Privacy Policy

Effective Date: February 4, 2026

Cromulent Consulting, Inc. ("Company," "we," "us," or "our") operates You've Got Marketing at youvegotmarketing.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account information: Full name, email address, and password (stored as a cryptographic hash, never in plain text).
Organization information: Organization name, team member details, and role assignments.
Brand information: Website URLs, brand descriptions, color palettes, voice preferences, and other brand identity data you submit for analysis.
Prompts and inputs: Text prompts, instructions, and other content you provide to generate AI outputs.
Payment information: Billing details are collected and processed by our payment processor, Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We receive and store a limited record from Stripe (such as your Stripe customer ID and subscription status) to manage your account.

1.2 Information Collected Automatically

Session data: We use session cookies to keep you logged in and to remember your selected organization and time zone preference.
Cookies: We use a small number of essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Specifically:
- A session cookie for authentication
- A "returning_user" cookie to recognize repeat visitors
Usage data: We record credit usage associated with your account, including the type of operation performed (e.g., image generation, copy generation) and the credit cost. This data is used for billing and account management.

1.3 Information from Third-Party Authentication

If you sign in using GitHub, we receive your name, email address, and avatar URL from GitHub. We store this information along with encrypted authentication tokens to maintain your login session. We do not access your GitHub repositories, code, or other GitHub data beyond what is needed for authentication.

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Process your inputs through AI models to generate brand content, marketing plans, images, videos, and copy.
Manage your account: Authenticate your identity, process payments, track credit usage, and manage your subscription.
Improve the Service: Understand how the Service is used to fix bugs, improve features, and develop new functionality.
Communicate with you: Send transactional emails related to your account, such as email verification, password reset, and billing notifications.
Enforce our Terms: Detect and prevent fraud, abuse, and violations of our Terms of Service.

3. How We Share Your Information

3.1 Third-Party AI Providers

This is important. To provide the Service, we send your inputs (such as prompts, brand information, and website URLs) to third-party AI model providers for processing. These providers currently include:

Provider	Purpose	Data Shared
Google (Gemini, Veo)	Brand synthesis, image generation, video generation	Prompts, brand data, website content
OpenAI	Copy generation, chat, marketing planning	Prompts, brand data, conversation context

These providers process your data according to their own privacy policies and terms. We select providers that offer enterprise or API-level data handling agreements, but we encourage you to review their privacy practices. We may change or add AI providers over time as the Service evolves.

We do not use your inputs or generated outputs to train our own AI models. Whether the third-party AI providers use API data for their own model training is governed by their respective policies — for our API-level usage, major providers generally do not use API inputs for training, but you should review their current terms for the most up-to-date information.

3.2 Payment Processor

We use Stripe to process payments. When you provide payment information, it is transmitted directly to Stripe and handled according to Stripe's Privacy Policy. We do not have access to your full payment card details.

3.3 Other Disclosures

We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, subpoena, or court order
Protect and defend our rights or property
Prevent fraud or address security issues
Protect the personal safety of users or the public

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on the Service.

4. Data Retention

Account data is retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.
Generated content (images, videos, copy) is stored in your account until you delete it or your account is terminated.
Billing records are retained for the period required by applicable tax and financial regulations (typically 7 years).
Credit usage records are retained for account management and may be anonymized after account deletion.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

Encrypted password storage using industry-standard cryptographic hashing
Encrypted storage of third-party authentication tokens
HTTPS encryption for all data in transit
Session-based authentication with secure cookie handling

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Your Rights and Choices

6.1 All Users

Regardless of where you are located, you may:

Access your data: View and download your account information and generated content through the Service.
Update your data: Correct inaccurate account information through your account settings.
Delete your account: Request account deletion by contacting us at [email protected].
Delete your content: Remove generated assets through the Service interface.

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
Right to delete: You may request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request.

6.3 European Economic Area, UK, and Swiss Residents

If applicable data protection laws apply to you (such as the GDPR or UK GDPR), you may have additional rights, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. To exercise these rights, contact us at [email protected].

Our legal bases for processing your personal data include: performance of a contract (providing the Service), your consent, and our legitimate interests (improving the Service, preventing fraud).

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at [email protected] and we will take steps to delete such information promptly.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.

9. Third-Party Links

The Service may generate content that references or links to third-party websites. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. The "Effective Date" at the top of this page indicates when this policy was last updated.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Cromulent Consulting, Inc.
Email: [email protected]