Updated Privacy Policy (Live-Ready v3.1 – Effective January 23, 2026) Privacy Policy Effective Date: January 23, 2026 Last Updated: February 03, 2026
Macleodglba Pty Ltd trading as TheAgencyIQ (ABN 22 665 579 315) ("we", "us", "our", "TheAgencyIQ") is committed to protecting your privacy and personal information. This Privacy Policy sets out in detail how we collect, use, disclose, store, secure, and manage your information when you visit our website (theagencyiq.ai), use our mobile/web applications, or engage with our Services (including AI-powered content generation, smart scheduling, auto-publishing, video orchestration, closed-loop learning engine, platform integrations, and related features).
We operate in compliance with the Australian Privacy Act 1988 (Cth) (including the Australian Privacy Principles (APPs)), the Notifiable Data Breaches scheme, the Queensland Information Privacy Act 2009, and the Australian Consumer Law (ACL) under the Competition and Consumer Act 2010. Where applicable, we align with international standards such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) for users in those jurisdictions.
By accessing or using our Services, you consent to the practices described in this Policy. If you do not agree, please do not use our Services. This Policy is incorporated into our Terms and Conditions. Capitalized terms not defined here have the meanings given in the Terms.
1. Types of Information We CollectWe collect information only to the extent necessary to provide, improve, and secure our Services. We minimize collection and use de-identification where possible.
Personal Information: This includes identifiers such as your name, email address, phone number, postal address, and payment information (processed securely via Stripe – we do not store full credit card details). We also collect social media handles, profile IDs, and access tokens when you connect platforms.
Sensitive Information: We do not collect sensitive personal information (e.g., health, racial origin, political opinions) unless explicitly required for a Service feature and with your express consent. If collected, it is handled with heightened protections.
Usage and Device Data: Automatically collected data includes IP addresses, browser type, operating system, device identifiers, access times, pages viewed, and interaction logs (e.g., clicks, scrolls). We may infer approximate location from IP (but not precise geolocation without consent).
User-Generated Content: Any data you provide, such as AI prompts, brand purpose statements (core statements, pillars, objectives, voice/style guidelines), uploaded images/files, generated content (captions, posts, videos), scheduled items, and preferences (e.g., hashtags, video formats).
Third-Party Platform Data: When you connect social accounts, we collect limited data such as profile details, post metrics (e.g., impressions, likes, comments, reach, engagement rates), and analytics (e.g., watch time for videos). See Section 4 for full permissions details.
Analytics and Cookies Data: Aggregated usage via tools like Google Analytics (with consent-based tracking). We use essential cookies for functionality and optional ones for analytics/marketing – manage via browser settings or our consent banner.
Payment and Billing Data: Transaction details (e.g., subscription tier, billing address) processed via Stripe.
Support and Communication Data: Information from emails, chats, or forms (e.g., queries, feedback).
Children's Data: We do not knowingly collect data from children under 13 (or 16 in GDPR/CCPA regions) without verifiable parental consent. If we discover such data, we delete it immediately.
We do not collect information from third-party sources except as described (e.g., platform APIs).
2. How We Collect InformationDirectly from You: Via account creation, platform connections, content uploads, support interactions, or surveys. Automatically: Through cookies, logs, and device tracking when you use our Services. From Third Parties: Limited to connected platforms (via OAuth permissions) and service providers (e.g., Stripe confirmations). Cookies and Similar Technologies: We use session/persistent cookies for authentication, preferences, and analytics. Third-party cookies (e.g., Google) may be used – opt-out via settings.
3. Purposes for Which We Use InformationWe use your information solely for legitimate purposes tied to our Services: Service Delivery · Personalization and Improvement · Communications · Billing and Payments · Security and Compliance · Analytics and Research · Legal Obligations We do not use information for automated decision-making that produces legal or similarly significant effects without human oversight or your consent.
