Privacy Policy

1. Information We Collect

We collect information you provide directly to us, including:

• Account information (email address, name)
• Business information submitted for analysis (website URLs, documents, questionnaire responses)
• Content you create or upload through the platform (text, images, videos)
• Payment information (processed by Stripe; we do not store card details)

2. Social Media Account Data

When you connect a social media account, we collect and store the following data depending on the platform:

What we collect from connected platforms

• Profile information — your display name, username/handle, and profile picture from the connected platform
• Account identifiers — platform-specific user IDs used to associate your account
• Authentication credentials — OAuth tokens (LinkedIn, Twitter/X, Facebook, Instagram, TikTok, Pinterest) or app passwords (Bluesky), stored encrypted
• Board/page lists — for Pinterest, we fetch your boards so you can select where to publish Pins
• Granted permissions — the scopes you authorized during connection

How we use social media data

• Publishing content (posts, tweets, pins, etc.) to your connected accounts only when you explicitly approve
• Displaying your account name and profile picture in our dashboard so you can identify connected accounts
• Scheduling content for future publishing at times you choose

What we do NOT do

• We never post content without your explicit approval
• We do not read, scrape, or store your social media feeds, followers, or engagement data beyond basic profile information
• We do not sell, share, or transfer your social media credentials or data to any third party
• We do not use your social media data for advertising or profiling

Platform-specific details

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Generate marketing strategies and content using AI
• Publish content to connected social media accounts on your behalf, with your approval
• Send service-related notifications and emails
• Process payments and manage subscriptions

4. Data Security

We implement industry-standard security measures to protect your data:

• OAuth tokens and app passwords are encrypted using AES-256-GCM before database storage
• All data is transmitted over HTTPS (TLS 1.2+)
• Our database is hosted on Supabase with row-level security policies
• CSRF protection on all OAuth flows via state parameters and secure cookies
• Credentials are never logged, exposed in client-side code, or transmitted in plain text

5. Third-Party Services

We integrate with the following third-party services to deliver our platform:

• Supabase — Database hosting and user authentication
• Anthropic (Claude AI) — AI-powered strategy and content generation
• OpenAI — Speech-to-text for video captions (Whisper)
• Google Cloud — Text-to-speech for voiceovers, speech-to-text fallback
• Google Gemini — AI image generation
• Stripe — Payment processing (PCI-compliant; we never store card data)
• Resend — Transactional email delivery
• Hetzner / Coolify — Application hosting and infrastructure
• AWS Lambda — Video rendering
• Social media platforms — LinkedIn, Twitter/X, Facebook, Instagram, TikTok, Pinterest, Bluesky

Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function.

6. Cookies

We use cookies for:

• Authentication — session cookies to keep you logged in
• OAuth state — short-lived, secure cookies during social media account connection (expire within 10 minutes)
• Preferences — theme selection (light/dark mode)

We do not use cookies for advertising or third-party tracking.

7. Data Retention & Deletion

We retain your data for as long as your account is active. When you disconnect a social media account, we immediately delete the stored credentials for that account from our database.

You may request deletion of your account and all associated data at any time by contacting us at privacy@marketchamp.ai. Soft-deleted content is permanently removed after 30 days.

Facebook & Instagram Data Deletion

If you remove the MarketChamp app from your Facebook or Instagram account settings, we receive an automatic notification from Meta and immediately:

• Invalidate and delete all stored OAuth access tokens
• Remove your Facebook Page and Instagram Business account data from our systems
• Delete any profile information (name, avatar, account IDs) associated with your connected accounts

You can also request data deletion directly from Facebook by visiting Settings & Privacy → Settings → Apps and Websites on Facebook and removing MarketChamp AI. We will process the deletion and provide a confirmation URL with a tracking code.

Retention period: Social media tokens are deleted immediately upon disconnection or deauthorization. Content you created and published through MarketChamp remains on the respective social media platform under your control. Any locally cached metadata (post IDs, publishing timestamps) is retained for up to 30 days for analytics purposes, then permanently deleted.

