Privacy Policy

Last Updated: February 1, 2026

1. Introduction and Scope

This Privacy Policy ("Policy") describes our practices regarding the collection, processing, storage, and protection of personal data when you use MRGRM ("we", "us", or "our"), our website, platform, and associated services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read and understood this Policy.

2. Categories of Personal Data We Process

2.1 Information You Provide Directly

When you register, subscribe, or interact with our Services, you may provide:

• Account Information: Name, email address.
• Authentication Data: Passwords (hashed) or SSO tokens (e.g., via Google).
• Payment Information: Billing details (processed securely by our payment provider, Paddle).
• Communication Data: Support tickets or feedback submissions.

2.2 Information We Collect Automatically

When you use our Services, we automatically collect:

• Technical Data: IP address, browser type and version, device identifiers, operating system.
• Usage Data: Pages visited, features accessed, click patterns, session duration, error logs.
• Integration Data: Information from connected third-party services (e.g., YouTube) as authorized by you.

2.3 Information from Third Parties

To provide our comment management Service, you must connect third-party social media accounts (e.g., YouTube via Google OAuth). We collect:

• Profile Data: Channel name, avatar, and description.
• Authentication Tokens: OAuth tokens required to fetch and manage comments securely.
• Comment Data: Text, author IDs, post IDs, and publication dates of comments retrieved from your connected social profiles.

2.4 Special Categories of Data

We do not intentionally collect special categories of personal data (e.g., racial or ethnic origin, political opinions, religious beliefs). Because our Service analyzes comments posted publicly on third-party platforms, we may process such data if it is included in comments made by end-users. We do not use this data for profiling or marketing.

3. Purposes of Processing

We process personal data for the following purposes:

• Service Delivery: To fetch comments, analyze them using AI (including but not limited to OpenAI, Anthropic, Google Gemini), and execute your automated actions.
• Account Management: To manage subscriptions, track token usage, and provide customer support.
• Platform Operations: To ensure the security, availability, and performance of our infrastructure.
• Communication: To send technical notices, updates, security alerts, and administrative messages.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

4.2 Service Providers and Sub-processors

We share personal data with carefully selected service providers who assist us in operating our Services. These include:

• AI Providers: Comment text is sent to third-party AI infrastructure for analysis. These providers' API usage policies generally restrict using API data for training their public models.
• Payment Processors: We use Paddle for secure payment processing.
• Notification Services: Email and Telegram providers to send you alerts configured in your account.
• Hosting Providers: We host primarily in the US and maintain strong security controls.

4.3 Legal Disclosures

We may disclose personal data when required by law or when we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights, or prevent fraud.

5. Third-Party Platform Policies

Because MRGRM interacts with platforms like YouTube, your use of the Service is also subject to their privacy practices.

• We access your YouTube data using YouTube API Services. By using our Service, you acknowledge and agree to the Google Privacy Policy.
• You can revoke MRGRM's access to your YouTube data at any time via the Google Security Settings page.

6. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information and third-party authentication tokens. However, no electronic transmission over the internet can be guaranteed to be 100% secure.

7. Data Retention

We retain your personal information and processed comment data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data in accordance with our retention policies.

8. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data, or object to certain processing activities. You can exercise many of these rights directly through your account dashboard or by contacting us.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

10. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at support@mrgrm.com.