4. Platform Integrations & Permissions (Exhaustive Disclosure)Integrating with social platforms is core to our Services – enabling auto-publishing and closed-loop learning (post → performance metrics → AI correlations with your brand purpose → optimized future schedules for compounding engagement gains, e.g., +1.6% median deltas per cycle). We request only the minimum permissions via secure OAuth flows. Access tokens are encrypted at rest/transit, auto-refreshed to avoid disruptions, and never shared or used beyond stated purposes. You can revoke access anytime via platform settings or our app – we will delete associated data within 30 days (subject to legal holds). Below is a comprehensive list of permissions per platform, in plain English and technical terms, with exact purposes: Facebook & Instagram (via Meta Business Suite/Pages): Permissions (technical): pages_manage_posts (publish/manage posts), pages_read_engagement (read likes/comments/reactions), read_insights (access Page/post insights like reach/impressions), pages_show_list (list your Pages), business_management (manage business connections), pages_read_user_content (view existing content for context). Purpose & Use: Enables auto-publishing of generated posts/videos on your schedule without manual intervention. Reads performance metrics to feed the closed-loop learning engine (e.g., correlating engagement with pillars/objectives to boost high-performers in future cycles). No access to private messages, friends lists, or unrelated data. LinkedIn (Personal Profiles & Company Pages): Permissions (technical): View profile/email (for secure authentication), post shares/updates on your behalf, manage organization/Page content, read post analytics (impressions, engagement, clicks). Purpose & Use: Allows scheduling and auto-publishing of professional content. Fetches metrics for the learning engine to refine B2B strategies (e.g., weighting thought leadership pillars based on real resonance). Limited to public/authorized data – no access to connections or messages. X (formerly Twitter): Permissions (technical): Read your profile and tweets (for context), post tweets/threads on your behalf, access engagement metrics (likes, retweets, impressions, replies). Purpose & Use: Supports real-time auto-posting. Pulls feedback data into the learning engine for conversational optimization (e.g., identifying witty formats that perform best and increasing them cycle-over-cycle). No access to DMs, followers, or timelines beyond your own. Google/YouTube (Channel Connections): Permissions (technical OAuth scopes): openid (associate with Google info), https://www.googleapis.com/auth/userinfo.email (view primary email), https://www.googleapis.com/auth/userinfo.profile (view public profile info), https://www.googleapis.com/auth/youtube.upload (upload/manage videos), https://www.googleapis.com/auth/youtube.readonly (view channel details/videos readonly), https://www.googleapis.com/auth/yt-analytics.readonly (view analytics reports like views/watch time/engagement), https://www.googleapis.com/auth/youtube (minimal management for uploads/scheduling). Optional: https://www.googleapis.com/auth/yt-analytics-monetary.readonly (monetary reports – not used unless you enable revenue tracking). Purpose & Use: Enables direct video uploads/scheduling from our AI generator. Reads readonly analytics to optimize video mix in the learning engine (e.g., boosting demo formats with high watch time for better ROI). No access to other Google services (e.g., Gmail, Drive) or full account control. These permissions are locked to Service delivery – we do not use them for marketing, profiling, or any other purpose. If a platform changes policies, we may update with notice.
5. Sharing and Disclosure of InformationWe do not sell, rent, or trade your personal information. Disclosures are limited to: Service Providers and Partners: Trusted third parties bound by strict contracts and privacy obligations, such as: Payment processors (Stripe for billing). Hosting/storage (Neon DB, AWS or similar – AU data centers where possible). AI providers (Grok/xAI for content generation – data processed minimally). Analytics tools (Google Analytics – aggregated only). Platform Providers: As required for integrations (e.g., sharing tokens/metrics with Meta for publishing – see Section 4). Legal and Safety Reasons: To comply with laws, respond to subpoenas/court orders, prevent harm, or enforce rights (e.g., fraud detection). Business Transfers: In mergers/acquisitions – with notice and continuity of protections. With Your Consent: For any other purpose you approve. International Data Transfers: Data may be transferred to providers in the US/EU (e.g., for AI processing). We use safeguards like standard contractual clauses, binding corporate rules, or adequacy decisions to ensure equivalent protection.
