Privacy Policy
How MRKTCMD collects, uses, and protects your information.
Effective Date: February 18, 2026 · Last Updated: February 18, 2026
1. Introduction
This Privacy Policy describes how Solved Systems, LLC ("Solved Systems," "we," "us," or "our"), operating the MRKTCMD platform ("MRKTCMD," the "Platform," or the "Service"), collects, uses, discloses, and protects your personal information when you access or use our website, applications, and services at mrktcmd.com.
MRKTCMD is an AI-powered marketing content creation platform that uses artificial intelligence to generate videos, images, and social media content. We use multiple third-party AI services to power these capabilities. This policy explains how your data flows through our platform and these services.
By accessing or using MRKTCMD, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.
2. Who We Are
Entity: Solved Systems, LLC
Product: MRKTCMD (Market Command)
Contact: privacy@solvedsystems.com
Website: mrktcmd.com
For the purposes of the EU General Data Protection Regulation (GDPR) and applicable data protection laws, Solved Systems, LLC is the data controller responsible for your personal information.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information: Name, email address, and profile photo (provided via GitHub OAuth authentication)
- Brand Information: Brand names, logos, color palettes, taglines, website URLs, and brand guidelines you configure
- Content Inputs: Text prompts, descriptions, feature lists, and other creative inputs you provide for AI content generation
- Uploaded Media: Images, logos, and other media files you upload for use in content generation
- Payment Information: Billing details processed through Stripe (we never store credit card numbers on our servers)
- Communications: Messages you send to us for support or feedback
3.2 Information Collected via Third-Party Integrations
- GitHub Data: When you connect your GitHub account, we access your public profile information (name, email, avatar), repository metadata (names, descriptions, languages, release notes), and organization memberships. We access repositories using the
read:user,user:email,repo, andread:orgscopes. - LinkedIn Data: If you connect your LinkedIn account, we access your basic profile information and use publishing permissions to post content on your behalf. We only access data within the scopes you explicitly authorize.
3.3 Information Collected Automatically
- Usage Data: Features used, content generated, credits consumed, and interactions with the Platform
- Device Information: Browser type, operating system, and device type
- Log Data: IP address, access times, pages viewed, and referring URLs
- Cookies: Authentication cookies (persistent, up to 7 days) for session management and essential platform functionality (see Section 14)
4. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To create and manage your account, process subscriptions, generate AI-powered content (videos, images, social posts), and provide customer support
- AI Content Generation: To send your prompts, brand information, and creative inputs to our AI service providers (Anthropic Claude, xAI Grok, OpenAI) for content generation
- Video Rendering: To process your content through our server-side video rendering pipeline using AWS Lambda and Remotion
- Social Publishing: To publish content to connected social media platforms (LinkedIn, and others as added) on your behalf and at your direction
- GitHub Integration: To read your repository data and generate marketing content based on your releases, features, and project information
- Billing and Payments: To process subscriptions, track credit usage, and manage your billing through Stripe
- Platform Improvement: To analyze aggregate, de-identified usage patterns to improve our Service
- Security: To detect and prevent fraud, abuse, and unauthorized access
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Contract performance |
| AI content generation | Contract performance |
| Payment processing via Stripe | Contract performance |
| GitHub repository access | Consent (OAuth authorization) |
| LinkedIn publishing | Consent (OAuth authorization) |
| Platform security and fraud prevention | Legitimate interest |
| Analytics (aggregate, de-identified) | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
Where we rely on consent, you may withdraw your consent at any time. Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting us.
6. AI-Generated Content and Automated Processing
IMPORTANT DISCLOSURE
MRKTCMD uses artificial intelligence to generate marketing content including videos, images, and text. All content produced through our Platform is AI-generated. You should review all AI-generated content before publishing or distributing it.
