Who we are
Marketgent (“Marketgent”, “we”, “our”) operates the web application at marketgent.org. This policy explains what personal information we collect when you use that application and how we handle it.
For privacy questions or to exercise any of the rights described below, email privacy@marketgent.org.
Information we collect
We collect three categories of information:
- Account data. Your email address, display name, and profile picture when you sign in through Google or GitHub. We do not receive your password from those providers.
- Brand & content data. The brand profile you configure during onboarding (niche, audience, topics, timezone, approver contact) and every draft the agent generates, edits, schedules, or publishes on your behalf.
- Connected-account data. When you connect a social media account, the upstream provider issues an access token scoped to publishing on that account. We store the token, the account handle, and metadata about posts we publish (post ID, timestamps, engagement counts when the provider exposes them).
We also collect standard application logs (request paths, status codes, error stack traces) and operational telemetry needed to keep the service running. We do not run third-party advertising or behavioural-tracking scripts on the dashboard.
How we use it
We use the information above to:
- Authenticate you and keep your session secure.
- Run the agent that drafts, edits, schedules, and publishes social content on the accounts you’ve connected.
- Send transactional emails — SLA pings when a draft is waiting on your approval, failure alerts when a publish does not complete, and similar account notifications.
- Diagnose and fix bugs, monitor uptime, and improve the service.
- Comply with our legal obligations and enforce our terms.
Third-party processors
We rely on the following vendors to run the service. Each is bound by a data processing agreement and processes data only under our instructions.
- Supabase — database, authentication, file storage. Data region: US.
- Vercel — web application hosting and serverless runtime.
- Resend — transactional email delivery.
- Third-party AI providers — we send brand context and draft prompts to one or more large-language-model providers to generate content. We do not send your social-account access tokens or any user-identifying fields beyond what is necessary to label the request.
- Social platforms you connect — X, LinkedIn, YouTube, Instagram, Threads, and similar. When you connect an account, your data flows through their APIs subject to their respective policies.
Data retention
Account, brand, and content data persists for as long as your account is active. When you delete a brand we remove its rows within thirty days. When you delete your account we remove all associated rows within thirty days, except where we are legally required to retain them (for example, payment records for tax purposes).
Application logs are retained for ninety days unless they are relevant to an open security incident.
Your rights
You can:
- Access — ask us for a copy of the personal data we hold about you.
- Correct — update any inaccurate field directly in settings, or ask us to do it for you.
- Delete — remove individual brands from the dashboard at any time, or email us to delete your entire account.
- Object or restrict — ask us to stop processing your data for a specific purpose. Some purposes (account security, fraud prevention) are mandatory for us to operate the service.
- Portability — request your brand and content data in a machine-readable format.
- Withdraw consent — disconnect any social account at any time. Revoking a token at the source platform also works.
We respond to verified requests within thirty days. If you think we’re mishandling your data, you have the right to lodge a complaint with your local data protection authority.
Security
We encrypt data in transit (TLS 1.2+) and at rest. Connected social-account tokens are stored encrypted; only the agent runtime has the keys to decrypt them on demand. Access to production systems is limited to engineers with on-call duties and is logged.
No system is perfectly secure. If you become aware of a vulnerability or suspect unauthorised activity on your account, email privacy@marketgent.org.
International transfers
Our servers and most processors are located in the United States. If you access the service from outside the US, you consent to your data being transferred to and processed in the US under standard contractual clauses where applicable.
Children
Marketgent is not intended for use by children under sixteen. We do not knowingly collect data from children. If you believe a child has provided us with personal information, email us and we will delete it.
Contact
For any privacy question or request, email privacy@marketgent.org.