Privacy Policy

Your privacy matters to us

Last Updated: April 30, 2026

The Marketing Department ("we," "us," or "our") operates the website themarketingdept.ai and the related software-as-a-service platform that helps users plan, generate, publish, and monitor advertising campaigns on Meta platforms (Facebook and Instagram). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

1. Information We Collect

1.1 Information you provide directly

  • Account information: name, email address, password (stored as a one-way hash), and optional phone number.
  • Business information: business name, industry, website URL, target audience, geographic markets, and other inputs you provide in our campaign-building tools.
  • Campaign content: ad copy, headlines, primary text, landing page URLs, uploaded images and videos, and creative assets you generate inside the platform.
  • Payment information: billing details processed securely by our payment processor. We do not store full payment card numbers on our servers.
  • Communications: messages you send us through support, contact forms, or email.

1.2 Information we collect automatically

  • Usage data: pages visited, features used, actions taken inside the platform, timestamps, and similar diagnostic information.
  • Device and connection data: IP address, browser type, operating system, device identifiers, and referral URLs.
  • Cookies and similar technologies: see Section 8 below.

1.3 Information we receive from Meta when you connect your Meta account

If you choose to connect your Meta (Facebook) account to our platform, we receive the following from Meta on your behalf, only with your explicit consent during the OAuth login flow:

  • Meta profile basics: your Meta user ID, name, and email address associated with your Meta account.
  • Facebook Pages you manage: Page ID, Page name, Page category, and access tokens needed to publish ads on the Page's behalf.
  • Instagram Business / Creator accounts linked to those Pages: Instagram account ID and username.
  • Ad accounts you have access to: ad account ID, account name, currency, time zone, and your role on the account.
  • Meta Pixels and conversion events: pixel IDs, pixel names, configured custom and standard events.
  • Existing ad campaigns and their structure: campaign objectives, ad set targeting, ad creatives, copy, headlines, and budgets — used so the platform can analyze your historical performance and surface what is working.
  • Advertising performance insights: impressions, reach, clicks, click-through rate, spend, conversions, cost per result, ROAS, and similar metrics for the ads in your connected ad accounts.
  • OAuth access tokens: long-lived tokens that allow us to make API calls to Meta on your behalf. Tokens are stored encrypted and are never shared with anyone.

We only request the Meta permissions we actually need to operate the features you use. As of the date of this policy, the permissions and what each one allows us to do are:

  • email, public_profile — read your basic Meta profile (name, email, Meta user ID) so we can sign you in.
  • pages_show_list — list the Facebook Pages you manage so you can pick one to advertise from.
  • pages_read_engagement — read basic Page metadata (Page ID, name, category) for the Page you select.
  • instagram_basic — read the Instagram Business / Creator account linked to your selected Page so you can advertise on Instagram.
  • ads_management — create, edit, pause, and archive ad campaigns, ad sets, and ads on the ad account you select.
  • ads_read — read your existing campaigns, ad sets, ads, creatives, and historical performance so we can show you what is working and surface "proven winners."
  • business_management — list the Meta Business accounts and ad accounts you have access to so you can pick which one to use.

If we add a new Meta feature in the future that requires an additional permission, we will update this policy at the same time we ask Meta to approve the new permission and before we use it.

2. How We Use Your Information

We use the information described above to:

  • Provide, operate, maintain, and improve the platform and its features.
  • Authenticate you and keep your account secure.
  • Generate ad strategy, audience targeting recommendations, ad copy, and creative assets using AI tools, based on the inputs you provide.
  • Allow you to select Facebook Pages, Instagram accounts, ad accounts, and Pixels to use within the platform.
  • Pull your existing Meta campaigns, ad sets, ads, and performance data so we can show you which audiences, creatives, headlines, and copy have performed best — and recommend "proven winner" reuse.
  • Publish new ad campaigns to Meta on your behalf, in a paused state, when you explicitly choose to do so.
  • Periodically refresh performance metrics for the campaigns we have published, so your dashboards stay current.
  • Detect and surface "winning ads" based on performance data so you can relaunch them with new audiences.
  • Process payments and send transactional communications about your account.
  • Provide customer support and respond to your inquiries.
  • Comply with legal obligations and enforce our Terms.

We do not use your data to train AI models that are shared with other customers. Your business inputs, campaign content, and Meta data remain associated with your account.

3. Meta Platform Integration

Our use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including the Limited Use requirements. Specifically:

  • Service-only purpose. We access Meta data only to provide the features you have explicitly enabled in your account, and for no other purpose.
  • No resale, transfer, or independent monetization. We do not sell, license, rent, or transfer Meta data to any third party for advertising, profiling, ad networks, data brokerage, or any purpose unrelated to operating the platform on your behalf.
  • No prohibited decisioning. We do not use Meta data to determine creditworthiness, eligibility for insurance, employment, housing, education, or any similar decision-making purpose.
  • No marketing or competitive datasets. We do not use Meta data to build, augment, or enhance any standalone marketing database, audience-segmentation database, lead-generation database, or competing product or dataset.
  • No model training across customers. We do not use one user's Meta data to train AI models that are shared with or applied to other customers.
  • Minimum necessary retention. We retain Meta data only for as long as necessary to provide the service to you. See Section 7 (Data Retention).
  • Easy disconnect. You can disconnect your Meta account at any time from the Integrations page inside the platform. When you disconnect, we revoke our access tokens, stop pulling new data from Meta, and delete cached Meta data within 30 days.

