This Website Uses Cookies
Cookie PreferencesRejectaccept
Product
Solutions
Data Loss Prevention
Shadow AI Governance
Agentic & MCP Security
Continuous Compliance
Comparisons
vs. Zscaler & Netskope (CASB)
vs. Nightfall & Cyberhaven (DLP)
vs. ChatGPT & Claude Enterprise
vs. Internal AI Gateways & Wrappers
Industries
Industries
Mid-Market Fintech & Regulated SaaS
High-Growth Startups & Scaleups
Enterprise & Financial Institutions
AI-First Engineering Teams
Roles
Chief Information Security Officer
Compliance and Legal Officers
Finance Executives
Chief Technology Officer
Why Blekline
Book a Demo
Ask AI about Blekline
Cookie PreferencesGet in Contact
Founder Profile
Start Trial
Solutions
Data Loss Prevention
Shadow AI Governance
Agentic & MCP Security
Continuous Compliance
Industries
Mid-Market Fintech & Regulated SaaS
High-Growth Startups & Scaleups
Enterprise & Financial Institutions
AI-First Engineering Teams
Industries
Technology
Healthcare
Financial Services
Manufactoring
Roles
Chief Information Security Officer
Compliance and Legal Officers
Finance Executives
Chief Technology Officer

Privacy Policy

I. Effective date

Updated on 5 April 2026.

The Wall Ltd (“we*, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use Blekline — including our marketing website (blekline.com), the Blekline web application (app.blekline.com), the Blekline browser extension, and related services (together, the “Services”).

By accessing or using the Services, you acknowledge that you have read this Privacy Policy. Where required by law, we rely on a specific legal basis (for example, contract, legitimate interests, or consent), as described below.

The processing of personal data in connection with Blekline in Slovenia may also be carried out by The Wall d.o.o., Mestni trg 10, 1000 Ljubljana, Slovenia; the international controller is The Wall Ltd. To exercise your rights, please contact us at the email address below.

This Privacy Policy should be read together with our Terms of Use.

II. Who is responsible for your data?

The data controller for Blekline is The Wall Ltd, in respect of the Services it operates.

For certain processing connected with the Republic of Slovenia, The Wall d.o.o., Mestni trg 10, 1000 Ljubljana, Slovenia, may act as a controller or processor as applicable under contract.

If you use Blekline on behalf of an organisation, that organisation may also be a controller for some information (for example, workspace membership and business contact details). In that case, we may process such data on documented instructions where we act as a processor — see Section XIV.

III. Definitions

- Cookie: a small file or similar technology stored on your device to remember preferences, keep you signed in, or measure usage.

- Customer / you: a natural person who uses the Services, or the organisation they represent where applicable.

- Device: any phone, tablet, computer, or other device used to access the Services.

- Extension: the Blekline browser extension for supported browsers.

- Personal data / personal information: information relating to an identified or identifiable natural person.

- Processor:*a vendor that processes personal data on our instructions (e.g. hosting or payments).

- Service / Services: Blekline websites, web app, extension, APIs (where offered), and related support.

- Workspace: the collaborative environment in the Blekline app tied to your subscription or trial.

IV. What information do we collect?

We collect information in the following categories, depending on how you use the Services:

A. Account and identity

- Name (if you provide it)

- Email address

- Authentication identifiers (e.g. user ID, session tokens)

- If you sign in with a third party (e.g. Google, Microsoft), we may receive basic profile information that provider shares with us according to your settings there

B. Workspace and product usage

- Workspace ID, role (e.g. owner, member), and configuration you or your admins create

- Operational data needed to run Blekline: masking rules metadata, integration settings, usage counters, audit or activity logs as implemented in the product

- Support communications you send us (email content, attachments you choose to provide)

C. Billing

- Billing contact email and plan details

- Payment transactions are processed by our payment provider (**Stripe**). We do **not** store full payment card numbers on our servers; Stripe processes card data subject to its own privacy policy.

D. Technical and security data

- IP address, approximate location derived from IP, browser type, device type

- Dates/times of requests, diagnostic logs, error reports

- Security signals (e.g. rate limits, abuse prevention hashes where we implement them)

E. Extension

- The Extension interacts with supported sites and your Blekline workspace to provide masking and related features. We process data needed to sync settings, apply policies, and operate the product (for example, configuration and event metadata as designed in the Extension).

- We do not use the Extension to sell your browsing history to advertisers. Do not use the Extension to submit unlawful content; you remain responsible for compliance with applicable law and third-party terms.

F. Marketing and communications

- If you subscribe to marketing emails or similar, we process your email and preferences

- We may send product and lifecycle messages (e.g. onboarding, billing) based on contract or legitimate interests, with unsubscribe where required

- If we connect Blekline events to an email tool (e.g. MailerLite) via automation platforms (e.g. Make), we transfer minimal data (such as email and segment labels) as needed for those messages

G. Forms and lead capture

- Information you submit on contact, demo, enterprise, or lead forms (e.g. name, company, email, message)

We do not knowingly collect special categories of data (e.g. health) through the Services unless you voluntarily include them in free-text fields; avoid sending sensitive data unless necessary.

