Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last Updated: January 6, 2026

Table of Contents

1. Introduction 2. Information We Collect 3. How We Use Your Information 4. Information Sharing 5. Data Retention 6. Data Security 7. Your Privacy Rights 8. Cookies and Tracking 9. Third-Party Services 10. International Data Transfers 11. Children's Privacy 12. Changes to Privacy Policy 13. Contact Information

1. Introduction

MarketingOS ("we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing automation platform.

By using MarketingOS, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please do not use our Service.

Key Privacy Principles

  • Transparency: We clearly explain what data we collect and why
  • Control: You can access, export, and delete your data anytime
  • Security: We use industry-standard encryption and security measures
  • Compliance: We comply with GDPR, CCPA, and other privacy regulations

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Name, email address, company name, phone number
  • Billing Information: Payment method details (processed by third-party payment processors)
  • Profile Information: Avatar, bio, preferences, notification settings
  • Campaign Data: Marketing content, email lists, social media posts, ad creatives
  • Contact Lists: Email addresses and associated data you upload for campaigns
  • Support Communications: Messages, feedback, and correspondence with our support team

2.2 Information Collected Automatically

We automatically collect certain information when you use our Service:

  • Usage Data: Pages visited, features used, time spent, actions taken
  • Device Information: Browser type, operating system, device type, screen resolution
  • Log Data: IP address, access times, error logs, API requests
  • Cookies: Session cookies, preference cookies, analytics cookies (see Section 8)
  • Performance Metrics: Campaign performance, email open rates, click-through rates

2.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: TENEO OAuth (email, profile information)
  • Social Media Platforms: When you connect your accounts (Twitter, LinkedIn, Facebook)
  • Email Service Providers: Delivery status, bounce rates, spam reports
  • Analytics Services: Google Analytics, aggregate usage data

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

  • Create and maintain your account
  • Process your marketing campaigns (emails, social posts, ads)
  • Generate analytics and performance reports
  • Provide customer support and respond to inquiries
  • Send transactional emails (password resets, receipts, notifications)

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Develop new tools and functionality
  • Conduct A/B tests and experimentation
  • Monitor and optimize performance
  • Debug errors and technical issues

3.3 Business Operations

  • Process payments and billing
  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights and property

3.4 Communications

  • Send service announcements and updates
  • Provide tips and best practices
  • Notify you of new features
  • Send marketing communications (with your consent)

Marketing Communications

We will only send marketing emails if you opt-in. You can unsubscribe anytime by clicking the unsubscribe link in our emails or updating your notification preferences in account settings.

4. Information Sharing

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who help us operate the Service:

  • Hosting Providers: Vercel (infrastructure), Supabase (database)
  • Authentication: TENEO OAuth (user authentication)
  • Payment Processing: Stripe or similar payment processors
  • Email Delivery: SMTP providers for transactional emails
  • Analytics: Google Analytics for usage insights
  • Monitoring: Error tracking and performance monitoring services

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Third-Party Integrations

When you connect third-party services (social media, email providers), we share data necessary for the integration:

  • Social media posts with Twitter, LinkedIn, Facebook APIs
  • Email campaigns through your chosen email service provider
  • Analytics data with connected platforms

4.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Enforce our Terms of Service

4.4 Business Transfers

If MarketingOS is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

5.1 Active Accounts

  • Account data is retained while your account is active
  • Campaign data is retained for historical analysis and reporting
  • Analytics data is retained for performance benchmarking

5.2 Inactive Accounts

  • After account cancellation, you have 30 days to export your data
  • After 30 days, all personal data and campaign data is permanently deleted
  • Aggregate, anonymized data may be retained for analytics

5.3 Legal Obligations

Some data may be retained longer if required by law (e.g., tax records, payment history for 7 years).

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

  • Encryption: TLS/SSL encryption for data in transit
  • Database Security: Encrypted storage with Supabase Row-Level Security (RLS)
  • Authentication: OAuth 2.0 with secure token management
  • API Security: Rate limiting, input validation, CSRF protection
  • Access Controls: Role-based access control (RBAC) for user data

6.2 Organizational Safeguards

  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response plan for data breaches
  • Vendor security assessments

No Absolute Security

While we implement strong security measures, no system is 100% secure. You should protect your account credentials and report suspicious activity immediately.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 General Rights

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Export: Download your data in machine-readable formats (JSON, CSV, Excel)
  • Objection: Object to certain processing activities
  • Restriction: Request limitation of processing

7.2 GDPR Rights (EU/EEA Residents)

If you are in the European Union or European Economic Area, you have additional rights:

  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority
  • Right to know the legal basis for processing

7.3 CCPA Rights (California Residents)

If you are a California resident, you have:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your rights

7.4 How to Exercise Your Rights

To exercise any of these rights:

We will respond to your request within 30 days.

8. Cookies and Tracking

8.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service.

8.2 Types of Cookies We Use

  • Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
  • Preference Cookies: Remember your settings (dark mode, language preferences)
  • Analytics Cookies: Help us understand how you use the Service (Google Analytics)
  • Marketing Cookies: Track campaign performance and conversions (only with consent)

8.3 Cookie Management

You can control cookies through:

  • Browser settings (most browsers allow you to block or delete cookies)
  • Our cookie banner (when you first visit the site)
  • Account settings for marketing cookies

Note: Disabling essential cookies may affect the Service's functionality.

8.4 Do Not Track

We honor Do Not Track (DNT) browser signals. If DNT is enabled, we will not use analytics or marketing cookies.

9. Third-Party Services

Our Service integrates with third-party platforms. Each has its own privacy policy:

We are not responsible for the privacy practices of third-party services.

10. International Data Transfers

MarketingOS is based in the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the United States.

We comply with applicable data protection laws and use appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers.

EU-US Data Transfers

For EU/EEA residents, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to transfer data to the United States.

11. Children's Privacy

MarketingOS is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

If we learn we have collected information from a child under 18, we will delete it immediately. If you believe we have such information, please contact us at privacy@marketing-os.io.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Response Time

We aim to respond to all privacy inquiries within 3 business days and resolve requests within 30 days as required by law.

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. If you have concerns about how your data is handled, please don't hesitate to reach out.