Last Revised: 27 May 2025
Media Gridz is a service provided by Media Gridz LTD ("Media Gridz", "we", "us" or "our"), a company registered in Bulgaria (UIC/PIC 208250118) with its registered office at Georgi Partsalev 26, 1415 Sofia, Bulgaria.
This Privacy Policy explains how we collect, use, disclose, retain and protect your Personal Data when you visit or use app.mediagridz.com and any related websites, applications, integrations, products or services that link to this Policy (collectively, the "Service"). It is drafted to comply with:
Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR"), including its UK extension;
The California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"); and
Developer and platform policies published by Meta Platforms, Inc., TikTok, LinkedIn Corporation, and X Corp. (together, the "Social Platforms").
By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.
1 Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Process" or "Processing" means any operation performed on Personal Data, whether automated or not.
"Controller" means the natural or legal person which determines the purposes and means of Processing. For European users, Media Gridz LTD is the Controller. For California residents, Media Gridz is a "business" under the CCPA/CPRA.
"Social Account" means any account a user connects for publishing content to Meta (Facebook, Instagram), TikTok, LinkedIn, X or any other supported Social Platform.
2 Scope of this Policy
This Policy applies to Personal Data we Process about:
visitors to app.mediagridz.com and related domains;
registered users of the Service ("Users"); and
individuals whose Personal Data is provided to us by Users (e.g., when Users upload contact lists or publish Social Platform content).
This Policy does not apply to Personal Data that is processed solely by a Social Platform under its own privacy policy once content leaves our Service.
3 What Personal Data We Collect
Category (CPRA) | Examples | Source | Purpose |
|---|---|---|---|
Identifiers | Name, email, postal address (if supplied), Social Account user ID, IP address, device ID | Directly from User; Social Platform APIs | Account creation; authentication; communications; security |
Internet / Network Activity | Log files, device type, browser, pages viewed, interaction data | Cookies & tracking tech; analytics providers | Service provisioning; analytics; fraud prevention |
Commercial Information | Subscription tier, purchase history | Billing processor | Contract performance; customer service |
Geolocation (coarse) | Country/region inferred from IP | Cookies; analytics | Compliance; localization |
Professional Information | Employer, job title (if supplied) | Directly from User; LinkedIn API (with consent) | Personalisation; B2B marketing |
User‑Generated Content | Blog URLs, article metadata, template selections, images, text, Social Posts | Directly from User; Templated.io | Core functionality (template generation & publishing) |
Sensitive Personal Information (SPI) | Account login + password | Directly from User | Authentication – not used for profiling or shared with third parties |
We do not intentionally collect: government‑issued identifiers, precise geolocation, biometric templates, or information about children under 13.
4 Sources of Personal Data
Direct interactions – information you provide when you create or modify your account, post content, contact support or participate in surveys.
Automated technologies – cookies, pixels and similar technologies that record technical data about your device and usage.
Integrated services – data returned by:
Templated.io API – article title, excerpt, thumbnail, template ID.
Social Platform APIs – account handle, page ID, access tokens, basic profile fields, and performance metrics strictly as authorised by you.
Third‑party analytics & communications – Google Analytics, Microsoft Clarity, SendGrid, Stripe (billing), etc.
5 Legal Bases for Processing (GDPR)
Purpose | Legal Basis |
Provide and secure the Service | Art 6(1)(b) Contract (performance of contract) & Art 6(1)(f) Legitimate Interest |
Connect and operate Social Accounts | Art 6(1)(b) Contract |
Template generation via Templated.io | Art 6(1)(b) Contract |
Analytics & product improvement | Art 6(1)(f) Legitimate Interest (optimise & innovate) + Consent where required for cookies |
Marketing communications (email) | Art 6(1)(a) Consent or Art 6(1)(f) Legitimate Interest (B2B soft opt‑in) |
Compliance with legal obligations | Art 6(1)(c) Legal Obligation |
Where we rely on Legitimate Interest, we have balanced our interests against your rights and freedoms and determined that they are not overridden.
6 How We Use Social Platform APIs & Templated.io
We access Social Platform APIs only after you have expressly granted permissions via the relevant OAuth flow.
Data obtained from each Social Platform is used solely to (a) publish, schedule or analyse content you select, and (b) display analytics you request.
We store Social Platform access tokens in encrypted form and refresh or revoke them in accordance with the platform’s terms.
We never sell, rent, transfer or use Social Platform data for any unsupported purpose such as building user profiles, advertising audiences or AI training.
We comply with:
Meta Platform Terms, Developer Policies & Data Protection Addendum (including Limited Data Use & Custom Audience requirements).
