Marketing Powered Privacy Policy

Marketing Powered takes data privacy seriously. This privacy policy explains how we collect, use, store, and protect information when you interact with our website, services, and marketing platforms. We believe transparency builds trust, and trust is foundational to every client relationship we maintain.

As a marketing agency specializing in behavioral health and mental health verticals, we operate under heightened awareness of data sensitivity. Our clients serve vulnerable populations, and that responsibility extends to how we handle information at every level of our operations. This document reflects our commitment to meeting and exceeding the standards set by major privacy frameworks.

We comply with the General Data Protection Regulation (GDPR) for individuals in the European Economic Area, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and applicable federal and state privacy laws in the United States. These regulations establish baseline protections for personal data, and our internal policies build additional safeguards specific to healthcare-adjacent marketing.

This privacy policy applies to all visitors to marketingpowered.ai, prospective clients who submit information through our forms, current clients whose data we process as part of service delivery, and any individual whose information we may receive through our marketing activities. If you have questions after reading this document, we encourage you to reach out directly.

When you fill out a contact form, request an audit, or book a discovery call, you may provide your name, email address, phone number, company name, job title, and details about your marketing needs. We use this information to respond to your inquiry, evaluate potential fit for our services, and communicate relevant information about Marketing Powered.

If you become a client, we collect additional information necessary for service delivery: billing details, access credentials to advertising platforms, analytics accounts, and business information relevant to campaign management. This information is processed under the legal basis of contract performance.

When you visit our website, we automatically collect certain technical information: IP address, browser type, device type, operating system, referring URL, pages visited, time spent on pages, and clickstream data. We use cookies and similar tracking technologies to collect this information.

We use Google Analytics and similar tools to understand how visitors interact with our site. This data helps us improve user experience and measure the effectiveness of our own marketing efforts. You can control cookie preferences through your browser settings or through our cookie consent mechanism.

We process personal data for the following purposes:

• Responding to inquiries and providing requested information about our services
• Evaluating potential client relationships and assessing fit
• Delivering contracted marketing services to clients
• Improving our website functionality and user experience
• Sending relevant communications about our services (with consent where required)
• Meeting legal obligations and protecting our legitimate business interests
• Analyzing aggregate trends to improve our service offerings

Marketing Powered does not sell personal information to third parties. We do not rent, trade, or otherwise monetize the data you provide to us. This applies to all categories of personal information we collect.

We may share information with service providers who assist in our operations, hosting providers, email platforms, analytics tools, but these providers are contractually bound to use data only for the purposes we specify and to maintain appropriate security measures. We require all third-party processors to demonstrate compliance standards aligned with our own policies.

Depending on your location and applicable law, you may have specific rights regarding your personal data. We honor these rights regardless of whether they are legally required in your jurisdiction, because we believe data control should be accessible to everyone who interacts with our services.

If you are located in the European Economic Area, you have the right to access personal data we hold about you, rectify inaccurate or incomplete data, erase your data under certain circumstances (the 'right to be forgotten'), restrict processing of your data, data portability (receiving your data in a structured, machine-readable format), object to processing based on legitimate interests, and withdraw consent at any time for processing based on consent.

To exercise these data rights, submit a request through the contact information provided at the end of this policy. We will respond within 30 days, as required by GDPR.

California residents have the right to know what personal information we collect, disclose, and sell (we do not sell), request deletion of personal information, opt out of the sale of personal information (again, we do not sell), and non-discrimination for exercising privacy rights.

We will not deny you services, charge different prices, or provide a different quality of service because you exercise your CCPA rights. To submit a request, use the contact information below or email privacy@marketingpowered.ai.

When you submit a data rights request, we may need to verify your identity before processing. This protects against unauthorized access to your information. We typically verify identity by confirming information you previously provided to us.

We respond to verified requests within the timeframes required by applicable law: 30 days for GDPR requests, 45 days for CCPA requests (with a possible 45-day extension if necessary and communicated).

Protecting your data requires both technical controls and organizational discipline. Marketing Powered implements multiple layers of security across our infrastructure, and we maintain security practices that reflect our work in regulated healthcare verticals.

We employ encryption in transit (TLS/SSL) for all data transmitted to and from our website. Sensitive data at rest is encrypted using industry-standard protocols. Access to systems containing personal data is restricted to authorized personnel through role-based access controls and multi-factor authentication.

Our infrastructure includes firewalls, intrusion detection systems, and regular security monitoring. We conduct periodic vulnerability assessments and address identified issues promptly. Our proprietary AI systems operate on controlled infrastructure with data sovereignty as a core design principle.

All Marketing Powered team members with access to personal data receive training on data protection responsibilities. We maintain written information security policies that govern data handling across all operations.

We limit data access to personnel who need it for legitimate business purposes. We maintain audit logs of access to sensitive systems. We have incident response procedures in place to detect, investigate, and respond to potential data breaches.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR for authority notification).

We retain personal data only as long as necessary for the purposes described in this policy. For prospective clients who do not engage our services, we typically retain contact information for up to 24 months unless you request earlier deletion. For clients, we retain data for the duration of our engagement plus the period required by applicable legal and contractual obligations.

When data is no longer needed, we securely delete or anonymize it. Anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.

Marketing Powered operates in a regulatory environment that demands attention to multiple overlapping frameworks. Our compliance posture reflects both legal requirements and the heightened expectations of healthcare-adjacent marketing.

For processing activities involving EEA residents, we identify and document a lawful basis for each processing activity, like consent, contract performance, legitimate interest, or legal obligation. We maintain records of processing activities as required by Article 30. We have designated a privacy point of contact to address inquiries and coordinate compliance activities.

We conduct data protection impact assessments when processing activities present a high risk to individuals. Cross-border data transfers outside the EEA are conducted using approved mechanisms such as Standard Contractual Clauses.

We provide California residents with required disclosures about data collection and use. We have implemented processes to respond to consumer requests within statutory timeframes. We do not sell personal information, and we do not use sensitive personal information for purposes beyond those permitted without additional consent.

Our service provider contracts include CCPA-required provisions restricting further use or sale of personal information received from us.

While Marketing Powered is not a covered entity under HIPAA, we operate with HIPAA awareness, given our focus on behavioral health and mental health clients. We do not collect, store, or process protected health information (PHI) through our website or general marketing activities.

Our client service agreements address data handling responsibilities clearly, including any circumstances where we might receive information that could constitute PHI. We maintain LegitScript awareness for advertising in addiction treatment and behavioral health, and we respect Google Ads sensitive healthcare vertical restrictions, including the prohibition on behavioral health retargeting.

We regularly review our practices against evolving privacy regulations and industry standards. Our AI-native approach since 2022 includes data sovereignty principles: keeping sensitive processing on controlled infrastructure rather than routing through third-party APIs without appropriate safeguards.

If you have questions about this privacy policy or wish to exercise your data rights, we want to hear from you. Our team responds to privacy inquiries within 5 business days under normal circumstances, and within statutory timeframes for formal data rights requests.

For general privacy questions, data rights requests, or concerns about how we handle user data, you can reach us at: privacy@marketingpowered.ai. You may also submit a request through our website contact form, noting that your inquiry relates to privacy matters.

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we can attempt to resolve any issues directly.

We review and update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, and business operations. Material changes will be communicated through our website. The 'Last Updated' date at the top of this policy indicates when revisions were last made.

Your continued use of our website and services after policy updates constitutes acceptance of the revised terms. We recommend reviewing this policy periodically to stay informed about how we protect your data.

If you have questions about how Marketing Powered handles your data, want to exercise your privacy rights, or need clarification on any aspect of this policy, we are available to help. Our team can also address questions about our compliance practices in behavioral health and mental health marketing.