V. How we use information (purposes)

We use personal data to:

- Provide and operate the Services (account creation, authentication, workspace features, Extension functionality) — contract / legitimate interests

- Process payments and manage subscriptions — contract / legal obligation (e.g. tax records)

- Secure the Services, prevent fraud and abuse, enforce our terms — legitimate interests / legal obligation

- Improve reliability and performance (analytics, debugging) — legitimate interests

- Communicate with you (service notices, support responses) — contract / legitimate interests

- Send marketing where permitted — consent or legitimate interests (with opt-out where required)

- Comply with law and respond to lawful requests — legal obligation

Where GDPR applies, we identify the legal basis per purpose as above. Where we rely on consent, you may withdraw it without affecting prior lawful processing.

VI. Cookies and similar technologies

We use cookies and similar technologies for:

- Strictly necessary operation (e.g. session, security, load balancing)

- Functional preferences (e.g. language, UI state) where applicable

- Analytics only if we deploy them and, where required, with your consent

You can control cookies through your browser. Blocking strictly necessary cookies may break login or core features. We do not store sensitive personal data inside non-essential cookies.

VII. Do we share personal data?

We share personal data with:

A. Service providers (processors) who assist us under contract, for example:

- Hosting / infrastructure (e.g. Vercel or comparable) for the web app and APIs

- Payment processing (Stripe)

- Email delivery for transactional or product email (e.g. Resend or comparable)

- Authentication / identity providers when you choose social login

- Analytics or error reporting tools if enabled

- Marketing automation / ESP (e.g. MailerLite) and workflow tools (e.g. Make) when we sync lifecycle events, with minimal fields

B. Professional advisers (lawyers, accountants) where confidential.

C. Authorities or third parties when we believe in good faith that disclosure is required to: comply with law, respond to valid legal process, protect rights, safety, and security, or investigate abuse.

D. Business transfers: if we merge, are acquired, or sell assets, personal data may transfer to the successor under safeguards; we will notify you where required.

We do not sell your personal data in the sense of “selling” under US state privacy laws’ typical definitions. We do not share data with unrelated advertisers solely for their independent advertising unless we specifically introduce such a programme and update this policy.

VIII. International transfers

We and our processors may process data in the United Kingdom, the European Economic Area, the United States and other countries. Where we transfer personal data from the EEA/UK to countries not deemed adequate, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK Addendum, plus supplementary measures where required.

IX. How long we keep information

We retain personal data only as long as necessary for the purposes above, including:

- Account data: for the life of the account and a short period afterwards (recovery, disputes), unless a longer period is required by law

- Billing / tax records: as required by accounting and tax law (often several years)

- Logs: typically weeks to months, unless longer retention is needed for security or legal holds

- Support tickets: until resolved plus a reasonable period

- Marketing: until you unsubscribe or object, plus suppression lists as required

When retention ends, we delete or anonymise data where feasible.

X. Security

We implement technical and organisational measures appropriate to the risk (encryption in transit, access controls, vendor due diligence). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

XI. Your rights (EEA, UK, and similar jurisdictions)

Subject to local law, you may have the right to:

- Access your personal data

- Rectify inaccurate data

- Erase data (“right to be forgotten”) in certain cases

- Restrict processing in certain cases

- Data portability for data you provided and that we process by automated means under contract or consent

- Object to processing based on legitimate interests (including profiling in some cases)

- Withdraw consent where processing is consent-based

- Lodge a complaint with a supervisory authority

EEA: you may contact your local authority; in Slovenia, the Information Commissioner (Informacijski pooblaščenc).

UK: ICO (Information Commissioner’s Office).

To exercise rights, email hello@blekline.com. We may need to verify your identity. If you are an end user of an organisation’s workspace, that organisation may need to submit or approve certain requests.

XII. Accuracy and account deletion

You may update some information in the app. You may request account deletion where the product allows it or by contacting us. Some records may persist where law requires (e.g. invoices). Backups may retain residual copies for a limited time before overwrite.

XIII. Children’s privacy

The Services are not directed at children under 16 (or the minimum age in your country if higher). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will take appropriate steps to delete it.

XIV. Organisations, workspaces, and DPAs

If you use Blekline for a company or team, your organisation (e.g. workspace owner) may decide why and how certain data is processed (such as inviting members, naming workspaces, or configuring policies). In those cases your organisation may be an independent controller, and we may process that data as a processor on its instructions.

Where we offer a Data Processing Agreement (DPA) or data-processing terms for business customers, they form part of the contract between your organisation and us. Individuals with questions about workspace data should often contact their organisation administrator first; we will direct or fulfil requests as required by law and contract.

XV. Automated decision-making

We do not use fully automated decisions that produce legal or similarly significant effects solely by automated means. We may use automated systems for security, abuse detection, and product features (e.g. policy application) without such legal effect.

XVI. Third-party sites and AI tools

The Services may link to third-party websites or allow you to connect third-party **AI tools** or data sources. Their privacy practices are governed **only** by their policies. We are not responsible for how third parties process data you send them.

XVII. Changes to this Privacy Policy

We may update this policy to reflect product, legal, or regulatory changes. We will post the new version and change the “Updated” date. Where required, we will provide additional notice (e.g. email or in-app). Continued use after the effective date may constitute acceptance where permitted by law.

XVIII. Governing law

This Privacy Policy is governed by the laws of England and Wales, without prejudice to mandatory rights under the law of your country of residence (including GDPR/UK GDPR for applicable individuals). Courts of England and Wales have jurisdiction subject to non-waivable consumer rights to sue in your home country where EU/UK law requires.

XIX. Contact

Questions or requests regarding this Privacy Policy or your personal data:

- Email: hello@blekline.com

- Controller: The Wall Ltd (Blekline)

- Slovenia (The Wall d.o.o.): Mestni trg 10, 1000 Ljubljana, Slovenia