Privacy Policy
Last updated: March 28, 2026
1. Information We Collect
We collect information you provide directly to us, including:
- Account information (email address, name)
- Business information submitted for analysis (website URLs, documents, questionnaire responses)
- Content you create or upload through the platform (text, images, videos)
- Payment information (processed by Stripe; we do not store card details)
2. Social Media Account Data
When you connect a social media account, we collect and store the following data depending on the platform:
What we collect from connected platforms
- Profile information — your display name, username/handle, and profile picture from the connected platform
- Account identifiers — platform-specific user IDs used to associate your account
- Authentication credentials — OAuth tokens (LinkedIn, Twitter/X, Facebook, Instagram, TikTok, Pinterest) or app passwords (Bluesky), stored encrypted
- Board/page lists — for Pinterest, we fetch your boards so you can select where to publish Pins
- Granted permissions — the scopes you authorized during connection
How we use social media data
- Publishing content (posts, tweets, pins, etc.) to your connected accounts only when you explicitly approve
- Displaying your account name and profile picture in our dashboard so you can identify connected accounts
- Scheduling content for future publishing at times you choose
What we do NOT do
- We never post content without your explicit approval
- We do not read, scrape, or store your social media feeds, followers, or engagement data beyond basic profile information
- We do not sell, share, or transfer your social media credentials or data to any third party
- We do not use your social media data for advertising or profiling
Platform-specific details
| Platform | Auth Method | Data Accessed | Actions Performed |
|---|---|---|---|
| OAuth 2.0 | Profile name, email, profile picture | Create posts (text, links, images) | |
| Twitter / X | OAuth 2.0 with PKCE | Username, display name, profile picture | Post tweets (text, images) |
| OAuth 2.0 (Facebook Login) | Page name, page ID, profile picture | Publish page posts (text, links, images) | |
| OAuth 2.0 (via Facebook) | Business account name, profile picture | Publish media posts | |
| TikTok | OAuth 2.0 | Display name, username, profile picture | Publish videos |
| OAuth 2.0 | Username, profile image, board list | Create Pins to selected boards | |
| Bluesky | AT Protocol (app password) | Handle, display name, avatar | Create posts (text, links) |
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Generate marketing strategies and content using AI
- Publish content to connected social media accounts on your behalf, with your approval
- Send service-related notifications and emails
- Process payments and manage subscriptions
4. Data Security
We implement industry-standard security measures to protect your data:
- OAuth tokens and app passwords are encrypted using AES-256-GCM before database storage
- All data is transmitted over HTTPS (TLS 1.2+)
- Our database is hosted on Supabase with row-level security policies
- CSRF protection on all OAuth flows via state parameters and secure cookies
- Credentials are never logged, exposed in client-side code, or transmitted in plain text
5. Third-Party Services
We integrate with the following third-party services to deliver our platform:
- Supabase — Database hosting and user authentication
- Anthropic (Claude AI) — AI-powered strategy and content generation
- OpenAI — Speech-to-text for video captions (Whisper)
- Google Cloud — Text-to-speech for voiceovers, speech-to-text fallback
- Google Gemini — AI image generation
- Stripe — Payment processing (PCI-compliant; we never store card data)
- Resend — Transactional email delivery
- Vercel — Application hosting and serverless functions
- AWS Lambda — Video rendering
- Social media platforms — LinkedIn, Twitter/X, Facebook, Instagram, TikTok, Pinterest, Bluesky
Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function.
6. Cookies
We use cookies for:
- Authentication — session cookies to keep you logged in
- OAuth state — short-lived, secure cookies during social media account connection (expire within 10 minutes)
- Preferences — theme selection (light/dark mode)
We do not use cookies for advertising or third-party tracking.
7. Data Retention & Deletion
We retain your data for as long as your account is active. When you disconnect a social media account, we immediately delete the stored credentials for that account from our database.
You may request deletion of your account and all associated data at any time by contacting us. Soft-deleted content is permanently removed after 30 days.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data and connected accounts
- Export your data in a machine-readable format
- Disconnect any social media account at any time from your dashboard
- Withdraw consent for marketing communications
- Revoke platform permissions directly from your social media account settings
9. Children's Privacy
MarketChamp AI is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will promptly delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.
11. Print Services Data Sharing
When you use MarketChamp's print services, we share the following data with the selected third-party print provider: shipping name and address, email address (for order notifications), phone number (if provided, for delivery coordination), and the print-ready file. We do not share your MarketChamp account credentials, payment information (handled via Stripe), browsing history, or any data unrelated to print fulfillment.
12. AI Customer Support Chatbot
Our website features an AI-powered customer support chatbot. This section explains how we collect, process, and protect data generated through chat interactions.
12.1 Data We Collect
When you use the chatbot, we collect:
- Visitor identifier: A randomly generated ID stored in your browser (localStorage) to maintain conversation continuity across page visits. This is not linked to your real identity unless you provide contact information.
- Messages: The text content of your conversation with the AI assistant and any human support agents.
- Contact information: Email address and/or phone number, only if you voluntarily provide them during the conversation (e.g., for follow-up by our support team).
- Page context: The URL of the page where you initiated the chat.
- Device information: Basic browser user-agent string for troubleshooting purposes.
- Session token: A cryptographically signed, HTTP-only cookie that secures your conversation session.
12.2 How We Process Chat Data
- AI responses: Your messages are sent to Anthropic (Claude Haiku model) to generate responses. Anthropic processes this data under their privacy policy. Anthropic does not use API inputs to train their models.
- Human escalation: If you request human support or the AI determines it cannot assist, your conversation (including messages and any contact info) may be forwarded to our support team via Telegram for response.
- Email enrichment: If you provide an email address, we may look up publicly available business information (company name, job title) to improve support quality.
- Conversation summaries: AI-generated summaries of conversations may be created for support team review and quality assurance.
- Conversion tracking: If you later create an account, we may link your prior anonymous chat conversations to your account for continuity.
12.3 Data Protection Measures
- PII redaction: Credit card numbers and social security numbers are automatically detected and redacted from messages before storage.
- Input sanitization: Messages are sanitized to remove potentially malicious content before processing.
- Output validation: AI responses are validated to prevent disclosure of internal system information.
- Rate limiting: Message frequency is limited to prevent abuse.
- Bot detection: Automated behavioral checks help prevent bot abuse of the chat system.
- Session security: Conversations are protected by cryptographically signed session tokens.
12.4 Retention & Deletion
- Conversations with no activity for 24 hours are automatically closed.
- Anonymous conversations (where no email or account is linked) are automatically deleted after 90 days.
- For identified conversations (where an email was provided), personally identifiable information (name, email, phone) is scrubbed after 90 days, while the conversation content is retained for up to 1 year for support quality purposes.
- You may request deletion of your chat data at any time by contacting privacy@marketchamp.ai.
12.5 Your Rights
- You can end a chat conversation at any time using the "End chat" button.
- You are not required to provide any personal information to use the chatbot.
- You may request access to, correction of, or deletion of your chat conversation data.
- Clearing your browser's localStorage will generate a new visitor identifier, effectively starting fresh.
13. Contact
For privacy-related inquiries, contact us at privacy@marketchamp.ai