, draft text, review notes, and related metadata with AI service providers and other service providers acting on our behalf.

Unless a customer expressly agrees otherwise, Bylinedesk does not sell Customer Content, use Customer Content to train general-purpose AI models, or permit its AI service providers to use Customer Content to train general-purpose AI models.

AI-assisted outputs may be incomplete, inaccurate, outdated, or unsupported by the source material. Customers and authorized reviewers are responsible for reviewing and approving content before publication.

4. How We Use Personal Information

We use personal information to:

  • Provide, operate, maintain, and secure the Services.
  • Create accounts, authenticate users, manage sessions, and enforce workspace access permissions.
  • Configure and operate customer editorial desks.
  • Prepare, review, revise, schedule, and publish article drafts at the direction of customers and authorized users.
  • Send account setup emails, transactional emails, service notices, and responses to inquiries.
  • Monitor service performance, debug errors, prevent misuse, and protect the Services, customers, users, and the public.
  • Improve the Services, including workflow quality, product usability, and operational reliability.
  • Maintain business records, enforce agreements, comply with legal obligations, and exercise or defend legal rights.
  • Send marketing or product communications where permitted by law and subject to any available opt-out rights.

5. How We Disclose Personal Information

We may disclose personal information in the following circumstances.

Service Providers

We may share personal information with vendors and service providers that help us operate the Services, such as hosting providers, database and authentication providers, email delivery providers, AI service providers, infrastructure, security, logging, support, analytics, and professional service providers. These providers may process information only as needed to provide services to us or as otherwise permitted by their agreements with us.

Current service providers include Vercel for hosting and deployment, Supabase for authentication and data storage, Resend for transactional and contact email delivery, and OpenAI for AI-assisted workflow steps. We may also use other infrastructure, security, support, or operations providers.

Customers And Workspace Users

If you use the Services through a customer workspace, information about your account, role, activity, comments, drafts, approvals, or publication decisions may be visible to the customer and other authorized users in that workspace.

Public Content

When a customer or authorized user publishes content through the Services, the published article and related public metadata may be visible to the public, indexed by search engines, and accessed or used by third parties according to their own practices.

Legal, Safety, And Business Transfers

We may disclose personal information if we believe disclosure is reasonably necessary to comply with law, legal process, or government requests; enforce our terms or agreements; protect rights, property, security, or safety; prevent fraud or abuse; or complete a merger, financing, acquisition, reorganization, or sale of assets.

With Consent Or Direction

We may disclose personal information with your consent or at your direction, including when a customer asks us to publish, export, send, or share content.

6. Cookies And Similar Technologies

The Services currently use cookies and similar technologies for necessary purposes such as authentication, session management, security, and service operation.

If Bylinedesk adds non-essential analytics, advertising, or marketing cookies, we will update this policy and any required consent or preference mechanism before enabling those technologies.

You can usually configure your browser to block or delete cookies, but some features may not work properly without necessary cookies.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain business and legal records, comply with legal obligations, resolve disputes, enforce agreements, protect the Services, and support customer workflows.

Active customer workspace content is generally retained while the relevant account or customer agreement is active. After termination, Bylinedesk will delete or return Customer Content according to the applicable customer agreement. If no agreement says otherwise, deletion requests will be handled within a commercially reasonable period. Backups, logs, security records, administrative records, legal records, and other operational records may persist for a limited period as needed for legal, security, business, or operational reasons.

8. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. These measures may include access controls, authentication, encryption in transit, provider-managed security controls, environment secrets, monitoring, and operational review.

No internet service, transmission, or storage system is completely secure. We cannot guarantee that personal information will never be accessed, disclosed, altered, or destroyed.

9. International Transfers

Bylinedesk is operated from the United States. Bylinedesk and its service providers may process and store information in the United States and other countries where we or our providers operate. Those countries may have data protection laws that differ from the laws where you live.

If required by applicable law or customer agreement, Bylinedesk will use appropriate safeguards for international transfers, such as data processing terms or standard contractual clauses.

10. Your Choices And Rights

Depending on where you live and how you use the Services, you may have rights to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent regarding your personal information.

You may also have rights to opt out of certain uses or disclosures of personal information, including certain targeted advertising, sale, or sharing practices where applicable. Bylinedesk does not intend to sell personal information in the ordinary sense of exchanging it for money.

To make a privacy request, contact us at privacy@bylinedesk.com. We may need to verify your identity and may be unable to fulfill a request if an exception applies or if the information is controlled by a Bylinedesk customer. If your information is processed in a customer workspace, we may direct your request to the relevant customer.

11. Marketing Communications

You may opt out of marketing emails by using the unsubscribe instructions in the email or contacting us. Even if you opt out of marketing communications, we may still send transactional or service-related messages, such as account setup emails, security notices, legal notices, and workspace-related communications.

12. Children's Privacy

The Services are intended for business use and are not directed to children under 13. Bylinedesk does not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us at privacy@bylinedesk.com.

13. Third-Party Links And Sources

The Services may link to third-party websites, source materials, publications, tools, and services. We do not control those third parties and are not responsible for their privacy practices. Review their privacy policies before providing personal information to them.

14. Changes To This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above. If changes are material, we may provide additional notice, such as by posting a notice on the Services or sending an email where appropriate.

15. Contact Us

For questions or requests about this Privacy Policy, contact:

Bylinedesk Inc., 6 Liberty Square, Boston, MA 02109, privacy@bylinedesk.com