Marketing Campaign System
Deploy your campaign

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy explains how Marketing Campaign System, Inc. (“Marketing Campaign System,” “we,” “us”) collects, uses, shares, and protects personal data in connection with our websites, applications, and services (the “Service”). It applies to visitors of our marketing site, registered users, and end users of our customers’ campaigns to the extent we process their personal data on our customers’ behalf.

1. Personal Data We Collect

1.1 Information You Provide

  • Account data: name, email, password hash, organization, role.
  • Billing data: billing address, tax IDs, last four digits of card, purchase history. Full payment-card data is collected and stored by our payment processor (Stripe), not by us.
  • KYC data: identity verification information you submit for fraud and regulatory compliance, processed by Stripe Identity on our behalf.
  • Customer Content: ad creatives, copy, audiences, brand assets, and configuration you upload or generate.
  • Support data: messages, attachments, and metadata you send when contacting us.

1.2 Information from Third-Party Platforms

When you connect Google Ads, Meta, TikTok, LinkedIn, or other ad platforms, we receive OAuth access tokens (encrypted at rest) and the campaign, performance, audience, and billing data necessary to operate the Service on your behalf. We do not access your personal social-media activity beyond what each platform’s ad APIs require.

1.3 Information Collected Automatically

  • Usage data: pages viewed, features used, requests made, error events.
  • Device data: IP address, browser type, operating system, language, referrer.
  • Cookies and similar technologies: see our Cookie Policy.

2. How We Use Personal Data

  • To provide, operate, and improve the Service.
  • To authenticate users, prevent fraud, and enforce our terms.
  • To process payments and manage your ad-spend wallet.
  • To communicate with you about the Service, security alerts, and product updates.
  • To provide customer support.
  • To send marketing communications (only with your consent or as permitted by law — you can opt out at any time).
  • To comply with legal obligations and respond to lawful requests.

We do not sell personal data. We do not use your campaigns or connected ad-account data to train foundation AI models.

3. Legal Bases (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process personal data under the following legal bases:

  • Contract: to provide the Service you have requested.
  • Legitimate interests: to secure the Service, prevent fraud, and improve the product. We balance these interests against your rights.
  • Consent: for non-essential cookies and marketing email; you may withdraw consent at any time.
  • Legal obligation: to comply with tax, anti-money-laundering, and other laws.

4. Sharing of Personal Data

We share personal data only as described below.

  • Sub-processors: vendors who process data on our behalf (e.g., cloud hosting, payment processing, AI providers, analytics, error monitoring). See our Sub-processors list.
  • Ad platforms: we send campaign and creative data to the platforms you connect, on your instruction.
  • Legal & safety: when required by law, court order, or to protect rights, safety, or the integrity of the Service.
  • Corporate transactions: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

5. International Data Transfers

Personal data may be processed in the United States and other countries where we or our sub-processors operate. Where we transfer personal data out of the EEA, UK, or Switzerland to a country without an adequacy decision, we use Standard Contractual Clauses or another lawful transfer mechanism.

6. Data Retention

We retain personal data for as long as needed to provide the Service and to meet legal, accounting, or reporting requirements. Account and billing records are retained for at least seven (7) years after account closure to comply with tax and financial regulations. Customer Content is deleted within 30 days of account termination, subject to backup rotation cycles.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (right to erasure).
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, email privacy@marketingcampaignsystem.com. We respond within 30 days. Where we process data on behalf of a customer (a controller), we will route your request to that customer.

7.1 California Residents (CCPA/CPRA)

California residents have the right to know what categories of personal information we collect, the purposes, and the categories of recipients; to request deletion or correction; and to opt out of any “sale” or “sharing” of personal information. We do not sell personal information.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including TLS in transit, AES-GCM encryption at rest for OAuth tokens and secrets, role-based access controls, audit logging, and continuous monitoring. No system is perfectly secure; report suspected vulnerabilities to security@marketingcampaignsystem.com.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-product notice. The “Last updated” date at the top reflects the latest revision.

11. Contact

Marketing Campaign System, Inc.
Privacy: privacy@marketingcampaignsystem.com
Security: security@marketingcampaignsystem.com

Working draft · Reviewed by counsel before any production deployment.