1. Information We Collect
When you use MarketingMogul, we collect the following types of information:
- Account Information: Name, email address, and profile photo when you sign up via Google OAuth or email/password.
- Brand Data: Brand names, industry, tone preferences, and connected social platform identifiers that you provide during onboarding.
- Content Data: Drafts, posts, and generated content created through our AI studio.
- Usage Data: Analytics about how you interact with the platform, including page views, feature usage, and session duration (only with your consent).
- Payment Data: Billing information processed by Stripe. We do not store credit card numbers.
2. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following legal bases:
- Contract Performance: Processing necessary to provide our services (account creation, content generation, publishing).
- Consent: Analytics cookies and optional marketing communications, which you may withdraw at any time.
- Legitimate Interest: Improving our platform, preventing fraud, and ensuring service security.
3. How We Use Your Information
- To provide and improve our AI content generation services
- To personalize your experience based on your brand voice preferences
- To send you notifications about your content queue and platform updates
- To analyze usage patterns and improve our platform (with your consent)
4. AI-Powered Features & Automated Decision-Making
MarketingMogul uses Google Gemini AI to generate marketing content, analyze brand voice, and suggest optimal posting times. These features involve automated processing of your inputs (brand descriptions, tone preferences, previous content). You always retain full editorial control — AI-generated content is presented as drafts for your review and approval before any publishing occurs.
AI processing does not make decisions with legal or similarly significant effects on you. You may opt out of AI features at any time by not using the Studio or Autopilot modules.
5. Data Storage & Security
Your data is stored on Google Cloud Platform (Firebase) data centers located in the United States. We implement industry-standard security measures including:
- 256-bit TLS encryption for all data in transit
- Encryption at rest via GCP's default encryption
- OAuth secrets stored in Firebase Secret Manager (never in source code)
- Firestore security rules enforcing user-scoped data isolation
- Rate limiting and prompt injection protection
We do not sell your personal information to third parties.
6. Cross-Border Data Transfers
If you are located in the European Economic Area (EEA), UK, or other regions with data transfer restrictions, please note that your data is transferred to and processed in the United States. These transfers are protected by Google Cloud's Standard Contractual Clauses (SCCs) and additional security safeguards. Google Cloud Platform maintains SOC 2 Type II, ISO 27001, and ISO 27017 certifications.
7. Third-Party Services
We integrate with the following third-party services:
- Google Firebase: Authentication, database, hosting, and analytics (SOC 2 Type II certified)
- Google Gemini AI: Content generation and voice analysis
- Stripe: Payment processing (PCI DSS Level 1 compliant)
- SendGrid: Transactional email delivery
- Google Analytics: Usage analytics (only with your cookie consent)
- Social Platform APIs: LinkedIn, Instagram, X (Twitter), Facebook, Threads — for content publishing on your behalf
8. Data Retention
We retain your personal data for as long as your account is active. Specific retention periods:
- Account Data: Retained until you delete your account.
- Content & Drafts: Retained until you delete them or your account.
- Usage Statistics: Daily usage data is retained for 90 days.
- Support Tickets: Retained for 2 years for quality assurance.
- Payment Records: Retained as required by tax and financial regulations.
9. Cookies & Tracking
We use a cookie consent banner that allows you to accept or decline analytics cookies before any tracking begins. Essential cookies required for authentication and security are always active. You can change your cookie preferences at any time by clearing your browser storage and revisiting the site.
10. Your Rights
Under GDPR and applicable privacy laws, you have the right to:
- Access: View all personal data we hold about you.
- Data Portability: Export your data in machine-readable JSON format via Settings → Profile → Export My Data.
- Rectification: Update or correct your personal data via your Settings page.
- Erasure (Right to be Forgotten): Permanently delete your account and all associated data via Settings → Profile → Delete Account.
- Withdraw Consent: Decline analytics cookies; opt out of marketing communications.
- Restriction: Request restricted processing of your data.
- Object: Object to processing based on legitimate interest.
- Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (e.g., your national Data Protection Authority).
11. Children's Privacy
MarketingMogul is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related inquiries, data requests, or to exercise your rights, contact us at:
We aim to respond to all privacy-related requests within 30 days, as required by GDPR.