Legal

Privacy Policy

Effective Date: December 9, 2025

Privacy Policy

Effective Date: December 9, 2025

Table of Contents

  1. 1Introduction
  2. 2Information We Collect
  3. 3How We Use Your Information
  4. 4How We Share Your Information
  5. 5Data Security
  6. 6Data Retention
  7. 7Your Rights
  8. 8Cookies and Tracking
  9. 9Children's Privacy
  10. 10Third-Party Integrations and OAuth
  11. 11International Data Transfers
  12. 12Changes to This Privacy Policy
  13. 13Contact Us

1. Introduction

Welcome to The AI CMO. This Privacy Policy explains how ROGA AI LIMITED ("we", "us", or "our") collects, uses, shares, and protects your business information when you use our website, services, and products (collectively, the "Services").

Business-to-Business Services: The AI CMO provides B2B (business-to-business) services intended exclusively for businesses, marketing professionals, agencies, and individuals acting in a commercial capacity. This Privacy Policy applies to business data and professional information collected in the context of our B2B relationships.

We are committed to protecting your privacy and handling your data in an open and transparent manner. Please read this policy carefully to understand our practices regarding your business information.

By using our Services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect several types of information from and about users of our Services, including:

2.1 Business Information

Business information is information that identifies you in your professional capacity. This may include:

  • Business contact information (business name, email address, phone number)
  • Professional account information (username, password)
  • Business payment information (company billing address, VAT/tax ID, payment method details processed by Stripe)
  • Company information (company name, industry, website, business registration number)
  • Professional communication data (business inquiries, support queries, feedback)
  • Marketing and business strategy data related to your commercial activities

2.2 Usage Information

As you interact with our Services, we may automatically collect technical data, including:

  • Log data (IP address, browser type and version, time zone setting)
  • Device information (device type, operating system, screen resolution)
  • Usage data (features used, content generated, credits consumed)
  • Performance data (response times, error rates)

2.3 AI-Generated Content Data

When you use our AI marketing services, we may collect:

  • Marketing briefs and prompts you submit
  • Business profiles and target audience information
  • Generated marketing content (ads, emails, strategies)
  • Feedback and ratings on generated content
  • Campaign performance data you choose to share

2.4 Website Tracking SDK Data

When you install our tracking SDK on your website to use features such as AI CRO (Conversion Rate Optimization), behavioral analytics, or other optimization services, we collect data from your website visitors through PostHog. This data may include:

  • Page views, sessions, and navigation patterns
  • Click interactions and element engagement
  • Scroll depth and content visibility metrics
  • Exit intent and time-on-page data
  • Form interactions (without capturing submitted data)
  • Device type, browser, and screen resolution
  • Referrer and traffic source information
  • Anonymized visitor identifiers (no personally identifiable information is collected)

Important: This data is collected from your website visitors to power our analytics and optimization features. You are responsible for disclosing the use of analytics tracking in your own privacy policy and obtaining any necessary consents from your website visitors as required by applicable laws (e.g., GDPR, CCPA, ePrivacy Directive).

2.5 Third-Party Integration Data

We use Nango.dev as our secure OAuth integration broker to facilitate connections with third-party services. When you connect these services to your account, we may access and collect data based on the permissions you grant:

  • Google Analytics: Website traffic data, user behavior metrics, conversion data, audience demographics, and performance reports
  • Google Ads: Campaign performance data, ad spend, click-through rates, conversion metrics, keyword performance, and account structure
  • Social Media Platforms (Facebook, Instagram, LinkedIn, Twitter, YouTube): Page/profile data, post performance, engagement metrics, audience insights, and publishing capabilities
  • Email Marketing (Mailchimp): Campaign statistics, subscriber lists, email performance metrics
  • E-commerce (Shopify): Store analytics, product data, sales metrics, customer insights
  • Authentication tokens and refresh tokens necessary to maintain these connections (stored securely by Nango)
  • Account identifiers and profile information from connected services

Important: We only access data from third-party services that you explicitly authorize through OAuth consent. Nango.dev handles the secure storage and management of OAuth tokens on our behalf. You can revoke these permissions at any time through your account settings or directly in the third-party service.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Provision

  • To provide and maintain our Services
  • To generate personalized marketing content
  • To process transactions and manage subscriptions
  • To manage your account and provide customer support
  • To remember your business profile and preferences

3.2 Service Improvement

  • To improve our AI models and content generation quality
  • To develop new features and services
  • To conduct analytics and measure service performance
  • To understand how users interact with our platform
  • To personalize your experience

3.3 Third-Party Integration Services

  • To provide AI-powered insights and recommendations based on your Google Analytics data
  • To optimize your Google Ads campaigns using AI-generated suggestions
  • To create performance reports combining data from multiple sources
  • To identify trends and opportunities in your marketing data
  • To automate campaign optimization and budget allocation recommendations

3.4 Communication

  • To send service-related notices and updates
  • To respond to your inquiries and support requests
  • To send promotional communications (with your consent)
  • To notify you about changes to our Services or policies

