Privacy Policy

Introduction

This Privacy Policy explains how Gemoniq ("we", "our", or "the Platform") collects, uses, stores, and protects your data when you use our platform to manage marketing campaigns and access data from Meta Ads, LinkedIn, and Google Analytics via AI-powered tools.

Data We Collect

Platform Data (Meta, LinkedIn, Google Analytics)

When you connect your accounts, we may collect:

• Facebook Profile Information: Including your name, email address, and Facebook ID, used solely for authentication and identification purposes.
• Meta Ads: Ad account ID, campaign data, performance metrics (impressions, clicks, spend, conversions). We do not request permissions beyond what is necessary for our functionality.
• LinkedIn: Profile information (name, email, profile picture), LinkedIn profile ID, organization associations. Used to identify connected accounts and enable content publishing (with your explicit consent).
• Google Analytics: Property ID, website traffic metrics (sessions, users, page views), conversion data, traffic sources. We use read-only API access and do not collect personally identifiable information of your website visitors.

What we don't collect:

• Your passwords or login credentials
• Private messages or personal content unrelated to marketing
• Access tokens are stored securely and only used server-side to fetch data—we never share them with LLM providers

Account and Usage Data

When you create an account, we collect:

• Email address, name, styling preferences, and authentication identifiers (via Supabase Auth and Google Sign-In)
• Basic profile/company information you provide
• Billing details (processed securely by Stripe)
• IP address, browser type, device identifiers for security and analytics
• UI interaction events for product improvement (via PostHog and Vercel Analytics)

AI-Generated Content Data

When you use AI features:

• Prompts and messages you send to AI features
• Images you upload for content generation or analysis
• Brand assets and context you provide for content creation

Note: This content is processed by LLM providers to generate responses. We do not share access tokens or platform data (Meta, LinkedIn, GA) with LLM providers.

How We Use Your Data

• To authenticate you and manage your account
• To securely access your Meta Ads, LinkedIn, and Google Analytics accounts via their APIs
• To provide insights, reports, and recommendations based on your marketing data
• To enable AI agents to analyze, suggest, or automate marketing operations
• To allow content publishing to LinkedIn (only when you explicitly request it)
• To improve our system performance and reliability
• To respond to support requests and comply with legal obligations

Your data is never sold, shared with third parties for marketing purposes, or used beyond the described scope.

Data Sharing

We only share your data with:

LLM providers

We share your user-generated content (prompts, messages, images) with LLM providers for processing. We do NOT share:

• Access tokens from Meta, LinkedIn, or Google Analytics
• API credentials
• Platform data from your connected accounts

Access tokens stay server-side and are only used to fetch data from platform APIs.

Service Providers

We use trusted service providers to operate the platform:

• Supabase: Authentication and database (EU/EEA)
• Vercel: Application hosting and analytics (EU/EEA)
• Stripe: Payment processing (PCI-DSS compliant)
• PostHog: Product analytics (EU/EEA)
• LLM providers: AI processing (may include non-EU regions; covered by Standard Contractual Clauses where applicable)

• All data sharing is done securely using encrypted connections
• Service providers are contractually required to protect your data
• We do not sell your data or share it with advertising networks or data brokers

Data Storage and Security

• We store access tokens and user metadata securely using industry-standard encryption and access controls
• Your platform data (Meta, LinkedIn, Google Analytics) may be cached temporarily for performance but is not stored long-term without your explicit consent
• Platform data is retained while your account is active and deleted when you disconnect integrations
• Access logs are anonymized and retained for 30-90 days for security and troubleshooting
• AI processing logs may be retained for up to 30 days for quality assurance
• Backups may persist for up to 35 days before being purged
• All data is primarily stored in the EU/EEA (Stockholm, Sweden)

Your Rights and Data Deletion

You have the right to:

• Revoke platform permissions at any time via your account settings (Meta, LinkedIn, Google Analytics)
• Request deletion of your data stored by us
• Request details about the data we have collected or processed
• Access, correct, or restrict processing of your data
• Request data portability
• Withdraw consent where applicable

To exercise these rights, contact us at founders@gemoniq.com. We respond within 30 days or as required by law.

Children's Privacy

The Platform is not intended for children under 13 (or the age required by local law). We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

Third-Party Services

Our platform connects to third-party services including Meta, LinkedIn, Google Analytics, OpenAI, Anthropic, and others. We do not control these services and are not responsible for their privacy practices. Please refer to their respective privacy policies.

• Meta Privacy Policy
• LinkedIn Privacy Policy
• Google Analytics Privacy Policy

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted here, and we encourage you to review it regularly. If significant changes are made, we will notify users via in-app messaging or email.

International Data Transfers

Your data is primarily processed in the EU/EEA (Stockholm, Sweden).

When data is transferred outside the EEA (e.g., to LLM providers in the US), we:

• Use European Commission-approved Standard Contractual Clauses (SCCs)
• Ensure providers have Data Processing Addenda (DPAs) that comply with GDPR principles
• Limit transfers to the minimum necessary
• Assess partner protections regularly

Contact us

For any questions or concerns regarding this Privacy Policy, please contact us at: