Privacy Policy

How Mako collects, uses, and protects your data.

Last updated: 12 June 2026

This Privacy Policy explains how Mako ("Mako", "we", "us"), based in Amsterdam, the Netherlands, collects, uses, shares, and protects information when you use our website (trymako.ai, app.trymako.ai, and mako-ads.com) and our creative and ad-publishing software (the "Service"). By using the Service you agree to this policy.

What we collect How we use it Connected platforms Sharing Retention Your rights Data deletion Contact

1. Who we are

Mako is creative software for e-commerce and marketing teams, operated from Amsterdam, the Netherlands. It helps you research audiences, generate ad creative, and — when you choose to connect them — publish that creative to your own advertising and social media accounts. Mako is the data controller for the account information you provide to us, and a data processor when we act on your instructions to publish content to platforms you connect. You can reach us at [email protected].

2. Information we collect

Information you provide

  • Account details — name, email address, password (hashed), and organisation/workspace information.
  • Billing details — handled by our payment processor (Stripe); we do not store full card numbers.
  • Content you create — products, product URLs, images, copy, prompts, and the ad creatives you generate in the Service.

Information from accounts you connect

  • Access tokens for the social and advertising accounts you connect (e.g. Meta/Facebook, Instagram, TikTok, Google Ads, YouTube). We store a token for each connected account — we never receive or store your platform password.
  • Account profile data needed to publish, such as the account name, username, profile picture, connected ad-account identifiers, and page identifiers.

Information collected automatically

  • Usage and device data — log data, IP address, browser type, and basic analytics used to operate and improve the Service.
  • Cookies — used for sign-in sessions and analytics. You can control cookies through your browser settings.

3. How we use information

  • To provide, maintain, and secure the Service and your account.
  • To generate the ad creatives you request, using the product information, images, and prompts you provide.
  • To publish or schedule the creatives you ask us to post to the accounts you have connected, on your behalf.
  • To process payments and manage subscriptions.
  • To provide support and send service-related communications.
  • To improve features, troubleshoot, and prevent abuse.

We do not sell your personal information, and we do not use the content of your connected social accounts for advertising profiling.

4. Platform data & connected accounts

When you connect an account, you authorise Mako through that platform's official, secure OAuth process. We request only the permissions needed to perform the actions you ask for — for example, reading the basic profile of a connected account and publishing content you explicitly schedule. Your use of each platform also remains subject to that platform's own terms and policies:

PlatformWhat we access
Meta / Facebook & InstagramConnected account/page profile, the ability to publish content and manage ad campaigns you authorise.
TikTokBasic profile and the ability to publish videos you authorise.
Google Ads / YouTubeThe ability to create campaigns or upload content you authorise.
Data obtained from Meta, Instagram, TikTok, Google, and YouTube is used only to deliver the features you request inside Mako. You can disconnect any account at any time from Integrations in the app, which removes Mako's stored token for that account.

5. How we share information

We share information only as needed to run the Service:

  • Service providers (sub-processors), listed below, under contracts that protect your data.
  • Platforms you connect, when we publish content on your instruction.
  • Legal reasons, where required by law or to protect rights and safety.
Sub-processorPurpose
OpenAI, Google, Replicate (AI model providers)Generating the ad creatives, copy, and research you request. We send the product information, images, and prompts needed for each generation.
CloudinaryStorage and processing of images and videos.
StripePayment processing and subscription billing.
ResendTransactional email (sign-in links, notifications).
RailwayCloud hosting infrastructure.

6. Security

We use industry-standard measures to protect your data, including encryption in transit, access controls, and encrypted storage of connection tokens. No method of transmission or storage is 100% secure, but we work to protect your information and to notify you of material incidents where required.

7. Data retention

We keep personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account or disconnect a platform, we delete or anonymise the associated data within a reasonable period, except where retention is legally required (for example, invoices for tax purposes).

8. Your rights

Depending on where you live (including under the EU/UK GDPR and the CCPA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise these rights, contact us at [email protected]. You can also disconnect platforms and edit most data directly in the app. If you believe we have not resolved your concern, you can lodge a complaint with your local data protection authority (in the Netherlands: the Autoriteit Persoonsgegevens).

9. Data deletion instructions

You can remove your data from Mako in any of these ways:

  • Delete your whole account in the app: go to Settings → Account and use Delete Account. This permanently deletes your account and associated data.
  • Disconnect a platform: go to Integrations in the app and choose Disconnect. This deletes the stored access token and account profile for that connection.
  • Delete specific content: remove products, creatives, or scheduled posts directly in the app.
  • Email us: send a message to [email protected] with the subject "Data deletion request" from your account email. We will verify your request and delete your personal data within 30 days, except where the law requires us to keep it.

See also our dedicated data deletion instructions page.

10. Children's privacy

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal data from children.

11. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the "Last updated" date above. Material changes will be communicated where appropriate.

13. Contact us

Questions about this policy or your data? Email [email protected].