8. Your Rights (GDPR & CCPA)

For All Users

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data and connected accounts
• Export your data in a machine-readable format
• Disconnect any social media account at any time from your dashboard
• Withdraw consent for marketing communications
• Revoke platform permissions directly from your social media account settings

For European Economic Area (EEA) Residents — GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed: We provide clear information about how we process your data in this policy
• Right of access: You can request a copy of all personal data we hold about you
• Right to rectification: You can request correction of inaccurate personal data
• Right to erasure: You can request deletion of your personal data (“right to be forgotten”)
• Right to restrict processing: You can ask us to limit how we use your data
• Right to data portability: You can request your data in a structured, machine-readable format
• Right to object: You can object to processing based on legitimate interests

Legal basis for processing: We process your data based on: (a) your consent (e.g., connecting social media accounts), (b) contractual necessity (e.g., providing the Service), and (c) legitimate interests (e.g., improving our platform and preventing fraud).

To exercise any GDPR right, contact us at privacy@marketchamp.ai. We will respond within 30 days.

For California Residents — CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:

• Right to know: You can request disclosure of the categories and specific pieces of personal information we have collected
• Right to delete: You can request deletion of personal information we have collected from you
• Right to opt-out: You can opt out of the “sale” of personal information. We do not sell your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights

To exercise CCPA rights, contact us at privacy@marketchamp.ai or by writing to us at the address in the Contact section.

9. Children's Privacy

MarketChamp AI is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will promptly delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

11. Print Services Data Sharing

When you use MarketChamp's print services, we share the following data with the selected third-party print provider: shipping name and address, email address (for order notifications), phone number (if provided, for delivery coordination), and the print-ready file. We do not share your MarketChamp account credentials, payment information (handled via Stripe), browsing history, or any data unrelated to print fulfillment.

12. AI Customer Support Chatbot

Our website features an AI-powered customer support chatbot. This section explains how we collect, process, and protect data generated through chat interactions.

12.1 Data We Collect

When you use the chatbot, we collect:

• Visitor identifier: A randomly generated ID stored in your browser (localStorage) to maintain conversation continuity across page visits. This is not linked to your real identity unless you provide contact information.
• Messages: The text content of your conversation with the AI assistant and any human support agents.
• Contact information: Email address and/or phone number, only if you voluntarily provide them during the conversation (e.g., for follow-up by our support team).
• Page context: The URL of the page where you initiated the chat.
• Device information: Basic browser user-agent string for troubleshooting purposes.
• Session token: A cryptographically signed, HTTP-only cookie that secures your conversation session.

12.2 How We Process Chat Data

• AI responses: Your messages are sent to Anthropic (Claude Haiku model) to generate responses. Anthropic processes this data under their privacy policy. Anthropic does not use API inputs to train their models.
• Human escalation: If you request human support or the AI determines it cannot assist, your conversation (including messages and any contact info) may be forwarded to our support team via Telegram for response.
• Email enrichment: If you provide an email address, we may look up publicly available business information (company name, job title) to improve support quality.
• Conversation summaries: AI-generated summaries of conversations may be created for support team review and quality assurance.
• Conversion tracking: If you later create an account, we may link your prior anonymous chat conversations to your account for continuity.

12.3 Data Protection Measures

• PII redaction: Credit card numbers and social security numbers are automatically detected and redacted from messages before storage.
• Input sanitization: Messages are sanitized to remove potentially malicious content before processing.
• Output validation: AI responses are validated to prevent disclosure of internal system information.
• Rate limiting: Message frequency is limited to prevent abuse.
• Bot detection: Automated behavioral checks help prevent bot abuse of the chat system.
• Session security: Conversations are protected by cryptographically signed session tokens.

12.4 Retention & Deletion

• Conversations with no activity for 24 hours are automatically closed.
• Anonymous conversations (where no email or account is linked) are automatically deleted after 90 days.
• For identified conversations (where an email was provided), personally identifiable information (name, email, phone) is scrubbed after 90 days, while the conversation content is retained for up to 1 year for support quality purposes.
• You may request deletion of your chat data at any time by contacting privacy@marketchamp.ai.

12.5 Your Rights

• You can end a chat conversation at any time using the "End chat" button.
• You are not required to provide any personal information to use the chatbot.
• You may request access to, correction of, or deletion of your chat conversation data.
• Clearing your browser's localStorage will generate a new visitor identifier, effectively starting fresh.

13. Contact

For privacy-related inquiries, contact us at privacy@marketchamp.ai