Privacy Policy

MondayBrief ("MoBrief.com," "we," "us," or "our") provides automated weekly performance briefs for Meta Ads agencies. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at mobrief.com and any related services.

By using MondayBrief, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, agency name, and password (stored as a bcrypt hash, never in plain text). If you subscribe to a paid plan, payment information is processed by Stripe and we do not store your credit card details on our servers.

Meta Ads Data

When you connect your Meta Business Manager account via OAuth, we receive an access token that allows us to read ad performance data from your authorized ad accounts. This token is encrypted at rest using AES-256-CBC encryption. We access campaign names, ad set names, ad names, spend, impressions, clicks, conversions, and related performance metrics. We do not access personal data about the people who see or interact with your ads.

Client Information

You provide us with your clients' names, email addresses, and Meta Ad Account IDs so that we can generate and deliver performance briefs on your behalf.

Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. We use this information to maintain service reliability and diagnose technical issues.

Cookies

We use session cookies containing JSON Web Tokens (JWT) to authenticate your session. These are strictly necessary for the service to function. We do not use advertising or tracking cookies.

2. How We Use Your Information

We use the information we collect to:

• Authenticate your account and maintain your session
• Fetch ad performance data from your connected Meta Ad accounts
• Generate AI-powered weekly performance briefs
• Deliver briefs via email to you and your clients
• Process subscription payments through Stripe
• Send transactional emails (account confirmations, password resets, billing receipts)
• Maintain, improve, and troubleshoot the service
• Respond to support requests

We do not sell your data. We do not use your data for advertising. We do not share your ad performance data with other MondayBrief customers.

3. Third-Party Services

MondayBrief integrates with the following third-party services, each governed by their own privacy policies:

Meta (Facebook) Marketing API

We use the Meta Marketing API to read ad performance data from your authorized ad accounts. We access only the data necessary to generate your weekly briefs. Meta's data policy applies to information within their platform. We do not write to or modify your Meta ad accounts in any way.

Anthropic (Claude AI)

We send aggregated, anonymized ad performance metrics to Anthropic's Claude AI to generate the narrative analysis in your briefs. The data sent includes campaign names, spend figures, and performance metrics. We do not send personal contact information, email addresses, or Meta access tokens to Anthropic. Anthropic's usage policy governs how they handle data sent through their API.

SendGrid (Twilio)

We use SendGrid to deliver brief emails to you and your clients. SendGrid processes recipient email addresses and email content for delivery purposes. Twilio's privacy policy governs their handling of this data.

Stripe

We use Stripe to process subscription payments. Your payment information (credit card number, billing address) is sent directly to Stripe and never touches our servers. Stripe's privacy policy governs their handling of payment data.

4. Data Storage and Security

We take the security of your data seriously:

• All data is stored in a PostgreSQL database with access restricted to our application servers
• Meta OAuth tokens are encrypted at rest using AES-256-CBC encryption with a dedicated encryption key
• Passwords are hashed using bcrypt with a minimum of 10 salt rounds
• All connections to our service use HTTPS/TLS encryption in transit
• We use structured logging (Winston) and do not log sensitive data such as tokens, passwords, or personal information
• API endpoints are protected with authentication middleware and input validation
• We regularly review and update our dependencies to address known vulnerabilities

No method of electronic storage is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us at hello@mobrief.com.

5. Your Rights

General Rights (All Users)

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data in your account settings
• Delete your account and associated data by contacting us
• Export your data in a machine-readable format
• Disconnect your Meta account at any time through your account settings

GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data based on your consent (when you connect your Meta account), contractual necessity (to provide the service you subscribed to), and legitimate interest (to maintain and improve the service)
• Right to restrict processing: You may request that we limit how we use your data
• Right to data portability: You may request a copy of your data in a structured, machine-readable format
• Right to object: You may object to certain types of processing
• Right to lodge a complaint: You may file a complaint with your local data protection authority

To exercise any of these rights, contact us at hello@mobrief.com. We will respond within 30 days.

CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know: You may request details about the categories and specific pieces of personal information we have collected about you
• Right to delete: You may request deletion of your personal information, subject to certain exceptions
• Right to opt out: We do not sell personal information, so this right does not apply. If our practices change, we will provide an opt-out mechanism
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at hello@mobrief.com. We will verify your identity before processing your request and respond within 45 days.

6. Data Retention

We retain your data as follows:

• Account data: Retained for the duration of your account and deleted within 30 days of account closure
• Generated briefs: Retained for 12 months to allow you to review historical briefs, then automatically deleted
• Ad performance data: Raw data from Meta is processed in real time and not stored beyond what is needed to generate each brief. Aggregated metrics are stored as part of the brief record
• Meta OAuth tokens: Encrypted tokens are retained while your Meta account is connected and deleted immediately upon disconnection
• Server logs: Retained for 90 days for operational purposes, then automatically deleted

When you delete your account, we remove all your data from our active systems within 30 days. Backup copies may persist for up to 90 days before being overwritten.

7. Children's Privacy

MondayBrief is a business-to-business service designed for use by advertising agencies and marketing professionals. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly.

8. International Data Transfers

Our servers and third-party service providers may be located outside your country of residence. By using MondayBrief, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place for any cross-border data transfers, including standard contractual clauses where required.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by placing a notice on our website. Your continued use of MondayBrief after the effective date of any changes constitutes your acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at: