Last Updated: 19th March, 2025
Blended is built on a foundation of GDPR compliance and is dedicated to applying the strictest standards of data protection and privacy. All our practices align with relevant data protection laws to ensure the security and proper handling of personal information.
Blended uses Microsoft Azure as its primary hosting provider. Microsoft Azure maintains a comprehensive suite of security and privacy certifications and frameworks. On top of these, Blended has implemented additional safeguards, policies, and procedures to further protect our customers’ data.
Microsoft was among the first in the industry to publish strong AI/ML privacy commitments, affirming that customers have the highest level of security and control over their data stored in the cloud. Blended aligns with this commitment and employs robust data governance practices to ensure that any data used in AI/ML workflows respects these strict privacy standards.
By default, customer data is not used to train the foundation models of Microsoft Azure AI. Neither are the prompts and responses. Blended fully respects and abides by this principle, ensuring that data remains isolated and is never exploited to improve general AI models without explicit user consent.
Microsoft Azure uses specific regions to define the physical location of its computing resources. Blended’s data is currently processed in the Frankfurt (Germany) region, ensuring data residency in the European Union and compliance with EU data protection regulations.
Blended respects the autonomy of users and prospects. Individuals can at any time opt out of receiving email communications or other marketing materials through our provided unsubscribe links and opt-out mechanisms.
Blended’s platform enables role-based access control, allowing for tiered permissions. Different roles have access only to the information necessary for their function, supported by approval systems that help maintain strict data governance at all levels of the organization.
Blended’s privacy standards and policies are based on the General Data Protection Regulation (GDPR). Our Data Processing Agreement (DPA) transparently outlines how we collect, process, and store user data, and it is readily available to our customers for review and acceptance.
Blended’s role in collecting and processing customer data makes us a data processor under GDPR. We do not sell, share, or export customer data to third parties. In instances where we rely on carefully vetted sub-processors to support our service, they adhere to the same strict data protection obligations. We use customer data solely to provide, maintain, and improve our platform offerings.
In order to improve your experience with Blended, we collect and use aggregate data about how you use the platform—such as how you interact with different features, the buttons you click, or the time spent on particular pages. This information helps us streamline and enhance the user experience.
We use a small number of third-party services (e.g., Microsoft Clarity, Sentry) to collect and analyze this data. These services are contractually obligated to use the data solely for providing analytics services to Blended and are prohibited from sharing it or using it for other purposes.
At Blended, we are committed to handling your personal data in accordance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL). Our approach to data protection is guided by PDPL’s core principles and rights, ensuring transparency, security, and respect for your personal information. Learn more about Blended and KSA PDPL here.
Blended collects minimal information and uses it only for the purposes stated in this Privacy Policy. The data we collect is stored securely, following industry best practices. We execute a Data Processing Agreement with all schools and organizations operating in the EU/EEA and Switzerland regions. You can find more details on Blended and GDPR here.
Rooted in GDPR principles, Blended prioritizes privacy considerations from the earliest stages of product development. By embedding privacy by design and default into every aspect of our operations, we ensure that personal data is respected and safeguarded at every step.
.png)
