Machinence - AI Business Platform

Company Information

Introduction

Welcome! At Machinence Ltd. (“Machinence,” “we,” “us,” or “our”), we believe that protecting your Personal Data is very important. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use our AI-powered business platform, including our website at https://machinence.io and all related services, applications, and integrations (collectively, the “Service”).

If you are a Customer, this Privacy Policy is incorporated by reference into the Machinence Service Agreement between you and Machinence.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must not use our Service.

Scope and Application

This privacy policy applies only to the following persons (collectively “you” or “your”):

Visitors

Any person who contacts Machinence, speaks with a Machinence sales representative, or provides feedback (e.g. responds to a survey), any person who visits www.machinence.io, as well as any other Machinence applications or websites that Machinence uses and where a link to this Privacy Policy is included, such as websites created for contests or promotional purposes (the “Websites”).

Customers

Any business owner or business that subscribes to the Machinence software services or otherwise purchases services from Machinence (the “Services”), either through a paid subscription or a trial.

Partners

Machinence’s third-party business partners, including their employees and representatives.

Third-Party Websites and Applications

This Privacy Policy does not apply to any third-party websites, applications, or services, even if these are accessible through Machinence’s Websites or Services. The linking to a third-party website, service or application is subject to the terms and conditions of the third-party website, service, or application.

Responsibility of Our Customers

Customers are responsible for complying with all applicable laws and regulations concerning the Personal Data of their own customers and employees (the “End-Users”) they process when using our Services. Such processing is governed by the applicable agreement and privacy policy between the Customer and its End-Users. Unless End-Users interact with us directly (e.g. respond to an in-app survey about our products, submit feedback), we only process Personal Data of End-Users on behalf of and at the direction of our Customers.

Customers are responsible for addressing any privacy requests from their End-Users. If you are an End-User who interacts with a Customer using our Services and you have a privacy question or request, please review the Customer’s privacy policy and contact the Customer directly.

1. Definitions

Personal Data

Personal Data means any information that relates to an identified or identifiable natural person. This includes data such as name, home address, email address and phone number, as well as IP-address and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons. Information about a business, such as its name or physical address, is not Personal Data.

Platform Data

Information collected from or through social media platforms (Facebook, Instagram, LinkedIn, TikTok, Twitter/X, YouTube) when you connect those accounts to our Service.

Processing

Any operation performed on Personal Data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, transmission, erasure, or destruction.

2. Information We Collect

2.1 Personal Data We Collect Directly from You

When you use our websites or mobile applications to download a whitepaper, request a trial or ask for any other information, you will be asked to provide contact details which we will then use to deliver the requested information and/or service.

When you contact customer support or speak with a sales representative, we may record the call for training purposes and to improve our service.

If you are using or accessing our Services, whether in connection with a paid subscription, a free trial or purchased service, we may ask for specific information, such as your name, address, email address and phone number for us to be able to perform our obligations under the terms of these Services. In addition, we collect your payment details to be able to process the payment of your subscription fee or purchase price.

Customers may provide Personal Data of End-Users and other third parties by inputting that Personal Data into the Services, for example, when they process a transaction. This Personal Data is collected and used in accordance with the Customer’s privacy policy.

We collect:

• Account Registration: Full name, email address, password, business name, business type, and contact information
• Profile Information: Profile photo, company logo, business description, website URLs, and preferences
• Payment Information: Billing address, payment card details (processed securely via Stripe), transaction history, VAT number (if provided)
• Content: Text, images, videos, documents, and other content you create, upload, or publish through our Service
• Communications: Messages, emails, support tickets, feedback, and call recordings you send to us
• Customer Data: Information about your customers that you store in our CRM, including names, emails, phone numbers, and purchase history
• Government Identification: Social security numbers, passport details, or other ID documents (only when required for payment processing verification or company formation services)

2.2 Information We May Collect About You Through Our Websites and Applications

Technologies Used by Us

As part of our Websites, including applications, and Services, we use various technologies such as “session” and “persistent” cookies (small data files that we transfer to your computer), web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services, such as Google Analytics, to collect and analyse information about Visitors, Customers, and Partners.

Automatically Collected Information:

• Session Cookies: We use “session” cookies to keep you logged in whilst you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services.
• Persistent Cookies: We use “persistent” cookies to recognise you each time you return to our Websites or Services.
• Web Beacons and Tracking Technologies: Web beacons, tags and scripts may be used on our Websites, our Services, in emails or other electronic communications we send to you.
• Log Data: Our servers automatically record information created by your use of the Websites or Services. Log Data includes information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information.
• Device Information: Device type, operating system, browser type and version, device identifiers
• Usage Data: Pages visited, features used, clicks, time spent, navigation paths
• Location Data: General geographic location based on IP address (country/region level only)

Managing Cookies: You may delete or disable certain of these technologies at any time via your browser settings.

2.3 Information We Receive from Third Parties

We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter, Google) and use it to improve or re-market our Services, or to provide a more tailored experience with our Services.

Social Media Platform Data

When you connect your social media accounts to Machinence, we collect information as authorised by your permissions on each platform:

Facebook & Instagram (Meta Platforms)

• Page and profile information (name, profile picture, page ID)
• Access tokens for posting on your behalf
• Page insights and analytics data
• Comments, messages, and engagement metrics
• Media (photos, videos) that you authorise us to access
• Business account information and connected assets

LinkedIn

• Profile information (name, headline, profile picture)
• Organisation/company page access and management permissions
• Post content and engagement analytics
• Access tokens for content publishing

TikTok

• Account information (username, display name, avatar)
• Video upload and publishing permissions
• Video performance analytics and metrics
• Access tokens for content management

Twitter/X

• Account information (username, display name, profile image)
• Tweet posting and management permissions
• Engagement metrics and analytics
• OAuth tokens for API access

YouTube

• Channel information (name, description, subscriber count)
• Video upload and management permissions
• Video analytics and performance data
• OAuth tokens for YouTube Data API access

2.4 Information Collected in the Last 12 Months

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Provide AI-powered website and store building services
• Generate content using artificial intelligence (text, images, marketing materials)
• Process payments and manage subscriptions
• Enable CRM functionality and customer management
• Send invoices and process transactions
• Register UK limited companies through Companies House
• Facilitate domain registration and management

3.2 Social Media Integration

• Publish content to your connected social media accounts on your behalf
• Schedule posts for future publication
• Retrieve and display analytics and performance metrics
• Manage comments, messages, and engagement across platforms
• Provide unified inbox functionality for social interactions

3.3 Communication

• Send transactional emails (receipts, confirmations, notifications)
• Provide customer support and respond to enquiries
• Send service updates and important announcements
• With your consent, send marketing communications about new features and offers
• Send security alerts and account notifications

3.4 Improvement and Analytics

• Analyse usage patterns to improve our Service
• Develop new features and functionality
• Conduct research and analytics (using aggregated, anonymised data)
• Monitor and improve system performance and security
• Personalise your experience based on usage patterns

3.5 Legal and Safety

• Comply with legal obligations and regulations (including KYC, AML, tax requirements)
• Enforce our Terms of Service
• Prevent fraud, abuse, and security threats
• Protect the rights and safety of users and third parties
• Respond to legal requests and court orders

4. Legal Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on the following legal grounds:

Contractual Necessity (Article 6(1)(b))

Processing necessary to perform our contract with you (providing the Service, processing payments, fulfilling orders)

Consent (Article 6(1)(a))

Where you have given explicit consent (e.g., connecting social media accounts, marketing communications, cookies). You may withdraw consent at any time.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests (security, fraud prevention, service improvement, product development) where not overridden by your rights

Legal Obligation (Article 6(1)(c))

Processing necessary to comply with legal requirements (tax records, regulatory compliance, KYC/AML laws, court orders)

5. How We Share Your Information

5.1 Service Providers and Processors

We share data with trusted third-party service providers who assist us in operating our Service. All service providers are contractually bound to protect your data and use it only for the purposes we specify:

• Stripe: Payment processing and subscription management
• Cloud Infrastructure: Secure data hosting and storage (AWS, Google Cloud, or similar providers)
• Email Services: Transactional and marketing email delivery (Resend, SMTP providers)
• Analytics: Anonymised usage analytics (Google Analytics)
• Tucows: Domain registration and DNS management
• Companies House: UK company formation and registration services

5.2 Social Media Platforms

When you connect social accounts, we share content with:

• Meta Platforms (Facebook, Instagram) - to publish content and retrieve analytics
• LinkedIn Corporation - to publish posts and manage company pages
• TikTok (ByteDance) - to upload videos and access metrics
• X Corp (Twitter) - to post tweets and retrieve engagement data
• Google (YouTube) - to upload videos and access channel analytics

We do NOT sell, licence, or purchase Platform Data.

We only share your Platform Data to provide the specific features you authorised: publishing content, retrieving analytics, and managing engagement on your behalf.

5.3 Legal Requirements and Protection

We may disclose your information when required by law or when necessary to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Machinence, users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims that content violates third-party rights

5.4 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity or successor. We will notify you via email or prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information with other parties when you explicitly direct us to do so or give us your specific consent.

6. Social Media Platform Data Handling

This section provides specific information about how we handle data from each social media platform, in compliance with their respective platform policies.

6.1 Meta Platforms (Facebook & Instagram)

Data We Access and Collect:

• Basic Profile Information: Your public profile name, profile picture, and user ID
• Email Address: The email associated with your Facebook/Instagram account (with your permission)
• Facebook Pages: List of Pages you manage, Page access tokens, Page names, and Page IDs
• Instagram Business Accounts: Connected Instagram Business or Creator accounts, account IDs, usernames, and profile information
• Publishing Permissions: Ability to create, edit, and delete posts, photos, and videos on your Pages and Instagram accounts
• Page Insights: Analytics data including reach, engagement, impressions, and audience demographics
• Comments and Messages: Access to read and respond to comments on your posts (when you use our unified inbox feature)
• Media Files: Photos and videos you upload through our platform for publishing

How We Use This Data:

• Content Publishing: To post text, images, and videos to your Facebook Pages and Instagram accounts on your behalf
• Scheduling: To schedule posts for future publication at times you specify
• Analytics Display: To show you performance metrics and insights about your posts and audience
• Engagement Management: To allow you to view and respond to comments from a unified dashboard
• Account Selection: To let you choose which Pages and Instagram accounts to manage

Data Storage and Security:

• Access tokens are encrypted using AES-256 encryption and stored securely
• We do not store your Facebook/Instagram password
• Tokens are refreshed automatically and old tokens are securely deleted
• All data transmission uses TLS 1.3 encryption
• We protect and do not transfer, share, or solicit Meta user IDs, access tokens, or app secrets

Data Retention and Deletion:

• Access tokens: Retained until you disconnect your account or they expire (deleted immediately upon disconnect)
• Post content & drafts: Deleted as soon as no longer necessary for legitimate business purposes or when you stop using the feature
• Analytics data: Aggregated and anonymised after 24 months (cannot be associated with specific users)
• Upon disconnection: All Meta access tokens deleted within 24 hours, all cached user data within 30 days
• Upon account deletion: All Meta-related data permanently deleted within 30 days

We only retain Platform Data as long as necessary for the purposes you authorised. When you stop using a feature, we delete associated data promptly.

Your Rights and Controls:

• Disconnect Anytime: Settings → Connected Accounts (immediate token deletion)
• Revoke Access: Facebook Settings → Apps and Websites (we receive deletion callback)
• Request Deletion: Via our Data Deletion page or email privacy@machinence.io
• Request Data Copy: Email privacy@machinence.io for export of your Meta data
• Update/Correct Data: Contact us to modify inaccurate Platform Data
• Withdraw Consent: Disconnect at any time to stop future data processing

We respond to all data requests within 30 days and provide clear methods for you to exercise your rights.

Meta Data Deletion Callback:

In compliance with Meta Platform requirements, when you remove our app from your Facebook account, we automatically receive a data deletion callback and will:

• Delete all access tokens associated with your account within 24 hours
• Remove all cached user data within 30 days
• Provide confirmation of deletion upon request

Data Deletion Request URL: https://panel.machinence.io/DataDeletion

Prohibited Practices - We DO NOT:

• Use Platform Data for discrimination or surveillance
• Make eligibility determinations (housing, employment, credit, insurance)
• Sell, licence, or purchase Platform Data
• Build or augment user profiles without consent
• Attempt to decode, de-anonymise, or reverse-engineer Platform Data
• Process Restricted Platform Data beyond what’s necessary for your experience

6.2 LinkedIn

Data We Access and Collect:

• Profile Information: Your name, headline, profile picture, and LinkedIn ID
• Email Address: Primary email associated with your LinkedIn account
• Organisation Pages: Company pages you have admin access to, page IDs, and page names
• Publishing Permissions: Ability to create posts on your profile or organisation pages
• Post Analytics: Engagement metrics including likes, comments, shares, and impressions

Data Retention and Deletion:

• OAuth tokens retained until disconnection or expiration
• Profile and post data retained for account duration
• All LinkedIn data deleted within 30 days of disconnection

6.3 TikTok

Data Collected: Username, display name, avatar, user ID, video upload permissions, and engagement metrics.

Purpose: To upload and publish video content to your TikTok account and retrieve analytics.

Data Retention: Access tokens retained until disconnection.

Data Deletion: All TikTok data deleted within 30 days of disconnection.

6.4 Twitter/X

Data Collected: Account information (username, display name, profile image), tweet posting permissions, engagement metrics.

Purpose: To publish tweets and threads on your behalf and retrieve analytics.

Data Retention: OAuth tokens retained until disconnection.

Data Deletion: All Twitter data deleted within 30 days of disconnection.

6.5 YouTube (Google)

Data Collected: Channel information, video upload permissions, video analytics, subscriber data.

Purpose: To upload videos to your YouTube channel and access performance analytics.

Data Retention: OAuth tokens and channel data retained until disconnection.

Data Deletion: All YouTube data deleted within 30 days of disconnection.

7. Data Security

We implement administrative, physical, and technical safeguards that meet or exceed industry standards to protect Platform Data and all personal information:

7.1 Technical Safeguards

• TLS 1.3 Encryption: All data in transit encrypted with TLS 1.3
• AES-256 Encryption: Data at rest encrypted with AES-256
• Secure Token Storage: OAuth tokens and secrets encrypted at rest
• Authentication Protection: We never request or store social media login credentials

7.2 Administrative Safeguards

• Access Controls: Role-based access with principle of least privilege
• Security Training: Regular security awareness training for all staff
• Background Checks: Security screening for personnel with data access
• Incident Response: Written security incident response procedures

7.3 Physical Safeguards

• Secure Data Centres: Enterprise-grade cloud infrastructure with physical security
• Access Logging: All data access logged and monitored
• Regular Security Audits: Periodic security assessments and penetration testing
• Vulnerability Reporting: Easy way to report security vulnerabilities

Data Breach Notification

In the event of any unauthorised access, destruction, loss, alteration, disclosure, or compromise of Platform Data or personal data, we will notify you and affected platforms within 24-72 hours as required by UK GDPR, notify relevant supervisory authorities (ICO in UK), immediately begin remediation and provide detailed impact information, and keep you informed of corrective actions and compliance with notification requirements.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements:

After the retention period expires, personal data is securely deleted or permanently anonymised such that it can no longer identify you.

9. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

9.1 UK GDPR Rights (UK and EEA Residents)

• Right to Access: Request a copy of the personal data we hold about you, including information about processing activities
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation of how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been violated

9.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the personal information we collect and how we use it
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out of Sale: Note that we do NOT sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

How to Exercise Your Rights

• Email: privacy@machinence.io
• Data Deletion: legal@machinence.io
• Online: Data Deletion Request Page

10. International Data Transfers

Machinence Ltd. is based in the United Kingdom. Your data, including Platform Data from Meta, may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States, where Meta Platforms, Inc., our cloud infrastructure, and service providers operate.

10.1 EEA Data Transfers (Meta Ireland Data)

For Platform Data controlled by Meta Platforms Ireland Limited that is transferred outside the EEA, we comply with the Standard Contractual Clauses (Module One - Controller to Controller) as approved by European Commission Decision (EU) 2021/914.

10.2 UK Data Transfers

For Platform Data controlled by Meta Platforms, Inc. (US) subject to UK GDPR that is transferred outside the UK, we comply with the UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses.

10.3 Other International Transfers

For transfers not covered above, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for EEA transfers
• UK IDTA: For transfers from the UK to countries without adequacy decisions
• Adequacy Decisions: Transfers to countries with positive adequacy decisions from the UK Government or European Commission
• Supplementary Measures: Additional technical and organisational safeguards (encryption, pseudonymisation, access controls, minimisation)

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and comply with the UK Privacy and Electronic Communications Regulations (PECR):

11.1 Types of Cookies We Use

• Essential Cookies (Required): Required for the Service to function - authentication, security, session management. Cannot be disabled without affecting core functionality.
• Analytics Cookies: Help us understand how you use our Service to improve it. Includes Google Analytics and similar tools.
• Functional Cookies: Remember your preferences, language settings, and customisations.
• Marketing Cookies (With Consent): Used to deliver personalised content and measure advertising effectiveness.

11.2 Third-Party Analytics

• Google Analytics: For website usage statistics
• Stripe Analytics: For payment and subscription metrics
• Social Platform Pixels: For measuring marketing campaign effectiveness (with consent)

Managing Your Cookie Preferences

• Browser Settings: Most browsers allow you to block or delete cookies through privacy settings
• Cookie Preference Centre: Manage non-essential cookies through our settings (when available)
• Opt-Out Tools: Use tools provided by analytics providers
• Privacy Extensions: Install browser extensions that manage tracking technologies

12. Children’s Privacy

Our Websites and Services are NOT intended for or directed to children under 18 years of age, and we do not knowingly collect or store any Personal Data about persons under the age of 18.

If we learn that we have collected Personal Data of a child under 18, we will take steps to delete such information from our files as soon as practicable. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@machinence.io.

13. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications that are not operated by us. These include social media platforms, payment processors (Stripe, PayPal), domain registrars (Tucows), analytics tools (Google Analytics), email service providers, and external websites linked from your generated content.

Important: We are not responsible for the privacy practices, content, or security of third-party websites or services. We strongly encourage you to review the privacy policies of any third-party sites you visit or services you use.

14. Marketing Communications and Consent

14.1 Types of Communications

• Transactional Emails: Order confirmations, receipts, password resets, security alerts (no consent required)
• Service Updates: Important changes to our Service, Terms, or Privacy Policy
• Marketing Emails: Newsletters, feature announcements, special offers, surveys (requires your consent)

14.2 How to Unsubscribe

• Clicking the “Unsubscribe” link at the bottom of any marketing email
• Updating your notification preferences in Settings → Notifications
• Contacting us at privacy@machinence.io

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the “Last Updated” date at the top of this policy
• We will notify you via email and/or prominent notice on our Service
• For significant changes affecting your rights, we may request your renewed consent
• Material changes will take effect 30 days after notice is provided

Previous versions of this Privacy Policy will be archived and available upon request.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: