This privacy policy describes how Future Marketing AI (FutureMarketingAI) collects, uses, stores and protects personal data in connection with our AI Marketing Employee platform. FutureMarketingAI is committed to protecting the privacy of our subscribers, their clients and end users, in compliance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection laws. This policy applies to all data processed through our platform and website.
1. Data we collect
We collect the following categories of personal data: Account data (name, email address, company name, billing information), Client workspace data (brand voice documents, social media account connections, content schedules, audience profiles), Usage data (platform activity logs, feature usage, execution counts) and AI interaction data (chat messages with AI agents, voice call transcripts, content generation prompts). We do not intentionally collect special categories of personal data (special categories under GDPR Article 9).
2. Purpose of processing
We process personal data for the following purposes: providing AI Marketing Employee services (content creation, voice agent operations, lead qualification, social media management, ad creation, reporting), improving service quality and AI performance through aggregated usage analysis, billing and subscription management, providing technical support and customer service, and complying with legal obligations including tax, accounting and regulatory requirements.
3. Legal basis
Our processing of personal data is based on the following legal grounds: performance of a contract (GDPR Article 6(1)(b)) for providing our subscribed services, legitimate interest (GDPR Article 6(1)(f)) for service improvement, security monitoring and fraud prevention, consent (GDPR Article 6(1)(a)) for analytics cookies and optional marketing communications, and legal obligation (GDPR Article 6(1)(c)) for tax and regulatory compliance.
4. AI data processing
Our AI Marketing Employee processes data as follows: the Content Creator skill uses brand voice documents and content briefs to generate marketing content. Only the minimum context needed is sent to AI providers. The Voice Agent skill processes call audio for speech recognition and response generation. Recordings are retained for 90 days for quality assurance. The Lead Qualifier skill analyzes form submissions and chat messages to score and route leads. Lead scoring is advisory; no automated decisions are made. AI providers (OpenAI, Anthropic) process data under a Zero Data Retention policy, meaning your data is not used to train AI models.
5. Sub-processors
We use the following key sub-processors to deliver our services: OpenAI (content generation, US with EU Data Privacy Framework certification), Anthropic (content generation, US with EU Data Privacy Framework certification), Supabase (database and authentication, EU region, Frankfurt), Vercel (hosting and CDN, EU and global regions) and Vapi (voice agent processing, US). A complete and current list of sub-processors is maintained in our Data Processing Agreement. We notify subscribers at least 30 days in advance of new sub-processors.
6. Data retention
Active accounts: all data is retained for the duration of the service agreement. After termination: a 30-day export window is provided, after which all data is permanently deleted. Voice recordings and chat logs: retained for 90 days after processing for quality assurance and dispute resolution. Platform logs: retained for 90 days. Backups: deleted within 30 days after deletion of source data. Billing records: retained in accordance with Dutch tax law (7 years).
7. Your rights
Under the GDPR, you have the right to: access your personal data and receive a copy, rectify inaccurate or incomplete personal data, erase your personal data (right to be forgotten), restrict the processing of your personal data, data portability (receive your data in a structured, machine-readable format), object to processing based on legitimate interest and withdraw consent at any time for consent-based processing. To exercise any of these rights, contact us at privacy@future-marketing.ai. We respond within 30 days as required by the GDPR.
8. International data transfers
Some of our sub-processors are located outside the EU/EEA, mainly in the United States. For these transfers we rely on the following safeguards: the EU-US Data Privacy Framework (DPF) for certified US companies (OpenAI, Anthropic, Vercel, Stripe) and Standard Contractual Clauses (SCCs) approved by the European Commission where DPF certification is not available. Where possible we use EU data center regions to minimize international transfers. We closely follow legal developments around international transfers, including any challenges to the DPF.
9. Contact and supervisory authority
Data controller: Future Marketing AI, the Netherlands. For privacy inquiries, data subject requests or complaints: privacy@future-marketing.ai. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) at autoriteitpersoonsgegevens.nl.