3.5 Legal and Security

  • To comply with legal obligations
  • To protect our rights and property
  • To prevent fraud and ensure platform security
  • To enforce our Terms of Service

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers

We may share your information with third-party service providers who assist us in operating our Services, including:

  • Payment processors (Stripe) for handling transactions
  • Cloud hosting services for data storage
  • Analytics providers for service improvement
  • Email service providers for communications
  • AI model providers (OpenAI, Anthropic, Google Gemini via OpenRouter) for text content generation
  • AI media providers (Replicate) for image and video generation
  • PostHog for behavioral analytics, conversion tracking, and website optimization features
  • Nango.dev for secure OAuth authentication and token management across all third-party integrations
  • Third-party platforms (Google Analytics, Google Ads, Facebook, Instagram, LinkedIn, Twitter, YouTube, Mailchimp, Shopify) when you authorize these connections

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders or government agencies).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.4 Consent

We may share your information with your consent or at your direction.

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection
  • Secure data centers with physical security measures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to:

  • Provide our Services to you
  • Comply with our legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records for analysis and/or audit purposes

When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: The right to request copies of your personal information
  • Correction: The right to request correction of inaccurate information
  • Deletion: The right to request deletion of your personal information
  • Restriction: The right to request restriction of processing
  • Portability: The right to request transfer of your data
  • Objection: The right to object to processing of your information
  • Withdrawal: The right to withdraw consent at any time

To exercise these rights, please contact us using the details provided in the "Contact Us" section.

7.1 Data Deletion Requests

For detailed information about requesting deletion of your personal data, including what data will be deleted, what may be retained for legal purposes, and the deletion process timeline, please visit our Data Deletion Request page.

You can submit deletion requests by emailing privacy@theaicmo.com with the subject line "Data Deletion Request."

8. Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are small data files stored on your device.

8.1 Types of Cookies We Use

  • Essential Cookies: Required for the operation of our Services
  • Analytics Cookies: Help us understand how users interact with our Services (including Google Analytics cookies when enabled)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Track the effectiveness of our marketing campaigns
  • Third-Party Integration Cookies: Used when you connect Google Analytics or Google Ads to maintain your authenticated session

8.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, if you limit the ability to accept cookies, you may not be able to use certain features of our Services.

9. Children's Privacy

Our Services are B2B services intended exclusively for businesses and professionals. They are not intended for children under the age of 18 or for personal, family, or household use. We do not knowingly collect personal information from individuals under 18.

If we become aware that we have collected personal information from individuals under 18, we will take steps to remove that information from our servers.

10. Third-Party Integrations and OAuth

Our Services use Nango.dev as a secure OAuth broker to facilitate connections with third-party platforms. When you choose to connect these services, you should be aware of the following:

10.1 Integration Platform - Nango.dev

  • We use Nango.dev to securely handle OAuth authentication flows
  • Nango stores and manages OAuth tokens on our behalf using enterprise-grade encryption
  • Nango complies with SOC 2 Type II and other security standards
  • Your login credentials are never seen or stored by us or Nango
  • All API communications through Nango are encrypted in transit

10.2 Available Integrations

We support integrations with the following platforms:

  • Analytics: Google Analytics (website traffic, user behavior, conversions)
  • Advertising: Google Ads (campaign management, performance metrics, budget tracking)
  • Social Media: Facebook, Instagram, LinkedIn, Twitter, YouTube (content publishing, engagement metrics, audience insights)
  • Email Marketing: Mailchimp (campaign performance, subscriber management, email analytics)
  • E-commerce: Shopify (store analytics, product data, sales metrics)

10.3 Data Access and Permissions

For each integration, we typically request:

  • Read access to view your data and generate insights
  • Write access only when explicitly needed for content publishing or campaign management
  • Access is limited to the minimum scope necessary for the service to function
  • Permissions are clearly displayed during the OAuth consent process
  • We never request access to personal messages or private content

10.4 Data Security for Integrations

  • OAuth tokens are encrypted and stored securely by Nango.dev
  • We follow each platform's API Terms of Service and data handling requirements
  • Integration data is processed in accordance with this Privacy Policy
  • We do not share your third-party data with other users or external parties
  • Regular security audits are performed on our integration systems
  • Automatic token refresh ensures continuous secure access without storing passwords

10.5 Your Control

You maintain full control over your third-party integrations:

  • Connect or disconnect services at any time from your App Connections page
  • Review permissions granted in each platform's security settings
  • Request deletion of all data obtained through integrations
  • View connection status and last sync times in your dashboard
  • Revoke access directly from the third-party platform at any time
  • All disconnections immediately remove our access to your third-party data

11. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For significant changes, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

ROGA AI LIMITED

Unit G02, Eurocity

Europort Avenue

Gibraltar, GX11 1AA

Gibraltar

Email: privacy@theaicmo.com

Data Protection Officer: dpo@theaicmo.com

Please note: We provide B2B services only. For business inquiries and tax-related matters, please ensure you provide your business details including valid tax identification.