6.1 AI Services We Use
When you use MRKTCMD to generate content, your inputs (prompts, brand information, text) are sent to the following AI service providers for processing:
- Anthropic (Claude): Used for AI-powered text generation, content editing, and the video editor chat copilot. Anthropic does not use API data for model training. Data is retained for up to 30 days, then deleted.Anthropic Privacy Policy
- xAI (Grok): Used for image generation, image-to-video animation, and video generation. xAI does not use enterprise API data for model training. Data is automatically deleted within 30 days.xAI Privacy Policy
- OpenAI: Used for supplementary AI processing. OpenAI does not use API data for model training by default. Data is retained for up to 30 days for abuse monitoring.OpenAI Privacy Policy
6.2 Content Ownership
You own the content you generate through MRKTCMD, subject to the terms of our third-party AI providers. All three AI providers (Anthropic, xAI, and OpenAI) assign their rights in generated outputs to the user. However, AI-generated outputs may not be unique — other users could receive similar outputs from similar prompts. Under current law, purely AI-generated content without substantial human creative contribution may have limited copyright protection. See our Terms of Service for full details on content ownership.
6.3 AI Transparency Requirements
In compliance with the EU AI Act (Article 50) and applicable U.S. state transparency laws, we disclose that all content produced through MRKTCMD is AI-generated. When you publish AI-generated content to social platforms or other channels, you are responsible for complying with applicable disclosure requirements in your jurisdiction, including clearly labeling content as AI-generated where required by law.
xAI requests that content generated using Grok be attributed with "Created with Grok" where published. We recommend including appropriate AI attribution when distributing AI-generated content.
6.4 Automated Decision-Making
MRKTCMD uses AI to generate creative marketing content based on your inputs. This processing does not produce legal effects or similarly significantly affect you as a data subject. We do not use automated decision-making for profiling, credit scoring, employment decisions, or any other decisions with legal or significant effects. You have the right to request human review of any AI-generated output before it is published.
7. Third-Party Services and Data Sharing
We share your information with the following categories of third-party service providers, solely for the purposes described in this policy. We do not sell your personal information to any third party.
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and storage | Account data, content metadata, brand information, generated asset URLs |
| Stripe | Payment processing | Name, email, billing address, payment method (card details processed directly by Stripe) |
| GitHub | Authentication and repo data | OAuth tokens, profile data, repository metadata, release notes |
| AWS (Amazon Web Services) | Video rendering infrastructure | Content inputs (text, images, brand assets) for server-side video rendering via Lambda |
| Anthropic | AI text generation | Text prompts, brand context, content editing instructions |
| xAI | AI image and video generation | Image files, text prompts, video generation parameters |
| OpenAI | Supplementary AI processing | Text prompts and content inputs |
| Social media publishing | Generated content (videos, images, text) published at your direction |
7.1 Stripe Payment Processing
We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.
7.2 No Data Selling
We do not sell, rent, lease, or trade your personal information to any third party for their marketing or advertising purposes. None of our AI service providers use your API data to train their AI models.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 60 days after deletion |
| Generated content (videos, images) | Duration of account (deleted upon account closure) |
| Brand information | Duration of account (deleted upon account closure) |
| Payment records | As required by tax and financial regulations (typically 7 years) |
| LinkedIn profile data (non-authenticated members) | 24 hours (cache only) |
| LinkedIn social activity data | 48 hours |
| GitHub OAuth tokens | Duration of account (revoked upon disconnection) |
| LinkedIn OAuth tokens | Until expiry or disconnection (immediately deleted upon revocation) |
| AI processing data (at provider) | Up to 30 days (per provider retention policies) |
| Server logs | 90 days |
When you delete your account or request data deletion, we delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).
10. International Data Transfers
MRKTCMD is operated from the United States. If you are accessing the Platform from the European Economic Area (EEA), United Kingdom, Switzerland, or any other region with data protection laws that differ from U.S. law, your personal information will be transferred to and processed in the United States and potentially other countries where our service providers operate.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:
- Standard Contractual Clauses (SCCs): We have Data Processing Agreements incorporating the European Commission-approved Standard Contractual Clauses with our subprocessors (Supabase, AWS, Stripe, Anthropic, xAI, OpenAI)
- EU-U.S. Data Privacy Framework: Where applicable, our service providers participate in the EU-U.S. Data Privacy Framework
You may request a copy of the applicable data transfer safeguards by contacting us at privacy@solvedsystems.com.
