Privacy Policy of, TheAgencyIQ.

---

Macleodglba Pty Ltd (trading as TheAgencyIQ) ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the Notifiable Data Breaches scheme, the Queensland Information Privacy Act 2009 (Qld), and other applicable Australian laws. We also adhere to international best practices, including requirements for app stores (e.g., Google Play and Apple App Store) for AI and social networking applications, and relevant global standards such as the General Data Protection Regulation (GDPR) for users in the European Union where applicable.  This policy applies to all our services, including our website, mobile applications (iOS and Android), AI tools powered by Grok, social media integrations, and any other platforms we operate. If you do not agree with this policy, please do not use our services.

We collect information to provide, improve, and secure our services. We only collect what is necessary and minimize data retention.

• Personal Information: This includes identifiable data such as your name, email address, phone number, postal address, date of birth, payment details (processed via Stripe; we do not store card numbers), social media tokens or handles, and any other details you provide during registration, account creation, or interactions.
• Sensitive Information: We do not collect sensitive personal information (e.g., health data, racial or ethnic origin, political opinions, religious beliefs) unless explicitly required for a service feature and with your express consent. If collected, it is handled with heightened protections.
• Usage and Device Information: Automatically collected data includes IP addresses, device identifiers (e.g., UDID, IMEI), browser type, operating system, app usage patterns, location data (if enabled), timestamps of interactions, and crash reports.
• Analytics and Tracking Data: Via tools like Google Analytics (GA), we collect cookies, web beacons, and similar technologies to track user behavior, preferences, and performance metrics.
• Third-Party Data: Information from integrated services, such as forms via Mailchimp, APIs from social platforms (e.g., Facebook, Twitter/X), payment processors (Stripe), databases (Neon DB), or AI providers (Grok). This may include aggregated data or insights derived from your interactions.
• User-Generated Content: Any data you upload, post, or share, such as documents (e.g., contracts like "TheAgencyIQ Architecture Contract.docx"), screenshots (e.g., "Screenshot 2025-07-28 at 11.44.43.png"), messages, or AI-generated outputs.
• Children’s Data: Our services are not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from minors without parental consent. If we discover such data, we will delete it promptly.

We collect this information directly from you (e.g., via forms or app inputs), automatically (e.g., via cookies), or from third parties with your consent.

We use your information for legitimate business purposes, always with transparency and in line with your expectations.

• Providing Services: To deliver core features, such as AI analysis via Grok, personalized recommendations, social networking, content storage, and user support.
• Improvements and Analytics: To enhance app performance, debug issues, analyze trends, and develop new features using anonymized data.
• Communications: To send service updates, newsletters (via Mailchimp), marketing materials (with opt-in consent), or security alerts. You can unsubscribe at any time.
• Payments and Billing: To process transactions via Stripe for subscriptions or in-app purchases.
• Compliance and Security: To prevent fraud, enforce terms, comply with legal obligations (e.g., tax reporting), and respond to authorities.
• Research and AI Training: Aggregated, de-identified data may be used to train AI models (e.g., Grok), but never in a way that re-identifies individuals without consent.
• Account Management: Including handling cancellations, refunds, and data exports.

We do not use your data for automated decision-making that produces legal effects without human oversight or your consent.

We do not sell your personal information. Sharing is limited to what is necessary and protected by contracts.

• Service Providers: We share with trusted third parties for operations, such as: 
  • Email and marketing: Mailchimp.
  • Payments: Stripe.
  • Data storage and databases: Neon DB.
  • AI processing: Grok (xAI).
  • Analytics: Google Analytics.
  • Hosting: Cloud providers (e.g., AWS, with Australian data centers where possible). These providers are bound by data protection agreements and process data only on our behalf.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred with notice and consent where required.
• Legal Requirements: We may disclose data if required by law, court order, or to protect rights, safety, or property (e.g., in response to subpoenas).
• International Transfers: Data may be transferred outside Australia (e.g., to US-based providers like Stripe or Grok). We use Standard Contractual Clauses, adequacy decisions, or equivalent safeguards to ensure protection equivalent to Australian standards. For EU users, we comply with GDPR cross-border rules.
• With Your Consent: For any other sharing, such as social features or integrations.

We prioritize security to prevent unauthorized access, loss, or misuse.

• Security Measures: Data is encrypted in transit (TLS/SSL) and at rest. We conduct regular security audits, vulnerability scans, and use access controls, firewalls, and multi-factor authentication. Employees are trained on privacy.
• Retention Periods: We retain data only as long as necessary: 
  • Active accounts: While you use our services.
  • Post-cancellation: Deleted within 30 days, except for backups (deleted after 90 days) or legally required retention (e.g., 7 years for tax records under Australian law).
  • Inactive accounts: May be deleted after 12 months of inactivity, with notice.
• Data Breaches: In case of a breach, we assess for "eligible data breaches" under the Notifiable Data Breaches scheme. If serious harm is likely, we notify affected individuals, the Office of the Australian Information Commissioner (OAIC), and/or the Queensland Information Commissioner promptly.
• When you cancel your subscription, we automatically initiate deletion of associated personal data within 30 days (backups within 90 days), while retaining billing records for 7 years as required by law.

You have control over your data. Contact us at support@theagencyiq.ai to exercise these rights (we respond within 30 days, free of charge unless excessive).

• Access and Correction: Request a copy of your data or correct inaccuracies.
• Deletion ("Right to be Forgotten"): Request deletion, subject to legal retention obligations.
• Opt-Out: From marketing, cookies (via browser settings), or data processing (e.g., withdraw consent).
• Portability: Receive your data in a structured, machine-readable format.
• Objection/Restriction: Object to processing for direct marketing or legitimate interests.
• GDPR-Specific Rights: For EU residents, additional rights like restriction of processing.
• Cookies and Tracking: We use essential cookies; others require consent. Manage via our cookie banner or browser settings.
• Do Not Track (DNT): We honor DNT signals where applicable.
• Account Cancellation: Cancel anytime via app settings; data is deleted per retention policy. Refunds follow our terms (e.g., pro-rated for subscriptions).
• Facebook/Instagram data deletion
  To delete data obtained via Meta’s APIs, disconnect in our app and email privacy@theagencyiq.ai. You can also remove our app in your Facebook/Instagram settings; this triggers our deletion flow via Meta’s data deletion callback. We complete deletions within 30 days.

• As a web-based application, TheAgencyIQ complies with global web privacy standards, including the Australian Privacy Act 1988 (Cth), Queensland Information Privacy Act 2009 (Qld), GDPR for EU users (requiring explicit consent for data processing, such as cookies and tracking via browser banners), and CCPA for California users (providing opt-out mechanisms for any data sharing, though we do not sell data). For social APIs, integrations such as Meta (Facebook) and X (Twitter) strictly follow their developer policies and agreements, including Meta's updated Privacy Policy effective October 21, 2025—we disclose the clear purpose for data processing (e.g., for authentication, posting, or analytics), do not share user IDs, access tokens, or Licensed Material without explicit consent, and retain records for legally required data holds. For AI tools, usage of Grok is governed by xAI's Privacy Policy (effective July 10, 2025); we ensure ethical AI practices by avoiding bias through diverse training data, maintaining transparency in AI outputs (e.g., explaining data sources), and justifying API accesses solely for processing user-provided content. If integrating YouTube or Google APIs, we notify users that data may be transmitted to Google/YouTube in accordance with their Privacy Policy, adhering to Limited Use requirements where data is used only as necessary for the service, not shared or transferred without consent, and handled securely per YouTube API Services Policies. Browser storage (e.g., localStorage, cookies) is used for session management and analytics with user consent obtained via our cookie banner; we provide easy access to this policy via website footer links and support data deletion requests through privacy@theagencyiq.ai to ensure full compliance and user control.
• Use of Google/YouTube API Services
  Our Services use YouTube API Services. By using features that connect your YouTube account, you also agree to be bound by the YouTube Terms of Service and the Google Privacy Policy. Our use of information received from Google APIs adheres to the Google API Services User Data Policy.
  What we access: read‑only YouTube channel and video metadata necessary to provide the feature you selected.
  What we don’t do: we do not sell this data, use it for advertising, or share it with third parties other than vetted processors acting on our behalf.
  Revoking access: you can disconnect at any time in our app settings. You can also revoke our access from Google’s third‑party access page. Once revoked, we delete associated tokens within 30 days (and faster on manual request).  Our Services use YouTube API Services. By using features that connect your YouTube account, you also agree to be bound by the YouTube Terms of Service and the Google Privacy Policy. Our use of information received from Google APIs adheres to the Google API Services User Data Policy (including the Limited Use requirements).
  Revoking access: you can disconnect in our app.
  Security: OAuth tokens are encrypted at rest; access is logged and least‑privilege.
• Facebook/Instagram data deletion
  If you connected Facebook or Instagram, you may request deletion of all data we obtained via Meta’s APIs by: (1) disconnecting inside our app, and (2) submitting a request at privacy@theagencyiq.ai. We process these within 30 days. You can also remove our app in your Facebook/Instagram settings, which triggers our deletion flow via Meta’s data‑deletion callback. Learn more in Meta’s documentation on Data Deletion Callback.

If you have concerns, contact our Privacy Officer at:

• Email: support@theagencyiq.ai
• Postal: PO Box 305, Clayfield, Queensland, 4011.  Australia

If unresolved, Australian residents can complain to:

• Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au
• Queensland Information Commissioner: www.oic.qld.gov.au

For EU users, contact your local data protection authority. We commit to resolving complaints fairly and promptly.  This policy is designed to be comprehensive, transparent, and compliant globally, with a focus on Australian requirements. It addresses all data types, platforms, cancellations, and potential scrutiny by incorporating best practices and legal safeguards.

support@theagencyiq.ai