4. Information Sharing and Third-Party Services

We do not sell, trade, or rent your personal information. We share information only in the limited circumstances below:

  • Service providers we rely on to operate the platform:
    • Render — application and database hosting (United States).
    • Meta Platforms, Inc. — required for the Meta integration; we send the campaigns, ad sets, ads, and creatives you choose to publish.
    • Google (Gemini API) — AI generation of ad copy, strategy, and content analysis. Inputs sent to Gemini are not used by Google to train its models per the Gemini API terms.
    • Firecrawl — extracting publicly available content from websites you ask us to analyze.
    • Email and payment processors as needed to send transactional emails and process subscriptions.
  • Legal obligations: when required by applicable law, court order, or government request, or to protect our rights, property, or safety, or that of our users or others.
  • Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
  • With your consent: any other sharing is done only with your explicit permission.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including TLS encryption in transit, encryption of OAuth tokens at rest, hashed passwords, and access controls limiting employee access to user data on a need-to-know basis. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and personal information (see Section 9 below).
  • Object to or restrict certain processing of your data.
  • Receive a copy of your data in a portable format.
  • Withdraw consent for data uses that rely on your consent.
  • Disconnect your Meta account at any time inside the platform's Integrations page.

To exercise any of these rights, contact us at privacy@themarketingdept.ai. We will respond within the time required by applicable law (generally 30 days).

7. Data Retention

We retain your information only as long as necessary to provide the platform and for the purposes described in this policy:

  • Account data is retained for as long as your account is active.
  • Meta data (Pages, ad accounts, campaigns, insights, OAuth tokens) is retained only while your Meta account is connected. When you disconnect, OAuth tokens are revoked and we stop pulling new data; cached Meta data is deleted within 30 days.
  • Account deletion: when you delete your account, we remove your personal information from our active databases immediately. Cached Meta data and OAuth tokens are deleted within 30 days as required by Meta's Platform Terms. Limited records may be retained where we are required to do so for legal, accounting, or fraud-prevention purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in to your account (essential session cookies).
  • Remember preferences such as display settings.
  • Measure how visitors use the marketing site (analytics cookies, including Google Tag Manager).

You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable essential cookies, parts of the platform will not function.

9. Data Deletion Requests

You can request deletion of your personal information at any time using any of the methods below.

9.1 Delete from inside the platform

Sign in and go to Settings → Danger Zone → Delete Account. After confirming, we immediately remove from our active databases your account login, all of your campaigns (including drafts and generated images and videos), all cached Meta Ads data and Meta OAuth tokens, your credit and revenue history, and any team invites you have sent. Cached Meta data on connected systems is deleted within 30 days as required by Meta's Platform Terms.

9.2 Delete by email

Send a deletion request to privacy@themarketingdept.ai from the email address on your account. We will confirm receipt and complete deletion within 30 days.

9.3 Disconnect Meta only (keep your account)

If you want to keep your account but stop us from accessing Meta, go to the Integrations page in the platform and click Disconnect. We will revoke your Meta OAuth access tokens immediately, stop pulling new data, and delete the Meta data we have cached for you within 30 days. Your other account data remains.

9.4 Meta-initiated data deletion (Data Deletion Callback)

If you remove our app from your Meta account or revoke its permissions through Meta's Settings, Meta sends our app a signed deletion request through its Data Deletion Callback mechanism. When we receive this notification we:

  1. Identify the user account associated with the Meta user ID Meta sent us.
  2. Begin deleting the Meta data, OAuth tokens, and Meta-derived insights we hold for that user.
  3. Complete deletion within 30 days, in line with Meta's Platform Terms.
  4. Return a confirmation URL and a unique confirmation code to Meta so the deletion can be tracked.

You can also initiate this flow yourself or check on a deletion request by visiting our public data-deletion page at themarketingdept.ai/data-deletion. On that page you can:

  • Submit a manual deletion request by entering the email address on your account.
  • Look up the status of an existing deletion request using the confirmation code returned by Meta or by us.

We comply with all valid Meta data-deletion notifications received through the Data Deletion Callback within the 30-day window required by the Meta Platform Terms.

10. Children's Privacy

The platform is not directed to children under the age of 13 (or 16 in jurisdictions where that is the applicable age of consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. International Data Transfers

We are based in the United States and store data on servers located in the United States. If you access the platform from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the platform, you consent to that transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through the platform. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or want to file a complaint, contact us at: