Legal

Privacy Notice

Effective date: April 20, 2025  ·  Last updated: April 20, 2025

1. Who We Are

MarketFlow ("we", "us", "our") operates the MarketFlow platform — an AI campaign co-pilot for media buyers and performance marketers. This Privacy Notice explains how we collect, use, store, and share your information when you use our Service at marketflow.ai.

Questions about this notice can be directed to privacy@marketflow.ai.

2. Information We Collect

We collect information in three ways: information you give us, information generated by your use of the Service, and information from third-party services.

CategoryExamplesPurpose
Account dataEmail address, name, role (e.g. media buyer)Account creation and authentication
Campaign inputsProduct descriptions, briefs, audiences, budgets, uploaded PDFsGenerating AI campaign outputs
Generated outputsCampaign structures, ad copy, strategy documentsStoring your campaigns for retrieval
Usage dataPages visited, features used, session duration, click eventsProduct analytics and improvement
Device & log dataIP address, browser type, referrer URL, timestampsSecurity, debugging, and fraud prevention
Payment dataBilling address, last 4 digits of card (via Stripe)Processing subscription payments

We do not collect sensitive personal data such as government IDs, health information, or financial account numbers (other than payment card data handled by Stripe).

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To generate AI campaign outputs based on your inputs
  • To save and retrieve your campaign history
  • To send transactional emails (account confirmation, billing receipts)
  • To send product updates and early-access announcements (you may opt out at any time)
  • To analyze product usage and improve the Service via PostHog analytics
  • To detect, prevent, and respond to fraud, abuse, or security threats
  • To comply with legal obligations

4. Third-Party Services

We share data with the following sub-processors to operate the Service:

CategoryExamplesPurpose
SupabaseUser accounts, campaign dataDatabase and authentication infrastructure
Anthropic PBCCampaign inputs and PDF briefsAI generation (data is not used to train models per our agreement)
ResendEmail addressTransactional and marketing email delivery
PostHogUsage events, anonymized device dataProduct analytics (self-hosted or cloud)
StripeBilling detailsSubscription payment processing
VercelRequest metadata, IP addressHosting and edge infrastructure

We do not sell your personal data. We do not share your data with advertising networks or data brokers.

A note on AI processing: Content you submit as campaign inputs is sent to Anthropic's API to generate outputs. Anthropic processes this data pursuant to their API usage policies and does not use API inputs to train their models. Do not submit sensitive personal data or trade secrets belonging to third parties in campaign inputs.

5. Data Retention

We retain your account data and campaign history for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (such as billing records, which are retained for 7 years).

Analytics events in PostHog are retained for 12 months.

6. Cookies and Tracking

We use the following types of cookies and local storage:

  • Strictly necessary: Session tokens and authentication cookies required to keep you logged in.
  • Analytics: PostHog collects anonymized event data to help us understand how the product is used. This does not include ad tracking or cross-site profiling.

We do not use third-party advertising cookies or sell data to ad networks.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Deletion — request deletion of your personal data (subject to legal retention requirements)
  • Portability — request your campaign data in a machine-readable format
  • Opt-out — unsubscribe from marketing emails at any time via the link in any email
  • Restriction — request that we restrict processing of your data in certain circumstances

To exercise any of these rights, email us at privacy@marketflow.ai. We will respond within 30 days.

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR/UK GDPR and may lodge a complaint with your local supervisory authority.

8. Data Security

We implement industry-standard security measures to protect your data, including TLS encryption in transit, encrypted storage at rest, and access controls limiting who can view your data. However, no system is 100% secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect any unauthorized access to your account.

9. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

10. International Transfers

MarketFlow is operated from the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States. We ensure that transfers to our sub-processors are covered by appropriate safeguards (e.g., Standard Contractual Clauses for EEA users).

11. Changes to This Notice

We may update this Privacy Notice from time to time. If we make material changes, we will notify you by email or prominent in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent version.

12. Contact Us

For privacy-related questions or to exercise your data rights:

MarketFlow — Privacy Team
privacy@marketflow.ai

Terms of ServiceRefund PolicyHome