Data Protection & Security
See how your business data is protected.
No AI Training Use
Your data is not used for AI model training (in compliance with OpenAI API and Google Gemini API policies)
Frequently Asked Security Questions
Is my data used for AI model training?
No. Data you upload or enter is used solely for content generation via the OpenAI and Google Gemini APIs. Both services explicitly state that data transmitted through their APIs is not used for AI model training — unlike their consumer-facing products such as ChatGPT or the Gemini app.
Can OpenAI/Google see my data?
When an API request is made for service delivery, the respective provider's systems process the data. OpenAI retains API data for a default of 30 days before deletion, during which it is accessible only for security monitoring purposes. Google Gemini API applies a similar policy.
Is my data kept separate from other companies' data?
Yes, completely isolated. All data is separated by workspace, and Row Level Security (RLS) policies are applied at the database level, preventing access to data belonging to other workspaces.
Can the service operator (development team) view my content?
Not through normal means. The administrative tools expose only operational statistics — even the highest-level operator cannot access members' actual content or Knowledge Base data through them. System-level access is used only in unavoidable circumstances such as critical bug recovery, security incident response, or legal compliance, and any such access is recorded in an audit log with the reason and scope documented.
Is confidential business information uploaded to the Knowledge Base safe?
Uploaded data is stored in encrypted form on Supabase (SOC 2 Type II certified data centers). Your Knowledge Base data is accessible only within your workspace and is used solely for AI content generation purposes. It is never sold or shared with third parties.
Security Measures in Place
Data Encryption
Stored data is encrypted with AES-256; transmitted data is encrypted with TLS 1.2+
Workspace Isolation
Row Level Security (RLS) at the database level ensures complete isolation between workspaces
No AI Training Use
Your data is not used for AI model training (in compliance with OpenAI API and Google Gemini API policies)
Access Log Management
Service access and operator access history are retained in logs for root cause analysis in the event of security incidents
Authentication Security
Session management via Supabase Auth, OAuth 2.0 standard authentication, automatic token invalidation upon expiry
Industry-Standard Security Practices
Marketing Studios AI follows data protection practices widely adopted across the SaaS industry. The policies below represent the standards commonly applied by leading AI SaaS services such as Jasper, Notion, and HubSpot.
API-Based AI Processing = No Training Data Use
Leading AI SaaS platforms such as Jasper, Copy.ai, and Notion AI use APIs provided by OpenAI and Google. Data processed via API channels — unlike consumer apps such as ChatGPT and the Gemini app — is not used for AI model training. This is the industry standard.
Transparent Operator Access Policy
Slack, Notion, HubSpot, and others explicitly state in their terms of service that operators may access data based on a 'business necessity' principle. Full Zero Access is not practically viable since it would make customer support and bug fixes impossible. Instead, these companies ensure transparency through access log retention and employee NDAs.
Data Isolation and Tenant Security
Row Level Security, workspace isolation, and authentication-based access control are industry-standard security architectures for multi-tenant SaaS platforms. Marketing Studios AI implements this through Supabase's RLS.
Security Inquiries
For questions about data protection, security, or privacy, please contact us at:
Email: support@marketingstudios.ai