Markaestro
MarkaestroSign In

Privacy Policy

Last updated: March 10, 2026

1. Scope and Roles

This Privacy Policy explains how Markaestro ("Markaestro", "we", "us", or "our") collects, uses, discloses, and protects personal information when you access our marketing automation platform, website, applications, APIs, and related services (collectively, the "Services").

Markaestro processes different categories of data in different roles. For account, billing, security, support, and website administration data, we generally act as the controller or business. For contact lists, campaign data, brand assets, uploaded media, analytics events, and similar data submitted by a workspace, we generally act as a processor or service provider on behalf of that workspace. If you are an end customer or contact contained in a Markaestro customer workspace, you should direct privacy requests to that workspace first.

2. Information We Collect

2.1 Information you provide directly

  • Account and identity data: email address, authentication identifiers, display name, and credentials handled through Firebase Authentication.
  • Workspace and team data: workspace name, membership records, user roles, and invite or access-management information.
  • Product and brand data: product names, descriptions, URLs, pricing tiers, categories, brand voice settings, sample voice text, target audience descriptions, keywords, avoid-word lists, logos, and brand color settings.
  • Campaign and publishing data: campaigns, posts, ad creatives, captions, scheduled times, media URLs, target audience settings, call-to-action text, and related workflow configuration.
  • Contact and CRM data: names, email addresses, status, lifecycle stage, source, tags, notes, product associations, and unsubscribe state for contacts you create, import, sync, or manage.
  • Automation and job configuration: automation steps, triggers, job schedules, job payloads, and related execution settings.
  • Support and communications data: information you send to us through email or contact forms, including message contents and any attachments you provide.

2.2 Information from connected services and integrations

  • OAuth and integration data: access tokens, refresh tokens, token expiry data, provider account identifiers, usernames, open IDs, page or account selections, and provider-specific metadata needed to maintain a connection.
  • Social, advertising, and analytics data: page lists, account profile information, post status, follower or profile metrics, ad campaign metrics, impressions, clicks, spend, conversions, and related reporting data retrieved from providers such as TikTok, Meta, Google, and similar services you connect.

2.3 Information collected automatically

  • Usage and activity data: pages visited, features used, actions taken, timestamps, and workspace-scoped activity events.
  • Technical data: IP address, browser type, device information, operating system, request metadata, and approximate location derived from network information.
  • Diagnostics and logs: API error details, request IDs, security events, audit trails, background job run data, and telemetry captured for reliability and abuse prevention, including diagnostic processing through Sentry.
  • Cookie and local storage data: essential session, authentication, and preference information used to operate the Services.

2.4 Files and uploads

  • Media uploads: logos, screenshots, ad images, ad videos, and other files you upload for publishing, brand identity, or AI-assisted generation.
  • Publicly accessible asset URLs: certain uploaded or generated assets may be stored using direct public cloud URLs so they can be rendered in ads, social posts, landing assets, or generated creative workflows. You should only upload files you are authorized to publish or share in this manner.

3. How We Use Information

We use personal information and customer data to:

  • provide, secure, maintain, troubleshoot, and improve the Services;
  • authenticate users and enforce workspace access controls;
  • store and manage campaigns, products, brand settings, posts, and ad configurations;
  • publish or schedule content and create or synchronize campaigns with connected third-party services when directed by you;
  • generate text, images, insights, and recommendations using AI providers based on your prompts, brand inputs, and workspace content;
  • calculate and display dashboards, analytics, attribution, and performance summaries;
  • detect fraud, abuse, security incidents, and unauthorized access;
  • respond to support inquiries, legal requests, and enforcement matters; and
  • comply with legal obligations and protect our rights, users, and platform.

4. Legal Bases for Processing

Where required by law, we rely on one or more of the following legal bases: performance of a contract, legitimate interests, consent, and compliance with legal obligations. For example, we process account data to provide the Services under contract, use logs and security telemetry for legitimate interests in operating a secure platform, and may rely on consent where required for certain communications or integration permissions.

5. Cookies and Similar Technologies

We use essential cookies, tokens, and similar storage technologies to keep you signed in, preserve session integrity, remember preferences, and secure the Services. We may also use technical telemetry and diagnostic tools to monitor application errors and performance. We do not sell personal information or use cross-context behavioral advertising cookies through the authenticated application experience.

6. How We Share Information

We do not sell personal information. We share information only as needed for the purposes described above, including with:

  • Infrastructure providers: Google Cloud and Firebase for hosting, authentication, database, and storage services.
  • Error monitoring and diagnostics providers: providers such as Sentry to capture operational and security-related errors.
  • AI providers: providers such as OpenAI and Google when you use AI-assisted text, image, insight, or strategy features.
  • Connected integration providers: TikTok, Meta, Google, and other services you authorize us to connect to or use on your behalf.
  • Other workspace users: your data may be visible to authorized members of your workspace based on role and permissions.
  • Professional advisers and authorities: when reasonably necessary to enforce our terms, investigate misuse, respond to legal process, or protect rights, safety, and security.
  • Corporate transaction counterparties: in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar event, subject to appropriate confidentiality protections.

7. AI and Automated Processing

Markaestro offers AI-assisted features that may use prompts, product descriptions, brand voice instructions, campaign content, analytics summaries, uploaded screenshots, logos, and related workspace data to generate marketing copy, images, recommendations, and performance insights. These outputs are generated automatically and may be inaccurate, incomplete, or unsuitable for your use case. You are responsible for reviewing AI-generated outputs before publication, launch, or sending.

8. Storage, Security, and Integrity

8.1 Infrastructure

Markaestro runs on Google Cloud and Firebase infrastructure, including Firestore, Authentication, and Cloud Storage. We use reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration.

8.2 Secret handling

We encrypt sensitive integration secrets such as OAuth access tokens and API keys before storage using authenticated encryption. Passwords for email-password authentication are managed by Firebase Authentication rather than stored directly by our application.

8.3 Important limitations

No internet or storage environment is completely secure. In addition, certain uploaded or generated assets may be intentionally stored at publicly reachable URLs to support publishing and creative workflows. You should not upload highly sensitive personal information, government IDs, payment card data, protected health information, or other regulated data unless we explicitly support that use in writing.

9. International Transfers

We and our service providers may process information in the United States and other countries that may have different data protection laws from your jurisdiction. Where required, we use appropriate transfer mechanisms and safeguards for international transfers.

10. Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type, for example:

  • account and workspace records are retained while your account or workspace remains active;
  • integration secrets are retained until disconnected, overwritten, or deleted;
  • content, contacts, posts, products, campaigns, analytics records, and event logs remain in the workspace until deleted or until the workspace is removed, subject to backup and legal retention cycles;
  • short-lived OAuth state and related temporary authorization data may expire and be deleted automatically after a short period;
  • support, abuse-prevention, and legal records may be retained longer where needed for legitimate business purposes or legal compliance.

11. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or export your personal information, and to withdraw consent where consent is the basis for processing. You may also have the right not to receive discriminatory treatment for exercising your rights.

  • EEA, UK, and similar regions: you may have rights to object, restrict processing, request portability, or lodge a complaint with your local supervisory authority.
  • California and similar U.S. state laws: you may have rights to know, access, delete, and correct personal information, and to limit certain sensitive data uses where applicable. Markaestro does not sell personal information or share it for cross-context behavioral advertising as those terms are defined under applicable state law.
  • Customer-end contacts: if your information is held in a Markaestro customer workspace, we may need to direct your request to that customer because that customer determines the purposes and means of processing that data.

To exercise rights regarding data we control, contact us at legal@markaestro.com. We may need to verify your identity before fulfilling a request.

12. Your Responsibilities When You Use Markaestro

If you upload contact information, campaign content, or third-party platform data into Markaestro, you are responsible for ensuring you have an appropriate legal basis to do so and for honoring applicable privacy, anti-spam, advertising, and consumer protection laws. This includes obtaining any required consents and honoring unsubscribe or suppression requests.

13. Children's Privacy

The Services are not directed to children, and you may not use them if you are under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will investigate and take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and may provide additional notice through the Services or by email where appropriate. Your continued use of the Services after the effective date of the updated policy means the updated policy will apply to your future use.

15. Contact Us

If you have questions about this Privacy Policy or Markaestro's privacy practices, contact us at legal@markaestro.com or through our contact page.