Privacy Policy

Last updated: 30 April 2026

What we collect

TheMarketingMachine collects only the data you provide through the app:

  • Your Algorand wallet address (used as your account identifier)
  • Brand vault information you enter (founder name, voice, pillars)
  • Content you create, generate, or refine through the platform
  • Strategy and calendar data
  • AI usage metrics (token counts per month)

We do not collect email addresses, real names, or personal identification unless you voluntarily provide them in your brand profile.

How we use your data

  • To provide the marketing command center service
  • To generate AI-powered content using your brand voice and context
  • To enforce usage limits and prevent abuse

We do not sell, rent, or share your data with third parties for marketing purposes.

Third-party services

  • Anthropic (Claude AI) — your content briefs and brand context are sent to Anthropic's API to generate and refine content. Anthropic's data retention policies apply.
  • Supabase — hosts our database. Data is stored in the EU (eu-west-1).
  • Algorand — wallet authentication, plus optional proof-of-post anchoring. See the dedicated section below for the full data flow.

Algorand blockchain — proof-of-post anchoring (opt-in)

When you publish a post with the "Verify on Algorand" option enabled, two pieces of pseudonymous data are written to the public Algorand ledger:

  • Your Algorand wallet address (the same one you use to sign in)
  • A SHA-256 cryptographic hash of <post body> | <platform URL> | <platform post ID>

The post content itself is NOT written to the chain — only its irreversible hash. The hash lets anyone with the original post verify a match; it does not let anyone recover the post from the chain.

Permanence: data on a public blockchain is permanent and cannot be deleted. We disclose this at the consent moment so you can choose per post whether to anchor or publish without proof.

Lawful basis (UK/EU GDPR Art. 6): explicit consent (Art. 6(1)(a)), given separately for each post via the in-app toggle and the wallet-side transaction signature. You can publish without anchoring at any time.

What happens when you delete your account: we permanently remove the wallet → identity link from our database within 24 hours. The pseudonymous record on the Algorand ledger remains, but with no off-chain context tying it to you. This approach is known as cryptographic erasure and is consistent with EU regulator guidance (CNIL 2018, EDPB blockchain guidelines) on Article 17 compliance for immutable ledgers.

Cross-border transfer: Algorand is a globally distributed public ledger. By signing a proof transaction, you authorise the transfer of the wallet address + hash to nodes worldwide. No further personal data is transferred.

Your rights

You can exercise the following rights at any time:

  • Export — download all your data via the API endpoint /api/auth/me/export
  • Delete — permanently delete your account and all associated data via /api/auth/me (DELETE)
  • Disconnect — disconnect your wallet at any time to end your session

Data retention

Your data is retained as long as your account exists. When you delete your account, all off-chain data is permanently removed within 24 hours. Authentication challenges expire automatically after 5 minutes.

On-chain proof-of-post records (if you opted in for any specific post) cannot be erased — see the Algorand blockchain section above for our cryptographic-erasure approach.

Contact

For privacy-related questions, contact steve@kirkelabs.com.

Back to TheMarketingMachine