Effective July 15, 2026

Privacy Policy

This policy explains what we collect, why we collect it, who we share it with, and the control you have. We collect the minimum needed to run the platform.

1. Who we are

marketer.sh (“we”) is the controller of the personal data described here. For business customers, we also act as a processor of end-user data under our Data Processing Addendum.

2. What we collect

You give us

  • Account data — your email and authentication identity (via our auth provider), and team membership.
  • Content and configuration — niches, briefs, brand kits, and the outputs generated for you.
  • Connections — tokens and account identifiers for the social, ad, and payment services you link. Provider secrets are stored server-side and never exposed to the browser.
  • Billing — prepaid credit balance and transaction history. Card details are handled by our payment processor, not by us.

We collect automatically

  • Usage and diagnostics — request metadata, spend ledger entries, and an audit log of privileged and spend-affecting actions (actor, IP, and user agent) for security and accounting.
  • Cookies — a small set described in our Cookie Policy.

3. Why we use it

  • To operate the pipelines, publish content, and run campaigns.
  • To meter spend, enforce caps, bill, and prevent abuse.
  • To secure the platform and maintain an audit trail.
  • To support you and improve the service.
  • To comply with legal obligations.

Our legal bases (where GDPR applies) are performance of our contract with you, our legitimate interests in operating and securing the service, your consent (for non-essential cookies), and compliance with law.

4. AI model providers

To generate content we send the relevant inputs to model and media providers listed as subprocessors. We use providers under terms that prohibit training on your content by default where such controls are offered. We do not sell your personal data.

5. Sharing

We share data only with: the subprocessors that run the service on our behalf; the third-party platforms you explicitly connect (to publish or advertise); and authorities where required by law. We do not share your data for others’ advertising.

6. Retention

We keep account and content data for as long as your account is active. Audit and billing records are retained as needed for security and accounting obligations. When you delete your account, we delete or anonymize your personal data, subject to those limited retention needs.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. We build these in:

  • Export — download everything we hold from Settings → Data & privacy.
  • Deletion — erase your account and data from the same screen; deletion cascades across your records.

You can also email privacy@marketer.sh. You may lodge a complaint with your local data-protection authority.

8. International transfers

We and our subprocessors may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

9. Security

We use encryption in transit and at rest, least-privilege access, role-based administration, and an append-only audit log. No system is perfectly secure, but we work to protect your data and will notify you of a breach where the law requires.

10. Children

The service is not directed to anyone under 18, and we do not knowingly collect their data.

11. Changes and contact

We will post updates here with a new effective date. Contact us at privacy@marketer.sh.

Questions about this document? Email legal@marketer.sh.