Back to landing page

Legal

Privacy Policy

Effective date: March 22, 2026

1. Introduction

MNDR ("we", "us", or "our") provides an AI-powered marketing workspace that helps teams plan, build, and launch campaigns across channels including Meta Ads, Shopify, email, and WhatsApp. This Privacy Policy explains how we collect, use, share, and protect information when you use our platform and services.

By using MNDR, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

2. Information We Collect

2.1 Information you provide directly

  • Account information: name, email address, and password when you register.
  • Team and workspace data: team name, member invitations, and billing details.
  • Content you create: ad copy, campaign briefs, email templates, brand profiles, and conversation history with our AI assistant.

2.2 Information from connected platforms

When you connect third-party accounts, we receive data necessary to provide our services:

  • Meta (Facebook): ad account IDs, campaign data, ad performance metrics, and page information. Authorized via Facebook OAuth.
  • Shopify: store name, domain, products, orders, customer names, email addresses, phone numbers, order history, and spending data. Authorized via Shopify OAuth with offline access tokens.
  • Google: basic profile information (name, email) for authentication purposes only.

2.3 Information collected automatically

  • Usage data: pages visited, features used, timestamps, and interaction patterns.
  • Device data: browser type, operating system, and IP address.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and improve the MNDR platform.
  • Enable AI-powered campaign creation, audience building, and cross-channel orchestration.
  • Sync and normalize customer data from connected platforms (e.g., Shopify customer sync) for audience segmentation.
  • Send transactional emails (account verification, password resets, billing receipts).
  • Monitor service performance and diagnose technical issues.
  • Comply with legal obligations and enforce our terms.

We do not sell your personal information or your customers' personal information to third parties.

4. Shopify Data

When you connect your Shopify store, we access data through the Shopify Admin API using scopes you authorize during the OAuth flow. Specifically:

  • Customer data: names, email addresses, phone numbers, addresses, order history, total spending, and tags. Used to build audiences and segments within MNDR.
  • Product and order data: product titles, descriptions, variants, pricing, and order details. Used for campaign creation and product-aware ad generation.
  • Store configuration: shop name, domain, locations, and market settings.

4.1 Data storage and security

Shopify access tokens are encrypted at rest using AES-256-GCM. Customer data synced from Shopify is stored in our PostgreSQL database and associated with your team workspace. We do not share Shopify merchant or customer data with any third party except as required to operate the connected platform integrations you have authorized.

4.2 Data deletion

When you disconnect your Shopify store, we delete your stored access token immediately. If you uninstall our app from Shopify, we receive a shop redaction webhook and delete all customer data and connection records associated with your store within 30 days. You may also request data deletion at any time by contacting us.

5. Data Sharing

We share information only in the following circumstances:

  • Connected platforms: when you instruct MNDR to create ads, send emails, or perform actions on your behalf through connected services (Meta, Shopify, email providers).
  • Infrastructure providers: we use Microsoft Azure for hosting and database services. These providers process data on our behalf under contractual obligations.
  • Payment processing: billing is handled by Stripe. We do not store your credit card information.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.

6. Data Retention

  • Account data: retained for the duration of your account. Deleted upon account closure and completion of any required retention period.
  • Conversation history: retained while your account is active. You can delete individual conversations at any time.
  • Synced customer data: retained while your platform connection is active. Deleted when you disconnect the integration or upon receiving a redaction request.
  • Logs and analytics: retained for up to 90 days for operational purposes.

7. Data Security

We implement industry-standard security measures including:

  • Encryption of sensitive tokens at rest (AES-256-GCM) and in transit (TLS).
  • Password hashing with bcrypt.
  • JWT-based authentication with token expiry.
  • HMAC signature verification for all incoming webhooks.
  • Rate limiting on authentication and API endpoints.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Object to or restrict certain processing activities.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@mndr.io. We will respond within 30 days.

9. International Data Transfers

Our services are hosted on Microsoft Azure. Data may be processed in regions outside your country of residence. Where required by applicable law, we ensure appropriate safeguards are in place for cross-border data transfers.

10. Cookies and Tracking

MNDR uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking technologies. Our application functions without reliance on third-party cookies.

11. Children's Privacy

MNDR is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our platform. Your continued use of MNDR after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

privacy@mndr.io