Privacy Policy

1. Who we are

Activemark HQ is a data validation platform operated by Activemark LLC, based in Westford, Massachusetts, USA. The platform helps marketing and data teams validate audience files against campaign briefs before activation.

References to "we", "us", or "Activemark" in this policy mean Activemark LLC. References to "you" mean the individual or organisation using the platform.

2. What data we collect

Account information

When you register, we collect your name, email address, and a hashed password. We store the organisation name you provide. We do not store passwords in readable form.

Uploaded audience files

When you upload a file for validation or a brief audit, the file is stored temporarily on our servers. The file is used only to perform the operation you requested — profiling, validation, or brief scoring. File contents are never stored in the database; only aggregate statistics are saved (row counts, field names, null rates, scores).

For brief audits, the original file is retained on disk until the run record is purged by your organisation's retention policy, so that the Filter & Fix feature can operate on it. For validation runs, the file is read in memory and discarded immediately — nothing is written to disk.

Campaign briefs and run results

Brief text you submit is stored so you can review and revisit past runs. Extracted campaign parameters, scores, gap analysis, and readiness narratives are stored as part of the run record. These are retained according to your organisation's retention tier (see Section 5).

Usage and API logs

We log API calls made to the platform, including the endpoint called, timestamp, and response status. For AI-assisted features (brief interpretation, readiness narrative), we record token counts and estimated costs per call. We do not log the content of uploaded files in these logs.

Cookies and session tokens

We use a single httpOnly cookie to manage your login session (refresh token). We do not use tracking cookies, advertising cookies, or third-party analytics.

3. How we use your data

We use the data we collect solely to operate and improve the Activemark HQ service. Specifically:

• → To perform the validation, profiling, and brief audit operations you request.
• → To authenticate your account and manage your session.
• → To allow you to review past run results and download reports.
• → To monitor platform health and diagnose technical issues.
• → To track AI API usage for billing and cost management purposes.

4. Third-party services

Activemark HQ uses a small number of third-party services to operate:

No other third-party services receive your data. We do not use Google Analytics, Mixpanel, Segment, or any behavioural tracking service.

5. Data retention

Run history (brief audits, validation runs, automation runs, AI usage logs) is retained according to your organisation's retention tier:

Uploaded audience files associated with brief runs are deleted from disk at the same time as the run record. Deletion is permanent. Account information, schemas, suppression lists, and API keys are retained for the lifetime of your account and are not subject to the run history retention window.

For a full explanation of what gets purged and when, see the Data & File Retention section of the Help page.

6. Security

We take reasonable steps to protect your data:

• → All connections are encrypted in transit via HTTPS.
• → Passwords are hashed using bcrypt and are never stored in readable form.
• → API keys are shown in full only once at creation. Only the first 8 characters are displayed thereafter.
• → Session tokens use short-lived JWTs with rotating httpOnly refresh cookies.
• → Organisation data is isolated — one organisation cannot access another's files or run results.

No security measure is perfect. If you believe you have found a security issue, please contact us at [email protected] before disclosing it publicly.

7. Your rights

You can take the following actions at any time:

• → Access your data. All run results, scores, and reports are accessible from within the application.
• → Export run results. Download reports in PDF, Excel, JSON, or HTML format from the Reports page.
• → Delete your data. Contact us to request deletion of your account and all associated data. We will process the request within 30 days.
• → Revoke API keys. Keys can be revoked immediately from the API Keys panel.

Activemark HQ is currently a US-based service primarily serving US users. We do not specifically target users in the European Union or the United Kingdom and do not currently operate under a GDPR compliance framework. If your use of this platform involves personal data of EU or UK residents, please contact us to discuss your requirements before using the service.

8. Changes to this policy

We may update this policy as the platform evolves. When we make material changes — changes that affect what data we collect, how we use it, or who we share it with — we will notify active users by email before the change takes effect. The "last updated" date at the top of this page reflects the most recent revision.

Continuing to use Activemark HQ after a policy update constitutes acceptance of the updated terms.

9. Contact

Questions about this policy or requests regarding your data: