MYCROFTHUB.COM — PRIVACY POLICY
Effective Date: April 11, 2026 Last Updated: April 11, 2026
1. Introduction and Who We Are
Mycroft Technologies Ltd ("Mycrofthub," "we," "us," or "our") operates the platform available at mycrofthub.com and all associated services, features, and tools (collectively, the "Service"). We are committed to protecting the personal data of everyone who interacts with us — including our customers, their end-users, website visitors, and business contacts.
This Privacy Policy explains:
- What personal data we collect and why
- How we use, store, and protect that data
- Who we share it with and under what conditions
- Your rights in relation to your personal data
- How to contact us with questions or requests
This Policy applies to all personal data processed by Mycrofthub in connection with the Service, including data collected through mycrofthub.com, our mobile applications, APIs, integrations, and any communications we send to you.
Please read this Policy carefully. By using the Service, you confirm that you have read and understood it. If you do not agree with this Policy, you should not use the Service.
2. Legal Basis and Applicable Law
We operate globally and process personal data in compliance with the privacy and data protection laws applicable in the jurisdictions where we operate and where our users are located. Where requirements differ across jurisdictions, we apply the standard most protective of individual rights, or we apply jurisdiction-specific provisions as required by applicable law.
We collect and process personal data only where we have a lawful basis to do so. Depending on the nature of the processing and the applicable law, our legal bases include:
- Performance of a contract — where processing is necessary to provide the Service you have subscribed to
- Legitimate interests — where processing is necessary for our genuine business interests and those interests are not overridden by your rights and freedoms
- Legal obligation — where processing is required to comply with applicable law
- Consent — where you have given clear, informed, and freely given consent to a specific use of your data, which you may withdraw at any time
3. What Data We Collect
3.1 Data You Provide Directly
Account and Registration Data When you create a Mycrofthub account, we collect your full name, email address, password (stored in encrypted form), business name, country of residence, and, where applicable, your phone number. If you register via a third-party authentication provider such as Google, we receive basic profile information from that provider in accordance with its own privacy policy and your permissions.
Billing and Payment Data When you subscribe to a paid plan, we collect billing information including your name, billing address, and payment method details. Full payment card numbers are processed and stored exclusively by our third-party payment processor and are never stored on our servers. We retain transaction records including amounts, dates, and plan details for accounting and legal compliance purposes.
Brand and Business Configuration Data As part of setting up Mycrofthub for your business — what we call "The Briefing" — you provide information including your brand name, tone of voice, products and services, target audience, and marketing preferences. This information is used exclusively to configure and personalise the Service for you.
Content and Input Data We collect all content you input into the Service, including text prompts, images, documents, URLs, product descriptions, and any other material you provide to generate, schedule, or distribute marketing content. This is referred to as "Input Content" in our Terms of Service.
Communications Data When you contact us for support, send us feedback, respond to surveys, or communicate with us in any way, we collect the contents of those communications and any identifying information you include.
Contact and Integration Data When you connect third-party platforms — including WhatsApp Business, Telegram, Instagram, Facebook, X (Twitter), LinkedIn, TikTok, and WordPress — we collect the authorisation tokens, account identifiers, and configuration data necessary to operate those integrations on your behalf. We also receive contact lists, audience segments, and messaging data that you upload or sync to use with The Network feature.
3.2 Data We Collect Automatically
Usage and Activity Data We automatically collect data about how you interact with the Service, including features you use, actions you take, content you generate, campaigns you create, pages you view, buttons you click, and the time and duration of your sessions.
Device and Technical Data We collect technical information including your IP address, browser type and version, operating system, device identifiers, screen resolution, time zone, language settings, and referring URLs. This data is used for security, troubleshooting, and service optimisation purposes.
Log Data Our servers automatically record log data when you use the Service, including the date and time of requests, pages or features accessed, error logs, and performance metrics.
Cookies and Similar Technologies We use cookies, pixel tags, and similar tracking technologies as described in Section 10 of this Policy.
3.3 Data About Your Customers and Contacts
In the course of using the Service — particularly The Network (WhatsApp and Telegram broadcasting) and The Consultation (web chat agent) — you will upload, sync, or collect personal data belonging to your own customers and contacts ("End-User Data"). This includes names, phone numbers, email addresses, messaging history, and any other data associated with your contact lists or chat interactions.
With respect to End-User Data, you are the data controller and we are the data processor acting on your documented instructions. Our processing of End-User Data is governed by the data processing terms set out in Section 12 of this Policy.
3.4 Data from Third Parties
We may receive personal data about you from third parties, including social media platforms when you connect those platforms to the Service, payment processors in connection with transaction verification, analytics and fraud prevention providers, and business partners or referral sources where you have given consent for your data to be shared.
4. How We Use Your Personal Data
We use personal data for the following purposes:
Providing and Operating the Service To create and manage your account, process your subscription, deliver the features of the Service, generate AI content on your behalf, schedule and publish posts, manage messaging campaigns, and operate the web chat agent.
Personalisation and AI Configuration To train and configure the Mycroft AI agent with your brand voice, product information, and audience preferences, so that content generated on your behalf accurately reflects your business.
Billing and Account Administration To process payments, issue invoices, manage subscriptions, send billing notifications, handle upgrade and downgrade requests, and manage refunds or disputes.
Customer Support and Communications To respond to your enquiries, resolve technical issues, send you service updates, notify you of changes to the Service or these policies, and provide onboarding assistance.
Safety, Security, and Fraud Prevention To detect and prevent fraud, abuse, spam, and unauthorised access; to monitor for violations of our Acceptable Use Policy; and to protect the integrity and security of the Service and its users.
Service Improvement and Analytics To analyse usage patterns, monitor performance, identify bugs and errors, conduct research, and develop new features and improvements. Where used for analytics, data is aggregated and anonymised to the extent practicable.
Marketing Communications To send you information about new features, product updates, case studies, tips, and promotional offers related to the Service, where you have opted in to receive such communications or where we have a legitimate interest in marketing to existing customers.
Legal Compliance To comply with applicable laws and regulations, respond to lawful requests from governmental or regulatory authorities, enforce our Terms of Service, and protect our legal rights and those of third parties.
5. AI-Generated Content and Data Processing
5.1 How AI Processing Works
The Service uses large language models and other AI technologies provided by third-party AI model providers to generate content on your behalf. When you use content generation features, your Input Content — including your brand brief, prompts, and configuration data — is transmitted to the relevant AI model provider to generate output.
5.2 AI Model Providers
We work with AI model providers including, but not limited to, OpenAI, Anthropic, and Google. Each provider processes data in accordance with their own terms and privacy policies. We select providers who offer appropriate data protection commitments and who do not use your inputs to train their models without your consent, where that commitment is available.
5.3 No Training on Your Data
We do not use your Input Content or Output Content to train our own AI models, or knowingly permit our AI model providers to use your data for training purposes, except where such training is necessary for fine-tuning personalised models specifically for your account and with your explicit consent.
5.4 Output Content Accuracy
AI-generated content may contain inaccuracies, errors, or content that is not suitable for your purposes. You are responsible for reviewing all Output Content before publication. We are not responsible for any consequences arising from the publication of unreviewed AI-generated content.
6. Sharing Your Personal Data
We do not sell your personal data. We do not share your personal data with third parties for their own independent marketing purposes without your explicit consent. We share data only in the following circumstances:
6.1 Service Providers and Sub-Processors
We engage trusted third-party service providers to help us operate the Service. These providers act as data processors on our behalf and are contractually bound to process data only as instructed by us and to maintain appropriate security standards. Our key categories of service providers include:
| Category | Purpose |
|---|---|
| Cloud hosting and infrastructure | Storing and serving the Service |
| AI model providers | Generating content on your behalf |
| Payment processors | Processing subscription payments |
| Email and communication providers | Delivering transactional and marketing emails |
| Analytics platforms | Understanding Service usage |
| Customer support tools | Managing support tickets and communications |
| WhatsApp Business Solution Providers | Facilitating WhatsApp API access |
| Fraud and security providers | Protecting the Service and its users |
A current list of our sub-processors is available upon request at privacy@mycrofthub.com.
6.2 Third-Party Platform Integrations
When you connect the Service to third-party platforms such as WhatsApp, Telegram, Instagram, Facebook, X, LinkedIn, TikTok, or WordPress, data is necessarily transmitted to and from those platforms to enable the integration. Each platform's own privacy policy governs how it handles that data. We are not responsible for third-party platforms' data practices.
6.3 Business Transfers
If Mycrofthub is involved in a merger, acquisition, restructuring, or sale of all or part of its assets, personal data may be transferred as part of that transaction. We will notify you by email and by posting a prominent notice on our website before your personal data becomes subject to a different privacy policy as a result of such a transaction.
6.4 Legal Disclosure
We may disclose personal data if we believe in good faith that such disclosure is necessary to comply with a legal obligation or lawful request from a government or regulatory authority; enforce our Terms of Service; protect the rights, property, or safety of Mycrofthub, our users, or the public; or detect, prevent, or address fraud, security, or technical issues. Where legally permitted and practicable, we will notify you before disclosing your data in response to a legal demand.
6.5 With Your Consent
We may share your personal data with third parties not described above where you have given your explicit, informed consent to that sharing.
7. International Data Transfers
Mycrofthub operates globally and your personal data may be transferred to, stored in, and processed in countries other than your country of residence. Where we transfer personal data across borders, we implement appropriate safeguards to ensure that the data remains protected to the standard required by applicable law. These safeguards may include standard contractual clauses, binding corporate rules, adequacy decisions, or other legally recognised transfer mechanisms.
By using the Service, you acknowledge that your data may be transferred internationally in the manner described in this section. If you have concerns about international data transfers applicable to your situation, please contact us at privacy@mycrofthub.com.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations, or as required or permitted by applicable law. Our general retention practices are as follows:
Account Data — Retained for the duration of your account and for up to 90 days following account closure, after which it is deleted or anonymised, except where longer retention is required by law.
Billing and Transaction Records — Retained for a minimum of 7 years to comply with financial and tax regulations.
Content and Campaign Data — Input Content and Output Content are retained for the duration of your subscription to allow you to access historical campaigns, and deleted within 90 days of account closure.
End-User Contact Data — Contact lists and messaging data you upload are retained for the duration of your subscription and deleted within 30 days of account closure or upon your earlier written request.
Support Communications — Retained for up to 3 years from the date of the communication.
Usage and Analytics Data — Aggregated and anonymised usage data may be retained indefinitely. Identifiable usage logs are retained for up to 12 months.
Legal Hold — Notwithstanding the above, we may retain data for longer periods where required for legal proceedings, regulatory investigations, or enforcement of our legal rights.
When data is no longer required, we securely delete or anonymise it using methods appropriate to the sensitivity of the data.
9. Your Privacy Rights
Depending on your jurisdiction, you may have some or all of the following rights in relation to your personal data. We honour these rights for all users to the extent legally required and operationally practicable.
Right of Access You have the right to request a copy of the personal data we hold about you, along with information about how we use it and with whom we share it.
Right to Rectification You have the right to request that we correct inaccurate or incomplete personal data we hold about you.
Right to Erasure You have the right to request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and no other legal basis applies, where you have objected to processing and we have no overriding legitimate grounds, or where the data has been unlawfully processed.
Right to Restriction of Processing You have the right to request that we restrict processing of your personal data in certain circumstances, including where you contest the accuracy of the data or where you have objected to processing pending verification of our legitimate grounds.
Right to Data Portability Where processing is based on your consent or the performance of a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object You have the right to object to processing of your personal data for direct marketing purposes at any time, and this right is absolute. You may also object to processing based on our legitimate interests, in which case we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defence of legal claims.
Right to Withdraw Consent Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Right Not to Be Subject to Automated Decision-Making You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects concerning you, except where such processing is necessary for the performance of a contract, authorised by law, or based on your explicit consent.
How to Exercise Your Rights To exercise any of the rights described in this section, please submit a request to privacy@mycrofthub.com with the subject line "Privacy Rights Request." We will respond within the timeframe required by applicable law — typically within 30 days. We may require you to verify your identity before processing your request. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
10. Cookies and Tracking Technologies
10.1 What We Use
We use cookies, pixel tags, web beacons, and similar tracking technologies on mycrofthub.com and within the Service. These technologies help us operate the Service, remember your preferences, understand how you use the Service, and deliver relevant communications.
10.2 Types of Cookies We Use
Strictly Necessary Cookies These cookies are essential for the Service to function and cannot be switched off. They include cookies that authenticate your session, maintain your login state, and remember your security settings. No consent is required for these cookies.
Performance and Analytics Cookies These cookies collect information about how you use the Service — which pages you visit, how long you spend, where you encounter errors, and similar usage statistics. We use this data to improve the Service.
Functional Cookies These cookies allow the Service to remember choices you have made — such as your preferred language, timezone, or dashboard layout — to provide a more personalised experience.
Marketing and Targeting Cookies We may use cookies from third-party advertising platforms to track conversions and measure the effectiveness of our marketing campaigns. These cookies are only placed with your consent where required by law.
10.3 Managing Cookies
You can manage your cookie preferences through our cookie consent tool, which appears when you first visit mycrofthub.com. You can also manage cookies through your browser settings — most browsers allow you to block or delete cookies. Please be aware that disabling certain cookies may affect the functionality of the Service.
10.4 Do Not Track
Some browsers include a "Do Not Track" feature that signals to websites that you do not wish to be tracked. Our Service does not currently respond to Do Not Track signals, as there is no consistent industry standard for how they should be interpreted. We will update this Policy if that position changes.
11. Security of Your Personal Data
We implement a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Technical Measures Encryption of data in transit using TLS 1.2 or higher; encryption of sensitive data at rest using AES-256 or equivalent; secure, hashed storage of passwords using industry-standard algorithms; regular security vulnerability assessments and penetration testing; multi-factor authentication options for user accounts; automated intrusion detection and monitoring systems; and access controls limiting data access to authorised personnel on a need-to-know basis.
Organisational Measures Data protection training for all staff with access to personal data; data access logging and audit trails; incident response procedures for data breaches; vendor security assessments for all sub-processors; and internal data protection policies and procedures.
Data Breach Notification In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulatory authorities in accordance with applicable law. Notifications will describe the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address it.
Despite our security measures, no transmission of data over the internet or electronic storage system is completely secure. You use the Service at your own risk and are responsible for maintaining the security of your account credentials.
12. Data Processing Terms for Business Users
12.1 Controller and Processor Relationship
When you use the Service to process personal data belonging to your own customers and contacts — for example, by uploading contact lists for WhatsApp campaigns or collecting leads through the web chat agent — you act as the data controller and we act as the data processor in relation to that End-User Data.
12.2 Our Obligations as Processor
As your data processor, we commit to processing End-User Data only on your documented instructions; ensuring that personnel authorised to process End-User Data are bound by appropriate confidentiality obligations; implementing the technical and organisational security measures described in Section 11; assisting you in responding to data subject rights requests from your end-users to the extent technically feasible; notifying you promptly if we become aware of a personal data breach affecting End-User Data; and deleting or returning End-User Data upon termination of the Service or your written request.
12.3 Your Obligations as Controller
You are responsible for ensuring that you have a valid legal basis for processing your end-users' personal data, that you have provided them with appropriate notice, and that any data you upload to the Service was collected lawfully. You must not use the Service to process special categories of sensitive personal data — including health data, biometric data, racial or ethnic origin, political opinions, or criminal record data — without explicit legal authority and our prior written consent.
12.4 Data Processing Agreement
If your use of the Service requires a formal Data Processing Agreement, please contact privacy@mycrofthub.com to request our standard agreement, which supplements these Terms and governs our processing of End-User Data.
13. Children's Privacy
The Service is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at privacy@mycrofthub.com and we will promptly delete that data from our systems.
If you use The Network or The Consultation features, you must ensure that your contact lists and chat agent interactions do not involve the collection or processing of personal data from individuals under 18 without appropriate verifiable parental consent and in compliance with applicable law.
14. Marketing Communications
With your consent, or where we have a legitimate interest in marketing to existing customers, we may send you communications about new features, product updates, case studies, tips, special offers, and other information relating to the Service.
You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email we send you, updating your communication preferences in your account settings, or sending a request to privacy@mycrofthub.com with the subject line "Unsubscribe."
Opting out of marketing communications will not affect your receipt of transactional communications — such as account notifications, billing receipts, and security alerts — which we will continue to send as necessary to provide the Service.
15. Third-Party Links and Services
The Service may contain links to third-party websites, platforms, or services. This Privacy Policy applies only to Mycrofthub and does not govern the privacy practices of any third party. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service. We are not responsible for the content, privacy practices, or data handling of third-party services.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by sending an email to the address associated with your account, posting a prominent notice within the Service, and updating the "Last Updated" date at the top of this Policy.
Your continued use of the Service after the effective date of any updated Policy constitutes your acceptance of the changes. If a change materially reduces your privacy rights, we will seek your affirmative consent where required by law. We encourage you to review this Policy periodically to stay informed about how we protect your data.
17. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact us:
Mycroft Technologies Ltd Privacy & Data Protection
- privacy@mycrofthub.com
- mycrofthub.com/privacy
We will respond to all enquiries within 30 days, and within shorter timeframes where required by applicable law. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.
This Privacy Policy was last reviewed and updated on April 11, 2026.
Mycrofthub — Your Marketing Intelligence. Automated. mycrofthub.com