TikTok Developer Terms (including user notice & retention limits).
LinkedIn API Terms & Marketing Developer Platform Policy (including member‑editable lead forms and 30‑day deletion requirements).
X Developer Agreement & Policy (including no caching of deleted content and no biometrics processing without consent).
7 Cookies & Similar Technologies
We use:
Essential cookies – required for authentication and security.
Analytics cookies – with your consent where legally required.
Advertising/Marketing cookies – only if you opt in.
Cookie banner controls enable you to accept or reject non‑essential cookies at any time. You can also adjust browser settings to prevent cookies from being set.
8 Disclosure of Personal Data
We disclose Personal Data only as necessary and with appropriate safeguards:
Recipient | Purpose | Safeguard |
Templated.io | Generate templates | EU SCCs / DPA |
Social Platforms (Meta, TikTok, LinkedIn, X) | Publish content & retrieve analytics | Platform Developer Agreements |
Service Providers (cloud hosting, analytics, email, billing) | Operate Service | Contracts incl. GDPR Article 28 clauses |
Authorities & Advisors | Legal compliance, dispute resolution | Duty of confidentiality |
Business transferees | Corporate re‑organisation | Contractual obligation to honour this Policy |
We do not "sell" or "share" Personal Data for cross‑context behavioural advertising as those terms are defined under the CPRA.
9 International Transfers
We are headquartered in the EU. When we transfer Personal Data to a country that has not received an adequacy decision (e.g., the United States), we rely on:
Standard Contractual Clauses (SCCs) adopted by the European Commission;
Implementation of additional technical and organisational measures such as encryption in transit and at rest.
10 Data Retention
We retain Personal Data no longer than 3 years after the later of (i) account termination or (ii) last interaction, unless a longer period is required by law or necessary to establish, exercise or defend legal claims. Social Platform data cached for analytics is automatically purged within 90 days unless you request earlier deletion.
11 Security Measures
We maintain ISO‑aligned administrative, technical and physical safeguards, including:
AES‑256 encryption of sensitive data at rest;
TLS 1.2+ encryption in transit;
Role‑based access controls & MFA for staff;
Continuous vulnerability scanning & annual penetration testing;
Incident response plan in accordance with GDPR Art 33/34 & CPRA §1798.150.
12 Your Rights
12.1 EU/UK Residents (GDPR)
You have the right to access, rectify, erase, restrict or object to Processing, and the right to data portability. Where Processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of Processing before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.
12.2 California Residents (CCPA/CPRA)
You have the right to:
Know the categories of Personal Information we collect, the purposes, and categories of recipients.
Access & Portability – receive a copy of the specific Personal Information collected about you in the past 12 months.
Delete Personal Information (subject to exceptions).
Correct inaccurate Personal Information.
Opt Out of the "sale" or "sharing" of Personal Information (we do not sell/share but still provide a mechanism).
Limit Use of Sensitive Personal Information to uses authorised by Cal. Civ. Code §1798.121.
Non‑Discrimination for exercising any of these rights.
You or your authorised agent may submit a verifiable consumer request ("VCR") via the methods in Section 13. We will verify your identity by matching at least two data points and respond within 45 days (90 days if extended).
13 Exercising Your Rights & Contact Details
Email: info@mediagridz.com
Postal: DPO, Media Gridz LTD, Georgi Partsalev 26, 1415 Sofia, Bulgaria
Designated EU Representative (Art 27) and UK Representative (UK GDPR) details are available on request.
14 Children’s Privacy (COPPA & GDPR)
The Service is not directed to children under 13. We do not knowingly collect Personal Data from anyone under 13. If we discover such data has been collected, we will delete it promptly and disable the associated account.
15 Changes to this Privacy Policy
We may revise this Policy periodically. We will post the updated version on the Service and, where required by law, obtain your consent or provide advance notice. The "Last Revised" date at the top indicates when the Policy was last updated.
16 Third‑Party Policies & Links
The Service contains links to, or otherwise allows you to interact with, third‑party sites and services. Their privacy practices are governed solely by their own policies. Key links:
Meta Privacy Policy: https://www.facebook.com/privacy/explanation
Instagram Data Policy: https://privacycenter.instagram.com/policy
TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy
LinkedIn Privacy Policy: https://legal.linkedin.com/privacy-policy
X Privacy Policy: https://x.com/en/privacy
Templated.io Privacy Policy: https://templated.io/privacy
Stripe Privacy Policy: https://stripe.com/privacy
If you have any questions about this Policy or our privacy practices, please contact us using the details in Section 13.