Metamex LLC ("Company," "we," "us," or "our") operates CampaignWeaver ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal data.
By using the Service, you agree to this Privacy Policy.
1. Scope
This policy applies to:
- Website visitors
- Trial users and customers
- Business customers and their authorized users
- Anyone interacting with CampaignWeaver
This policy does not apply to third-party services linked to or integrated with our platform, including AI model providers, cloud infrastructure providers, payment processors, or any linked websites. We are not responsible for the privacy practices of third parties. Your use of third-party services is at your own risk and subject to their privacy policies.
2. Role of the Company (Controller vs Processor)
Depending on context, we act as:
Data Controller
When you create an account, visit our site, contact us, or provide information directly to us.
Data Processor
When customers upload or process data using our platform on behalf of their own users, clients, or leads. If we process data on behalf of a customer, that customer controls how the data is used.
Enterprise customers requiring a Data Processing Agreement (DPA) for GDPR or other compliance purposes may request one at hello@campaignweaver.ai. The DPA, when executed, governs our processing of personal data on your behalf and supersedes conflicting terms in this policy.
Customer Responsibility for End-User Data
Important: When you upload personal data of third parties (e.g., your customers, leads, campaign targets, or audience data), you represent and warrant that:
- You have obtained all necessary consents and legal bases to provide such data to us
- You have authority to authorize its processing through our Service
- Your collection and use of such data complies with all applicable privacy laws
- You will respond to privacy requests from your end-users and inform us as needed
We rely on you to ensure lawful data collection. We are not responsible for verifying that you have obtained proper consent from your end-users.
3. Personal Data We Collect
A. Information You Provide
We collect information you provide directly, including:
- Name and email address
- Billing and payment details
- Company name and job title
- Account credentials
- Support communications
- Marketing preferences
Business Contact Information: Business contact information (e.g., work email, job title, company name) provided in a professional capacity may be processed for B2B marketing and relationship management under our legitimate interests, subject to your opt-out rights.
B. Customer Content & AI Inputs
When using the Service, we process:
- Marketing campaign data and briefs
- Content prompts and AI inputs
- AI-generated content and outputs
- Analytics and forecasting data
- Brand assets and guidelines
This data belongs to you. We process it solely to provide the Service and as described in this policy.
C. Automatically Collected Data
We collect technical and usage information:
- IP address and general location
- Device and browser information
- Pages viewed and actions taken
- Log files and diagnostic data
- Cookies and similar technologies (see Section 6)
D. Payment Data
Payments are processed by third-party processors (e.g., Stripe). We do not store full credit card numbers or payment credentials.
We may receive:
- Billing name and email
- Payment status and transaction IDs
- Last four digits of payment method
- Transaction metadata
E. Sensitive Data
The Service is not designed to process sensitive personal data (also known as "special category data" under GDPR), including but not limited to:
- Health or medical information
- Biometric or genetic data
- Racial or ethnic origin
- Political opinions or religious beliefs
- Sexual orientation or sex life
- Criminal history or allegations
- Financial account numbers or credentials
Do not submit sensitive data to the Service. If you do, you assume all risk and liability arising from such submission, and you agree to indemnify us for any claims related to your submission of sensitive data.
4. How We Use Personal Data
We use data to:
- Provide, operate, and maintain the Service
- Authenticate users and manage accounts
- Process payments and subscriptions
- Provide customer support
- Improve, develop, and optimize features
- Detect and prevent fraud, abuse, or security threats
- Send transactional communications (receipts, updates, alerts)
- Send marketing communications (with your consent, where required)
- Comply with legal obligations
- Enforce our Terms of Service
5. Legal Bases for Processing (GDPR)
Where GDPR applies, we rely on the following legal bases:
- Contract Performance: To provide the Service and fulfill our contractual obligations
- Legitimate Interests: Improving, securing, and operating the Service; B2B marketing; fraud prevention; analytics
- Consent: Marketing communications, non-essential cookies, and where otherwise required
- Legal Obligations: Compliance with applicable laws, regulations, and legal processes
You may withdraw consent at any time where consent is the legal basis, without affecting the lawfulness of prior processing.
6. Cookies & Tracking
We use cookies and similar technologies to:
- Maintain sessions and keep you logged in
- Remember your preferences
- Analyze usage and performance
- Improve the Service
You can control cookies via browser settings or our cookie consent mechanism. For detailed information about the cookies we use and your choices, please see our Cookie Policy.
