Marketing Brain

Privacy Policy

Last updated: May 11, 2026

This policy explains, in plain language, what Marketing Brain (“the app”, “we”) collects about you, why we collect it, and what we do with it. It applies to the small-business owners who use Marketing Brain to plan and draft social media posts for their own businesses.

It is short on purpose. If a question isn't answered here, email [PRIVACY_CONTACT_EMAIL] and we will give you a straight answer.

Who we are

Marketing Brain is operated by [OPERATOR_LEGAL_NAME]. We are the controller of the personal information described below.

What we collect

When you create an account and use the app, we store:

• Your email address. Required for sign-in (we use one-tap email links and 6-digit codes — no passwords).
• Sign-in challenges. A short-lived database row holding the hashed (sha256) one-tap link token and the hashed 6-digit code. Raw codes are never written to our database. Codes expire after 5 minutes, links after 10.
• Your sessions. When you sign in we set a session cookie (mb_session, HTTPS-only, HttpOnly, SameSite=Lax) that lasts 7 days, or 30 days if you check Trust this device.
• Your business profile. Anything you type into setup: business name, type (tavern + dog park / craftsman / web consulting), tagline, description, city/region/country, and your brand voice notes (adjective list, signature phrases, phrases to avoid).
• Your post prompts and the drafts we generate. The free-form prompt you type (“live music Friday at 8”), plus the per-platform captions, hashtags, and suggestions our agents produce.
• Images you upload. JPEG / PNG / WebP / GIF up to 4 MB. In the current release, image bytes are embedded as base64 inside the database row (we plan to move this to dedicated object storage before public launch).
• Limited operational logs. Token-count metrics for the language model, API response timings, and error messages. We do not log the contents of your prompts or drafts in normal operation; an error message may include them.

We do not collect: passwords (there are none), payment info (we don't take payments yet), street addresses, phone numbers, browser fingerprints, or analytics.

How we use it

• To run your account. Sign you in, keep you signed in, show you only your own businesses and posts.
• To generate the posts you ask for. Your prompt, the local context, and your business profile are sent to Anthropic's Claude API. Anthropic processes the request and returns the draft we show you.
• To make the app faster and cheaper. We cache certain LLM results: a 24-hour cache of generic local-context summaries keyed to your town (shared anonymously across users in that town) and a per-business cache of brand-voice rewrites keyed by a hash of the draft text. Both are cleared automatically when relevant.
• To send you the sign-in email. Your address is handed to Resend at send time so the email reaches your inbox.
• For future scheduled publishing. Once scheduled publishing ships, the same data plus your scheduled times will be used to post on your behalf. We will update this policy and notify you before that goes live.

We do not sell or rent your information to anyone. We do not show ads. We do not use your prompts to train any model.

Who else processes your data

We use a small set of sub-processors:

• Vercel (privacy policy) — hosts the app and runs our server functions. Vercel sees all HTTP traffic and keeps function logs for a short retention window that we don't control.
• Neon (privacy policy) — operates the Postgres database that holds everything in What we collect above.
• Anthropic (privacy policy) — runs the Claude language model. Each call sends your business profile, the post prompt, and intermediate drafts. To keep latency and cost low, we use Anthropic's prompt cache, which means your business profile is held in Anthropic's server-side cache for roughly five minutes per session of activity. Per Anthropic's API data-use policy, your content is not used to train Anthropic's models.
• Resend (privacy policy) — delivers your sign-in email. Resend sees your email address and the body of the sign-in message (the one-tap link and the 6-digit code).
• GitHub (privacy policy) — hosts our source code. GitHub does not see any of your user data.

We do not currently use Vercel Blob, any analytics product, any error-tracking product, or any session-replay product.

How long we keep it

• Account data (users, businesses, posts, media): for as long as your account exists. When you delete your account everything is removed in a single cascading delete.
• Sessions: 7 days, or 30 days if you trusted the device.
• Sign-in challenges: codes expire in 5 minutes, links in 10. The database row is kept after expiry — we have not yet automated cleanup of those rows; they are inert (their hashes can't be used to sign in) but still contain the email address that requested the sign-in. This is a known gap we will close in a later release.
• Local-context cache: 24 hours, then stale and ignored.
• Brand-voice cache: cleared whenever you edit your business profile; otherwise kept until you delete the business.
• Server logs at Vercel: retained per Vercel's own policy. These logs may contain your email address (on sign-in attempts) and your prompt text (on errors) for that retention window. We don't control that retention.

Security

Honest summary of what's in place today:

• HTTPS only.
• Sessions are HttpOnly cookies with SameSite=Lax and the Secure flag in production.
• Sign-in codes and link tokens are stored as sha256 hashes and compared in constant time.
• Random tokens use Node's crypto.randomBytes / randomInt.
• Server-side role checks gate admin endpoints.
• Sign-up is invite-only at the moment.
• Standard HTTP security headers (X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: camera=(), microphone=(), geolocation=()).

We do not currently have: rate limiting on the sign-in endpoint, CSRF tokens (we rely on SameSite=Lax), an admin audit log, two-factor authentication, encryption at rest beyond what Neon provides, or any third-party security certifications (SOC 2, ISO 27001, etc.). We are pre-launch and have not earned any of those.

Your rights and choices

• Delete your account at any time. From the app home (/app), tap Delete account. The deletion is immediate and cascading — your user record, businesses, posts, drafts, media assets, and brand-voice cache are all removed from our database in one transaction. Generic per-town local-context cache rows do not contain personal data and remain.
• Ask for a copy of your data. We have not yet automated this. Until we do, email [PRIVACY_CONTACT_EMAIL] and we will manually export your account data within a reasonable window.
• Ask us to correct anything that's wrong. Most fields are editable in the app (business profile and post drafts). For anything that isn't, email us.
• Ask questions or complain. Same email.

After you delete your account, residual log lines containing your email may persist at Vercel for that platform's retention window. We don't control that and can't remove them on demand.

Cookies

We use exactly one cookie: mb_session. It is the opaque ID of your server-side session row. We need it to keep you signed in. It's HttpOnly (not readable by JavaScript), Secure in production, SameSite=Lax, and expires when your session does.

We do not use tracking cookies, ad cookies, or any third-party cookies.

Children

Marketing Brain is for adults running small businesses. We don't intentionally collect any information from anyone under 16. If you are under 16, please don't use the app. If you believe a child has created an account, email us and we will delete it.

Where data is stored

Everything we control lives in the United States: app servers and function logs at Vercel's iad1 (US East) region, and the Postgres database at Neon in the same region the project is bound to. Anthropic and Resend are also US-hosted at the time of writing.

Changes to this policy

When this policy changes we will update the Last updated date above and, for material changes, send a heads-up to the email on your account before the change takes effect.

Contact

Questions, data requests, or complaints: [PRIVACY_CONTACT_EMAIL]

Operator legal entity: [OPERATOR_LEGAL_NAME]

← Back to home