11. Your Privacy Rights
11.1 Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Right to Restrict Processing: Request that we limit how we use your data while a dispute is resolved
- Right to Data Portability: Receive your personal data in a structured, machine-readable format (JSON or CSV)
- Right to Object: Object to processing based on legitimate interest, including for direct marketing
- Right to Withdraw Consent: Where processing is based on consent, withdraw at any time without affecting prior processing
- Right Regarding Automated Decision-Making: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects
11.2 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@solvedsystems.com. We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days with prior notice. We do not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.
11.3 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities can be found at edpb.europa.eu.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.
12.1 Categories of Personal Information Collected
| CCPA Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email, GitHub username, IP address | You, GitHub OAuth |
| Commercial information | Subscription plan, payment history, credits purchased | You, Stripe |
| Internet/electronic activity | Feature usage, pages viewed, content generated | Automatic collection |
| Geolocation data | Approximate location from IP address | Automatic collection |
| Audio, visual, electronic | Uploaded images, generated videos | You |
| Inferences | Content preferences, usage patterns | Derived from usage |
12.2 Your California Rights
- Right to Know: Request disclosure of what personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
12.3 How to Submit a Request
California residents may submit requests by emailing privacy@solvedsystems.com. We will verify your identity before processing any request. We will respond within 45 days, with the possibility of a 45-day extension for complex requests with prior notice.
13. Do Not Sell or Share My Personal Information
MRKTCMD does not sell your personal information. We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising purposes.
We honor the Global Privacy Control (GPC) signal as a valid opt-out mechanism. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information.
15. Children's Privacy
MRKTCMD is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@solvedsystems.com and we will promptly delete such information from our systems.
16. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption in Transit: All data transmitted to and from MRKTCMD is encrypted using TLS 1.2 or higher
- Encryption at Rest: Data stored in our database (Supabase) is encrypted at rest using AES-256
- Authentication Security: OAuth 2.0 authentication with secure token management; we never store passwords
- Payment Security: Credit card data is handled entirely by Stripe (PCI Level 1 certified) and never touches our servers
- Access Controls: Role-based access controls with administrative audit logging
- Infrastructure Security: Our infrastructure providers (Supabase, AWS, Vercel) maintain SOC 2 Type 2 certifications
While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. If you become aware of any unauthorized access to your account, please contact us immediately.
17. Email Communications
In compliance with the CAN-SPAM Act and applicable email marketing laws:
- We will not send you marketing emails without your prior consent
- All marketing emails include a clear unsubscribe mechanism that remains functional for at least 30 days
- We honor unsubscribe requests within 10 business days
- Transactional emails (account confirmations, billing receipts, security alerts) may be sent without separate consent as they are necessary for service operation
- All emails include our valid physical mailing address
- We do not use deceptive subject lines or misleading header information
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email or through a prominent notice on our Platform
- Where required by law, obtain your consent before applying material changes to data processing
We encourage you to review this policy periodically. Your continued use of MRKTCMD after any changes constitutes acceptance of the updated policy.
19. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@solvedsystems.com
Entity: Solved Systems, LLC
Subject Line: "Privacy Request — MRKTCMD"
We aim to respond to all privacy-related inquiries within 30 days.
8. Social Platform Integrations
8.1 GitHub
MRKTCMD uses GitHub OAuth for authentication and to access your repository data for content generation. We request access to your user profile, email address, repositories (including private repos you grant access to), and organization memberships. We use this data solely to authenticate you and to generate marketing content based on your projects. We do not modify your repositories, push code, or take any write actions on your GitHub account. You can revoke MRKTCMD's access at any time from your GitHub account settings.
8.2 LinkedIn
If you choose to connect your LinkedIn account, MRKTCMD accesses your basic profile information and uses publishing permissions to post content on your behalf. By connecting LinkedIn, you consent to MRKTCMD storing your LinkedIn OAuth tokens and basic profile data for the purpose of enabling content publishing. We access only the data within the scopes you authorize during the OAuth flow. We comply with LinkedIn's API Terms of Use and data storage requirements, including deleting all LinkedIn data immediately upon your request or when you disconnect your LinkedIn account. You can disconnect LinkedIn at any time from your MRKTCMD settings.
In accordance with LinkedIn's data storage requirements: we cache non-authenticated member profile data for no more than 24 hours, social activity data for no more than 48 hours, and we refresh profile data only when you are actively using the Platform.