6. Security MeasuresWe take reasonable steps to protect your information: Encryption (TLS for transit, at-rest for sensitive data). Access controls (role-based, audited). Firewalls, monitoring, and regular security audits. Vulnerability testing and patch management. Employee training on privacy. Despite these measures, no system is 100% secure – we cannot guarantee against breaches, but we commit to prompt notification under the Notifiable Data Breaches scheme (within 30 days of assessment).
7. Data Retention and DeletionWe retain information only as long as necessary: Active accounts: During your use + reasonable period post-cancellation (e.g., for billing disputes). Post-deletion requests: Deleted within 30 days (backups up to 90 days for recovery; anonymized thereafter). Legal holds: Longer if required by law (e.g., tax records 7 years). Automated deletion: Inactive accounts after 12 months (with notice). For account deletion: See Terms – access revoked immediately; data purged per above.
8. Your Privacy RightsYou have rights under Australian law and equivalents: Access: Request a copy of your data. Correction: Update inaccurate information. Deletion: Erase your data (subject to legal exceptions). Portability: Receive data in a structured format. Objection/Restriction: Oppose processing (e.g., marketing). Opt-Out: From marketing emails/cookies (via links/settings). Withdraw Consent: Where processing relies on consent. To exercise: Email support@theagencyiq.ai with details – we respond within 30 days (free, unless excessive). If unsatisfied, complain to the Office of the Australian Information Commissioner (OAIC) or Queensland Office of the Information Commissioner (OIC). For GDPR/CCPA users: Additional rights (e.g., no discrimination for exercising) – contact us for details.
9. Cookies and Tracking TechnologiesWe use: Essential Cookies: For authentication/sessions. Functional Cookies: Preferences (e.g., language). Analytics Cookies: Aggregated insights (Google Analytics – opt-out via browser add-on). Marketing Cookies: Optional – consent required. Manage via our consent banner or browser settings (e.g., Do Not Track honored where possible).
10. Changes to This PolicyWe may update this Policy – material changes notified via email/website (30 days in advance where possible). Continued use constitutes acceptance.
11. Contact UsQuestions/complaints? Email support@theagencyiq.ai
12. Data Deletion Instructions
AgencyIQ Data Deletion Instructions
How to Disconnect a PlatformLocation in App: Settings → Platform Connections page (/platform-connections) Each platform (Instagram, Facebook, LinkedIn, X/Twitter, YouTube) shows a "Disconnect" button when connected.
PlatformDisconnect ButtonWhat Gets DeletedInstagramClick "Disconnect"access_token, platform_user_id, platform_username from platform_connections tableFacebookClick "Disconnect"access_token, page_id, page_token, platform_user_idLinkedInClick "Disconnect"access_token, refresh_token, platform_user_idX (Twitter)Click "Disconnect"access_token, access_token_secret, platform_user_idYouTubeClick "Disconnect"access_token, refresh_token, channel_id, platform_user_id
Disconnect removes:
Disconnect does NOT delete:
How to Delete Your AccountLocation in App: Profile → Data & Privacy section → "Delete Account" button (in the red "Danger Zone" box)
What Account Deletion Removes:
This action is PERMANENT and cannot be undone.
Cancel Subscription ≠ Data Deletion
ActionTimingData Deleted?Cancel SubscriptionEnd of billing periodNO – only disconnects platforms, stops scheduled postsDelete AccountImmediatelyYES – all data permanently removed
Meta/Instagram Data Deletion Callback URLsFor Meta App Review compliance:
FieldValueData Deletion Request URLhttps://api.theagencyiq.ai/oauth/instagram/data-deletionData Deletion Status URLhttps://api.theagencyiq.ai/oauth/instagram/data-deletion/status/{userId}
Privacy Policy & Contact
Copyright © 2025 The Agency IQ - All Rights Reserved.
Powered by GoDaddy