Privacy Policy

Your privacy is fundamental. This policy describes how we collect, use and protect your information with full transparency.

Last updated: February 2026

Policy Summary

Minimal Data

We collect only what is necessary for the service

Total Security

Encryption and maximum protection

Transparency

You always know what we do

Your Rights

Total control over your data

Data Controller

Under the General Data Protection Law (LGPD - Law No. 13,709/2018), the controller of your personal data is:

MarketAutoHub Tecnologia Ltda.

CNPJ: In registration process

São Paulo, SP - Brazil

Data Protection Officer (DPO): dpo@marketautohub.com

Data Subject Service Channel:

To exercise your rights as a data subject, contact us at privacy@marketautohub.com

1. Information We Collect

Account Data

  • Name, email and password (encrypted with secure algorithm)
  • Payment information (processed directly by Stripe, PCI DSS certified — we do not store card data)
  • Configuration preferences and timezone
  • SMTP settings for sending emails (credentials encrypted at rest)

Usage and Analytics Data

  • Campaign statistics (open rates, clicks, bounces)
  • Approximate geolocation of opens and clicks for analytics (via MaxMind GeoIP)
  • System logs for monitoring, performance and security
  • Technical data (IP, browser, device) for analytics and security

Contact Data

  • Contact lists you import (emails, names, categories, tags)
  • Interaction history with your campaigns (opens, clicks)
  • Contact unsubscribe preferences

Integration Data

  • OAuth access tokens for connected social networks (Instagram, Threads, TikTok, Pinterest, Tumblr, Reddit) — securely stored
  • WordPress post data for newsletter creation
  • Stripe payment identifiers (customer and subscription ID — never card data)

2. How We Use Your Information

Service Delivery

  • Sending email marketing campaigns
  • Generating reports and dashboards
  • Tracking opens and clicks (via tracking pixel and redirect)
  • Domain monitoring (DNS, SPF, DKIM, DMARC)
  • Personalized technical support
  • Data backup and recovery

Improvements and Security

  • Deliverability and reputation optimization
  • Domain and SSL certificate monitoring
  • Fraud and spam prevention
  • Rate limiting and DDoS protection
  • System performance analysis (OpenTelemetry)

3. Legal Basis for Processing (LGPD Art. 7)

Each data processing activity has a specific legal basis under the LGPD:

ProcessingLegal BasisArticle
Account and profile dataContract executionArt. 7, V
Payment data via StripeContract execution and legal obligationArt. 7, II and V
Open and click trackingLegitimate interestArt. 7, IX
Approximate geolocationLegitimate interestArt. 7, IX
Security and monitoring logsLegitimate interest and data subject protectionArt. 7, VII and IX
Essential cookies (session)Contract executionArt. 7, V
Analytics (Facebook Pixel/CAPI)ConsentArt. 7, I
OAuth integrations (social networks)ConsentArt. 7, I
Marketing communicationsConsentArt. 7, I

4. Data Sharing

Fundamental Commitment

We NEVER sell, rent or share your personal data with third parties for commercial purposes. This is our absolute guarantee.

Limited Sharing

Stripe (Payments): Secure payment processing. PCI DSS certified. Card data is managed exclusively by Stripe and never passes through our servers.
Facebook (Analytics): When consent is given via cookie banner, we share anonymized data (SHA-256 email hash, IP, user agent, approximate geolocation) via Facebook Pixel (client-side) and Conversions API (server-side) for advertising campaign optimization.
Infrastructure Providers: AWS and technical partners for hosting and service operation, with confidentiality contracts and DPA (Data Processing Agreement).
Legal Requests: Only when required by law, valid court order or request from the National Data Protection Authority (ANPD).
Business Transfer: In case of merger, acquisition or asset sale, with 30 days prior notice to all users.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

Essential Cookies (Always Active)

  • Session cookie for authentication (JWT)
  • Language preference
  • CSRF tokens for security

Analytics Cookies (Requires Consent)

  • Facebook Pixel — conversion tracking and advertising campaign optimization
  • Browsing data for service improvement

You can manage your cookie preferences at any time through the cookie banner or in your browser settings. Refusing non-essential cookies does not affect the main functionality of the service.

6. Email Tracking

To provide analytics for your campaigns, we use the following technologies:

Open Pixel:

An invisible image (1x1 pixel) inserted in sent emails to track when the email is opened. Collects: time of opening, IP and approximate geolocation (city/state/country via MaxMind GeoIP).

Click Redirect:

Links in emails are redirected through our server to track clicks. Collects: time of click, accessed URL, IP and approximate geolocation.

This data is presented in aggregate form on analytics dashboards. Your email contacts can unsubscribe at any time via the mandatory unsubscribe link.

7. Your Rights (LGPD)

Access

Request confirmation and access to all data we have about you

Correction

Correct incorrect, incomplete or outdated personal data

Deletion

Request elimination of your personal data (anonymization or deletion)

Portability

Export your data in readable and structured format (CSV/JSON)

Revocation

Revoke previously given consent at any time

Information

Be informed about entities with whom we share your data

Opposition

Oppose processing based on legitimate interest, if applicable

How to exercise your rights: Contact us at privacy@marketautohub.com or through our help center. We will respond within 15 business days, as per Art. 18 of the LGPD.

8. International Data Transfer

Some of our partners operate in other countries. We ensure that all international data transfers are carried out with adequate protections:

ProviderCountryPurposeProtection
StripeUnited StatesPayment processingPCI DSS certification, standard contractual clauses
AWSUnited States/BrazilHosting and infrastructureStandard contractual clauses, SOC 2 and ISO 27001 certifications
Facebook/MetaUnited StatesAnalytics (Pixel/CAPI)Anonymized data (SHA-256 hash), subject to consent

9. Data Retention

We store your data for the time necessary to fulfill the purposes for which it was collected:

Data TypeRetention Period
Account dataDuring account validity + 30 days after deletion
Payment data (Stripe IDs)During subscription validity + 5 years (tax obligation)
Campaign logs and analyticsUp to 2 years after sending
Contact listsDuring account validity (exportable before deletion)
OAuth tokensUntil revocation by user or token expiration
Security logsUp to 1 year
BackupsUp to 30 days (automatic rotation)

10. Security Incidents

In compliance with Art. 48 of the LGPD, in case of a security incident that may cause relevant risk or damage to data subjects:

  • We will notify the ANPD (National Data Protection Authority) within 72 hours after incident confirmation
  • We will communicate affected data subjects by email within a reasonable timeframe, describing the nature of affected data and measures taken
  • We will adopt immediate containment and remediation measures to minimize impacts
  • We will publish a transparent statement if the incident affects a significant number of data subjects

Privacy Questions?

Our privacy team is always available to clarify any questions about how we protect your data.

privacidade@marketautohub.com
Response within 24h