Privacy Policy

Marketing Toolbox AI ("Marketing Toolbox AI", "we", "our", "us") operates the marketingtoolbox.ai website and the Marketing Toolbox AI platform, which includes Ad Engine, Creative Studio, and Insight AI (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you visit our website, create an account, or use any part of the Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Account & Profile Information

When you register for Marketing Toolbox AI, we collect:

• Full name, email address, and password
• Company or organization name
• Job title and role (e.g., marketer, agency owner, growth lead)
• Profile photo (optional)
• Billing address and VAT/tax identification number (for paid plans)

1.2 Connected Platform Data

When you connect third-party advertising and ecommerce accounts to the Service, we access and process data from those platforms to power Ad Engine, Creative Studio, and Insight AI:

• Advertising platforms (Meta Ads, Google Ads, TikTok Ads): Campaign structures, ad sets, ad creatives, audience definitions, spend data, impressions, clicks, conversions, ROAS, CPA, and other performance metrics
• Ecommerce platforms (Shopify, WooCommerce, BigCommerce): Product catalog data (titles, descriptions, images, prices, inventory status), order data (order IDs, revenue, customer segments), and storefront analytics
• Analytics platforms: Website traffic data, conversion funnels, and attribution data when you connect analytics integrations

We access this data only through official APIs with the permissions you explicitly grant during the OAuth connection flow. You can revoke access to any connected platform at any time from your account settings.

1.3 Content You Upload

The Service allows you to upload marketing assets for use with Creative Studio:

• Brand assets: logos, fonts, color palettes, and brand guidelines
• Product images and videos
• Existing ad creatives and copy
• UGC (user-generated content) source material

1.4 AI-Generated Content & Interactions

• Prompts, instructions, and parameters you provide to Creative Studio and Insight AI
• AI-generated outputs: ad creatives, copy, images, videos, UGC assets, and analytics reports
• Questions you ask Insight AI and the responses generated
• Campaign configurations created by Ad Engine based on your goals

1.5 Usage & Technical Data

• Device type, operating system, browser type and version
• IP address and approximate geographic location (city/region level)
• Pages visited, features used, and actions taken within the platform
• Session duration, click patterns, and navigation paths
• Error logs and performance data
• Referral source (how you found us)

1.6 Payment Information

When you subscribe to a paid plan (Growth or Enterprise), payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card number, CVV, or bank account details on our servers. We receive and store only:

• Last four digits of your card number
• Card brand and expiration date
• Billing address
• Transaction history (amounts, dates, plan type)

1.7 Communications

• Support tickets, live chat messages, and email correspondence
• Feedback, feature requests, and survey responses
• Contact form submissions from marketingtoolbox.ai/contact

2. How We Use Your Information

2.1 Providing & Operating the Service

• Connecting and syncing your advertising and ecommerce accounts
• Running AI-powered ad campaigns through Ad Engine (budget optimization, audience targeting, bid management, campaign automation)
• Generating AI creatives, UGC, videos, and ad copy through Creative Studio
• Delivering analytics, insights, and AI-powered recommendations through Insight AI
• Processing payments and managing your subscription
• Providing customer support and responding to inquiries

2.2 Improving the Service

• Analyzing usage patterns to improve features, performance, and user experience
• Identifying and fixing bugs, errors, and security vulnerabilities
• Conducting internal research and development
• Benchmarking aggregate, anonymized performance data to improve AI model accuracy (see Section 3 for details on AI training)

2.3 Communications

• Sending transactional emails (account verification, password resets, billing receipts, plan changes)
• Sending product updates, new feature announcements, and platform status notifications
• Sending marketing communications (only with your opt-in consent; you can unsubscribe at any time)

2.4 Security & Compliance

• Detecting, preventing, and responding to fraud, abuse, and security incidents
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with legal obligations, court orders, and regulatory requirements

3. AI Training & Your Data

4. How We Share Your Information

We do not sell your personal information. We never have and never will.

4.1 Service Providers

We share data with trusted third-party providers who help us operate the Service:

• Cloud infrastructure: Hosting, storage, and compute (data encrypted at rest and in transit)
• Payment processing: Stripe (for subscription billing)
• Email delivery: Transactional and marketing email providers
• Analytics: Product analytics to understand feature usage (anonymized)
• Customer support: Help desk and live chat platforms

All service providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.

4.2 Connected Platforms

When Ad Engine manages your campaigns, it sends data back to your connected advertising platforms (Meta, Google, TikTok) as necessary to create, modify, and optimize campaigns on your behalf. This is essential to the Service's functionality.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5. Data Security

6. Data Retention

• Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Closed accounts: When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, which we retain for up to 7 years).
• Connected platform data: Advertising and ecommerce data synced from third-party platforms is deleted within 30 days of disconnecting the integration or closing your account.
• AI-generated content: Creatives, reports, and other AI outputs are deleted when you delete them from your workspace or when your account is closed.
• Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently purged.

7. Your Rights & Choices

Depending on your jurisdiction (including under GDPR, CCPA/CPRA, and other applicable privacy laws), you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw consent: Where processing is based on consent, withdraw it at any time
• Non-discrimination: Exercise your rights without receiving discriminatory treatment

To exercise any of these rights, email privacy@marketingtoolbox.ai or use the data management tools in your account settings. We will respond within 30 days (or sooner where required by law).

7.1 Managing Your Connected Accounts

You can disconnect any third-party platform (Meta Ads, Google Ads, TikTok Ads, Shopify, etc.) at any time from your account settings. Disconnecting an integration stops all data syncing and triggers deletion of that platform's data within 30 days.

7.2 Marketing Communications

You can opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or updating your notification preferences in account settings. Transactional emails (billing, security alerts, service updates) are not affected by this opt-out.

8. Cookies & Tracking Technologies

8.1 Cookies We Use

• Essential cookies: Required for the Service to function (authentication, session management, security). Cannot be disabled.
• Functional cookies: Remember your preferences (theme, language, dashboard layout).
• Analytics cookies: Help us understand how you use the Service so we can improve it. These collect anonymized usage data.

8.2 Managing Cookies

You can manage cookie preferences through our cookie consent banner or your browser settings. Disabling non-essential cookies will not affect core platform functionality.

8.3 Do Not Track

We honor Do Not Track (DNT) browser signals. When DNT is enabled, we disable non-essential analytics tracking.

9. International Data Transfers

Marketing Toolbox AI is based in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Additional technical and organizational safeguards (encryption, access controls, pseudonymization)

10. Children's Privacy

The Service is designed for business use and is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@marketingtoolbox.ai.

11. Third-Party Links & Integrations

The Service contains links to third-party websites and integrates with third-party platforms (Meta, Google, TikTok, Shopify, etc.). This Privacy Policy applies only to Marketing Toolbox AI. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party service you connect to your account.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: What personal information we collect, use, disclose, and sell
• Right to delete: Request deletion of your personal information
• Right to opt out of sale: We do not sell personal information, so this right is automatically satisfied
• Right to non-discrimination: We will not discriminate against you for exercising your rights
• Right to correct: Request correction of inaccurate personal information
• Right to limit use of sensitive personal information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service

To exercise these rights, email privacy@marketingtoolbox.ai with the subject line "California Privacy Request."

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland:

• Legal basis for processing: We process your data based on (a) contractual necessity (to provide the Service), (b) legitimate interests (to improve and secure the Service), (c) consent (for marketing communications), and (d) legal obligations (tax and regulatory compliance).
• Data Protection Officer: You can reach our DPO at dpo@marketingtoolbox.ai.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service itself. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via email and/or an in-app notification at least 30 days before material changes take effect
• We will post the updated policy on this page

Continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

• Privacy inquiries: privacy@marketingtoolbox.ai
• Data Protection Officer: dpo@marketingtoolbox.ai
• General contact: marketingtoolbox.ai/contact

We aim to respond to all privacy-related inquiries within 30 days.