MarketingStudios.AIMarketing Studios.AI

Privacy Policy

Effective Date: February 23, 2026

Google User Data Disclosure

MarketingStudios.AI uses Google OAuth for user authentication. When you sign in with Google, we collect and store the following data:

  • Name — for display in your profile
  • Email address — for account identification and communication
  • Profile picture URL — for display in your profile

How we use this data: Solely for user authentication and profile display within MarketingStudios.AI. We do not sell, share, or transfer your Google user data to third parties, except as required by law.

Data retention: Your data is retained until you delete your account. Upon account deletion, all personal data is permanently destroyed without delay.

Contact: For privacy inquiries, contact deltacyborg@gmail.com

Meta Platform Data Disclosure

MarketingStudios.AI integrates with Meta platforms (Instagram, Facebook, Threads) to enable content publishing. When you connect your accounts, we collect and store the following data:

  • Account identifiers — Page IDs, Instagram Business Account IDs, Threads User IDs
  • Account names & usernames — for display in the connected accounts list
  • Profile picture URLs — for display in the connected accounts list
  • Access tokens — OAuth tokens for publishing content on your behalf

How we use this data: Solely for publishing marketing content to your connected accounts at your explicit request. We do not access your private messages, followers lists, or personal profile data beyond what is listed above.

Data sharing: Content you choose to publish is sent to Meta's Graph API. We do not sell or share your Meta account data with any other third parties.

Data deletion: When you disconnect an account, all stored tokens and account data are immediately deleted. You can also request full data deletion by contacting deltacyborg@gmail.com

Marketing Studios AI (hereinafter "Service") has established and publicly discloses this Privacy Policy in accordance with the Personal Information Protection Act and other applicable laws, in order to protect users' personal information and to handle related grievances promptly and effectively.

Article 1 (Purpose of Processing Personal Information)

The Service processes personal information for the following purposes:

  1. Member registration and management: Identity verification for membership services, member identification, and prevention of unauthorized use
  2. Service provision: AI-based marketing content generation, brand kit management, and workspace collaboration features
  3. Service improvement: Analysis of service usage patterns, quality improvement, and development of new features
  4. SNS integration and content publishing: Integration with Members' SNS accounts (Instagram, Facebook, Threads, WordPress) and automated marketing content publishing
  5. Grievance handling: Processing user inquiries and complaints, and delivering notices

Article 2 (Personal Information Collected)

1. Email/Password Registration

  • Required: Name (nickname), email address, password

2. Social Login (Google)

  • Required: Name, email address, profile photo URL

3. Social Login (Kakao)

  • Required: Nickname, email address, profile photo URL

4. SNS Account Integration

  • Instagram: Instagram business account ID, username, profile photo URL, linked Facebook page information
  • Facebook: Page ID, page name, page access token
  • Threads: Threads user ID, username, profile photo URL
  • WordPress: Site URL, authentication token
  • Common: OAuth access token (used for content publishing), token expiration date

5. Information Automatically Collected During Service Use

  • IP address, browser type and version, access date and time, service usage history

Article 3 (Processing and Retention Period)

  1. Personal information is promptly destroyed upon member withdrawal. However, information may be retained as required by applicable laws for the specified period.
  2. Retention under the Act on the Consumer Protection in Electronic Commerce, Etc.:
    • Records of contracts or subscription withdrawal: 5 years
    • Records of payment and supply of goods: 5 years
    • Records of consumer complaints or dispute resolution: 3 years
  3. Retention under the Protection of Communications Secrets Act:
    • Login records: 3 months

Article 4 (Provision of Personal Information to Third Parties)

The Service does not, in principle, provide users' personal information to third parties. Exceptions are made in the following cases:

  1. When the user has given prior consent
  2. When required by law or upon request by investigative authorities following legally prescribed procedures
  3. When a Member integrates an SNS account and requests content publishing, the content (text, images, hashtags, etc.) is transmitted to the integrated SNS platform (Meta Platforms, WordPress, etc.)

Article 5 (Entrustment of Personal Information Processing)

The Service entrusts the processing of personal information as follows for smooth service operation:

TrusteeEntrusted TasksAI Training Use
Supabase (Functional Software, Inc.)Database hosting, user authentication processingN/A
OpenAIAI-based text content generation (captions, copywriting, etc.) / Knowledge Base refinementNot used — API data is not used for model training
Google Cloud (Google LLC)OAuth authentication, AI image generation (Gemini), vector embedding generationNot used — API data is not used for model training
Kakao (Kakao Corp.)OAuth authenticationN/A
Meta Platforms, Inc.SNS account integration (Instagram, Facebook, Threads), content publishingN/A
Automattic Inc. (WordPress)WordPress blog integration, content publishingN/A

Article 6 (Rights and Obligations of Data Subjects)

Users may exercise the following rights as data subjects:

  1. Right to access personal information
  2. Right to request correction or deletion of personal information
  3. Right to request suspension of personal information processing
  4. Right to delete personal information through account withdrawal

These rights may be exercised through the settings page within the Service or by contacting the Privacy Officer via email. We will take action without delay.

Article 7 (Cookies and Local Storage)

The Service uses cookies and browser local storage for the following purposes:

  1. Authentication tokens: Session management for maintaining login status (cookies)
  2. Theme settings: Storing the user's selected dark/light mode preference (local storage)
  3. Recent login method: Displaying the last login method used for convenience (local storage)

Users may refuse cookie storage through web browser settings; however, this may limit the use of certain Service features.

Article 8 (Destruction of Personal Information)

  1. The Service promptly destroys personal information once the retention period has expired or the purpose of processing has been fulfilled.
  2. Electronic files are permanently deleted using irrecoverable methods, and other records are shredded or incinerated.

Article 9 (Measures to Ensure Security of Personal Information)

The Service takes the following measures to ensure the security of personal information:

  1. Data encryption: Passwords are stored in encrypted form, and all communications are encrypted via SSL/TLS.
  2. Access control: Database Row Level Security (RLS) policies are applied to ensure that only authorized users can access their own data.
  3. Access log management: Service access logs are retained for analysis in the event of personal information breaches or other incidents.

Article 10 (Privacy Officer)

The Service designates a Privacy Officer as follows to oversee personal information processing and to handle user complaints and damage remediation:

Privacy Officer

Email: deltacyborg@gmail.com

Users may direct all privacy-related inquiries, complaints, and damage remediation requests arising from the use of the Service to the contact information above.

Article 11 (Changes to the Privacy Policy)

  1. This Privacy Policy is effective from the enforcement date, and any additions, deletions, or modifications due to changes in laws or policies will be announced through in-service notices at least 7 days prior to the effective date of such changes.

Article 12 (Operator Data Access Policy)

The service's administrative tools provide only operational statistics (user counts, content counts, cost summaries, etc.). Even the highest-level operator cannot access members' actual content or personal data through these tools — this is enforced by the system's architecture.

  1. Members' data is protected by database Row Level Security (RLS). Under normal circumstances, no one — including the operator — can access another member's data.
  2. System-level access (direct database access) may be used by the operator only in unavoidable circumstances, including: critical bug or data corruption recovery, data verification upon a member's direct request, security incident response, and fulfillment of legal obligations.
  3. Any such unavoidable access is recorded in an internal audit log, including the reason, timestamp, and scope of access.
  4. The Operator does not use Members' data for sales, marketing, third-party provision, or any purpose outside of service operations.

Supplementary Provisions

This Privacy Policy shall take effect on February 23, 2026.