Privacy Policy

m8tes, Inc. ("m8tes," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our autonomous AI marketing assistant platform (the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information that you provide directly to us:

• Account Information: Email address, name, phone number (optional), and password when you create an account
• Agent Configuration: Agent names, roles, instructions, goals, and preferences you set for your autonomous teammates
• Task and Conversation Data: Instructions, queries, messages, and content you submit to our Service, including the AI-generated responses
• Integration Credentials: When you connect third-party services (such as advertising platforms), we collect and securely store authentication credentials
• Billing Information: Payment information is processed by our third-party payment processor and we store only transaction references and subscription status

1.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information:

• Usage Information: Request timestamps, response times, token counts, execution metrics, and task completion status
• Log Data: IP addresses, request methods, URL paths, HTTP status codes, and error messages for security and diagnostic purposes
• Cost Tracking: API usage costs and execution time for billing and analytics

2. Google User Data (When You Connect Google Integrations)

This section only applies if you choose to connect Google services (such as Google Ads or Google OAuth) to your m8tes account. If you do not connect these integrations, we do not collect any Google user data.

2.1 What Google User Data We Collect

When you actively connect Google integrations to m8tes, we collect:

• Google Account Information: Your email address, name, and profile information provided during OAuth authentication
• Google Ads Customer IDs: The customer account identifiers you authorize us to access
• Authentication Credentials: OAuth tokens (access tokens and refresh tokens) required to authenticate your requests to Google's services

Important: We do not permanently store your Google Ads campaign data, metrics, or advertising information. We provide you with a query tool (GAQL - Google Ads Query Language) that allows you to retrieve data directly from Google on demand. Query results are temporarily processed to display to you but are not saved to our databases unless you explicitly save specific information within the Service.

2.2 How We Use Google User Data

We use Google user data solely to provide you with the services you requested:

• Authentication: To verify your identity and maintain your login session via Google OAuth
• Execute Queries: To run Google Ads Query Language (GAQL) queries on your behalf and retrieve advertising data you request
• Display Results: To process and display query results, campaign performance data, and metrics within our interface
• Maintain Access: To refresh authentication tokens and maintain authorized access to your connected Google Ads accounts

We do NOT use Google user data for:

• Training artificial intelligence or machine learning models
• Targeted advertising, personalized advertising, or retargeted advertising
• Selling to data brokers or information resellers
• Determining credit-worthiness or lending purposes
• Any purpose unrelated to providing or improving m8tes functionality

2.3 How We Share, Transfer, or Disclose Google User Data

We do not sell, rent, or transfer your Google user data to third parties. We only share Google user data in the following limited circumstances:

• With Google Services: We transmit authentication credentials and query requests to Google's APIs solely to execute the services you requested (e.g., running GAQL queries against your Google Ads accounts)
• With Your Consent: If you explicitly authorize us to share data with additional third-party services you connect
• Legal Compliance: If required by law, court order, or government regulation (as described in Section 4.3)

We do not transfer or disclose Google user data to third parties for purposes other than providing you with the m8tes Service functionality you requested.

2.4 Security of Google User Data

We protect your Google user data with industry-standard security measures:

• Encryption: All Google OAuth tokens (access tokens, refresh tokens) are encrypted at rest using AES-256 encryption and transmitted over secure HTTPS connections
• Access Controls: Access to Google user data is restricted to authorized systems and personnel only
• Secure Storage: Authentication credentials are stored in encrypted database fields with strict access policies
• Token Management: We use short-lived access tokens and securely manage refresh token rotation

2.5 Retention and Deletion of Google User Data

We retain Google user data only as long as necessary:

• Authentication Credentials: Stored for as long as you maintain the Google integration connection. You may disconnect at any time through your account settings.
• Query Results: Temporarily processed for display but not permanently stored unless you explicitly save specific data
• Account Deletion: When you delete your m8tes account or disconnect the Google integration, we immediately delete all associated Google authentication credentials and any stored Google user data

You may request deletion of your Google user data at any time by emailing support@m8tes.ai or by disconnecting the Google integration in your account settings.

3. How We Use Your Information

We use the information we collect to:

• Provide and Improve the Service: Execute your tasks, run autonomous agents, and continuously improve our platform
• Process Transactions: Manage your subscription, process payments, and send billing-related communications
• Maintain Integrations: Connect to and authenticate with third-party services you authorize
• Security and Fraud Prevention: Detect, prevent, and address security incidents and fraudulent activity
• Customer Support: Respond to your questions, troubleshoot issues, and provide technical assistance
• Analytics and Development: Analyze usage patterns to improve features, develop new capabilities, and optimize performance
• Compliance: Comply with legal obligations and enforce our terms of service

4. How We Share Your Information

We may share your information with the following categories of third parties:

4.1 Service Providers

• AI Service Providers: We use artificial intelligence services to power our autonomous agents and process your tasks and conversations
• Payment Processors: To process subscription payments and manage billing
• Cloud Infrastructure: For hosting, data storage, and computing resources
• Email Service Providers: To send transactional emails such as verification and notifications
• Error Tracking Services: To monitor application health and diagnose technical issues (optional)

4.2 Third-Party Integrations

When you connect third-party services (such as advertising platforms) to your agents, we share relevant data with those services as necessary to execute your tasks. These integrations are subject to the privacy policies of those third-party services.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe such action is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect the rights and safety of our users

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: We encrypt sensitive data including authentication tokens and third-party credentials both in transit and at rest
• Secure Authentication: Passwords are hashed using industry-standard algorithms and we support OAuth 2.0 for third-party authentication
• Access Controls: We restrict access to personal information to authorized personnel only
• Monitoring: We monitor our systems for security vulnerabilities and unauthorized access

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Opt-Out: Opt out of certain data processing activities such as marketing communications

6.2 Rights for EEA/UK Users (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

• Right to Object: Object to processing of your personal information for direct marketing or legitimate interests
• Right to Restrict Processing: Request that we limit how we use your information
• Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing (GDPR): We process your personal information based on: (1) your consent; (2) performance of a contract with you; (3) compliance with legal obligations; or (4) our legitimate interests in providing and improving the Service.

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@m8tes.ai. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

7. Data Retention

We retain your information for as long as necessary to:

• Provide our Service and maintain your account
• Comply with legal obligations (e.g., tax and accounting records)
• Resolve disputes and enforce our agreements
• Improve and develop our Service

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it by law. Conversation logs and task execution history associated with your account will be deleted along with your account.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer data from the European Economic Area or United Kingdom to other countries, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your information.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Effective Date" at the top
• Sending you an email notification (for significant changes)

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EEA/UK Users: If you are located in the European Economic Area or United Kingdom, m8tes, Inc. is the data controller of your personal information.