7. How We Share Data
We do not sell personal data.
We may share data with:
Service Providers
- Cloud hosting and infrastructure providers (e.g., Vercel, Supabase)
- AI model providers (e.g., Anthropic, OpenAI)
- Analytics providers (e.g., Google Analytics)
- Email delivery services
- Payment processors (e.g., Stripe)
- Customer support tools
Service providers are contractually obligated to protect your data and may only use it to provide services to us.
Legal Requirements
We may disclose data if required by law or in good faith belief that disclosure is necessary to:
- Respond to lawful requests, subpoenas, or court orders
- Prevent fraud, abuse, or illegal activity
- Protect our rights, property, or safety
- Protect the rights, property, or safety of others
Business Transfers
Data may be transferred in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy. We will notify you of any such transfer and any choices you may have.
Sub-Processors
A current list of sub-processors is available upon request at hello@campaignweaver.ai. We will provide reasonable notice before adding new sub-processors that process personal data.
Your continued use of the Service after such notice constitutes consent to the new sub-processor. If you object to a new sub-processor, you may terminate your account before the sub-processor begins processing your data.
8. International Data Transfers
We operate from the United States.
Your data may be transferred to and processed in the U.S. and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
Where required by law, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other lawful transfer mechanisms
- Your consent to transfer
By using the Service, you consent to the transfer of your data to the United States and other countries.
9. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect personal data.
Measures include:
- Encryption in transit (TLS/HTTPS) and at rest
- Access controls and authentication
- Security monitoring and logging
- Regular system updates and patching
- Employee security training
- Vendor security assessments
No system is 100% secure, and we cannot guarantee the absolute security of your data. You acknowledge that you provide data at your own risk. We are not liable for unauthorized access, breaches, or data loss except to the extent directly caused by our gross negligence or willful misconduct.
10. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy.
General retention periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account plus 3 years |
| Billing and transaction records | 7 years (legal/tax requirements) |
| Usage logs and analytics | 12 months |
| Support communications | 3 years |
| Marketing preferences | Until consent withdrawn |
| Customer content (campaigns, assets) | Duration of account plus 90 days |
Upon account deletion request, we will delete or anonymize personal data within 90 days, except as required for legal compliance, dispute resolution, or enforcement of our agreements.
11. Your Privacy Rights
Depending on your location, you may have rights to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Restriction: Request restriction of processing
- Objection: Object to processing based on legitimate interests
- Portability: Receive your data in a portable format
- Withdraw Consent: Withdraw consent where processing is based on consent
- Complaint: Lodge a complaint with a supervisory authority
To exercise your rights, contact us at: hello@campaignweaver.ai
We will respond to verifiable privacy rights requests within the timeframes required by applicable law (e.g., 30 days under GDPR, 45 days under CCPA). Complex requests may require extensions as permitted by law. We will inform you of any extension and the reasons for it.
We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.
12. California Privacy Rights (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect and how it is used
- Request deletion of personal information
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information
- Limit the use of sensitive personal information
- Non-discrimination for exercising privacy rights
We do not sell personal information as defined by the CCPA/CPRA.
We do not share personal information for cross-context behavioral advertising.
To submit a request, contact us at hello@campaignweaver.ai. You may also designate an authorized agent to make a request on your behalf.
13. Florida Data Security & Breach Notification
We maintain reasonable safeguards to protect personal data in compliance with the Florida Information Protection Act (FIPA) and other applicable Florida laws.
In the event of a data breach affecting your personal data, we will notify affected individuals and authorities as required by applicable law. We make no commitment to notification timelines beyond those required by law.
14. Children's Privacy
The Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children under 18.
If we learn that we have collected personal data from a child under 18, we will take steps to delete such data promptly. If you believe we have collected data from a child, please contact us immediately.
15. AI-Generated Content
The Service uses artificial intelligence to generate marketing content, including text, images, and other creative assets.
Privacy Considerations for AI Outputs:
- AI-generated outputs may inadvertently reflect patterns from training data, which may include publicly available information
- We make no representations regarding the privacy compliance of AI-generated content
- AI outputs may inadvertently resemble real individuals, brands, or copyrighted material
- You are solely responsible for reviewing all AI outputs before use to ensure they do not infringe on privacy rights or other legal rights
Your prompts and inputs may be processed by third-party AI providers. We require these providers to maintain appropriate security measures, but we cannot guarantee how they process or retain data. See our Terms of Service for additional AI-related disclaimers.
16. Aggregated & Anonymized Data
We may create aggregated, anonymized, or de-identified data from personal data and usage information. This data cannot reasonably identify you or any individual.
We own such aggregated data and may use it for any lawful purpose without restriction, including but not limited to:
- Analytics and business intelligence
- Benchmarking and industry research
- Service improvement and feature development
- Marketing and promotional purposes
- Creating new products or services
This aggregated data is not subject to the restrictions in this Privacy Policy because it is not personal data.
17. Third-Party Services
The Service integrates with and relies on various third-party services. We are not responsible for the privacy practices of these third parties.
Third-party services include but are not limited to:
- AI Providers: Anthropic, OpenAI, and other AI model providers
- Cloud Infrastructure: Vercel, Supabase, AWS
- Payment Processing: Stripe
- Analytics: Google Analytics
- Authentication: Supabase Auth
Your use of these third-party services is subject to their respective privacy policies. We encourage you to review those policies.
We are not liable for any data processing, breaches, or privacy violations by third-party services.
18. Customer Indemnification
You agree to indemnify, defend, and hold harmless Metamex LLC and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:
- Your violation of this Privacy Policy
- Your violation of applicable privacy or data protection laws
- Your collection, use, or disclosure of personal data in violation of law
- Claims by your end-users, customers, leads, or third parties regarding data you uploaded, processed, or generated through the Service
- Your failure to obtain required consents or legal bases for data processing
- Your submission of sensitive data in violation of Section 3(E)
- Regulatory investigations, fines, or penalties (including GDPR, CCPA, or other privacy authority actions) resulting from your data practices
19. Limitation of Liability
Our liability for privacy-related claims is subject to the limitations set forth in our Terms of Service.
To the maximum extent permitted by applicable law, we shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from privacy-related claims, including but not limited to:
- Data breaches caused by third parties or circumstances beyond our reasonable control
- Unauthorized access resulting from your failure to secure credentials
- Loss of data due to your actions or third-party services
- Privacy violations arising from your misuse of the Service
- Regulatory fines or penalties imposed on you
Our total liability for privacy-related claims shall not exceed the amounts you paid to us in the twelve (12) months preceding the claim, or one hundred U.S. dollars ($100), whichever is greater.
20. Disputes
Any disputes, claims, or controversies arising from or relating to this Privacy Policy shall be resolved in accordance with the dispute resolution provisions in our Terms of Service, including binding arbitration and class action waiver.
You agree that any privacy-related claims must be brought in your individual capacity and not as a plaintiff or class member in any purported class, collective, or representative action.
21. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.
When we make changes:
- We will update the "Effective date" at the top of this policy
- For material changes, we may notify you via email or a notice in the Service
- We encourage you to review this policy periodically
Continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service.
22. General Provisions
Entire Agreement
This Privacy Policy, together with any executed Data Processing Agreement and our Terms of Service, constitutes the entire agreement regarding our privacy practices. Any prior representations, discussions, or understandings are superseded.
Severability
If any provision of this Privacy Policy is found to be invalid or unenforceable, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
No Waiver
Our failure to enforce any provision of this Privacy Policy shall not constitute a waiver of that provision or any other provision.
No Third-Party Beneficiaries
This Privacy Policy does not create any third-party beneficiary rights. Only you and Metamex LLC (and our permitted assigns) may enforce this policy. Your end-users, customers, leads, or other third parties have no direct rights against us under this policy and may not bring claims against us based on this policy.
Assignment
We may assign this Privacy Policy without restriction, including in connection with a merger, acquisition, or sale of assets. Your rights under this policy are personal and may not be assigned.
Governing Law
This Privacy Policy is governed by the laws of the State of Florida, without regard to conflict of law principles, except where superseded by applicable data protection laws (e.g., GDPR for EU residents).
23. Contact
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Metamex LLC
Email: hello@campaignweaver.ai
Website: https://campaignweaver.ai
For privacy-related inquiries, please include "Privacy Request" in your subject line to help us respond promptly.
Related Policies