Privacy Policy

1. Introduction

Mixed Media Ventures (“Company,” “we,” “us,” or “our”) operates CMO Delivery OS (the “Platform”), a web-based application designed to manage fractional Chief Marketing Officer (CMO) service delivery across multiple clients and marketing professionals.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. By accessing or using CMO Delivery OS, you agree to the collection and use of information in accordance with this Privacy Policy.

Company Information:

• Legal Name: Mixed Media Ventures
• Website: https://www.mixedmediaventures.com
• Contact Email: privacy@mixedmediaventures.com

2. Information We Collect

2.1 Information You Provide to Us

Personally Identifiable Information (PII):

• Name
• Email address

Account Registration Information:

• Name and email address
• Job title and role designation
• Password (stored in encrypted format)
• Company or client affiliation
• Timezone and industry preferences

Client and Project Data (Business Data):

• Client profiles and contact information
• Client organization details (industry, size, contact persons)
• Marketing initiatives and strategic plans (including initiatives, roadmaps, and priorities)
• Action items, tasks, and deliverables
• Meeting notes and agendas
• Key Performance Indicators (KPIs) and metrics
• Budget and utilization data (including planned and actual budgets where provided)
• Time entry logs and work records
• Executive summaries and weekly updates
• Comments, annotations, and internal communications

User-Generated Content:

• Documents, files, and attachments uploaded to the Platform
• Custom fields and data entries
• Feedback and support communications

2.2 Information Collected Automatically

Technical Data (Usage and Device Data):

• IP address and device information
• Browser type and version
• Operating system
• Pages visited and features accessed
• Time and date of access
• Referring and exit pages
• Click and navigation patterns

Session and Authentication Data:

• Login timestamps
• Session duration and activity
• Authentication tokens (JWT)
• Role-based access logs

Audit Logs (Technical and Security Data):

• User actions performed within the Platform
• Changes to sensitive data
• Access attempts and security events
• Administrative actions

2.3 Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to:

• Maintain user sessions and authentication state
• Remember user preferences (theme, display settings)
• Analyze Platform usage and performance
• Improve user experience

Types of Cookies We Use:

• Essential Cookies: Required for Platform functionality and authentication
• Preference Cookies: Store user settings and theme choices
• Analytics Cookies: Help us understand how users interact with the Platform

You can control cookie settings through your browser, but disabling essential cookies may impair Platform functionality.

3. How We Use Your Information

3.1 Platform Operation and Service Delivery

• Provide, operate, and maintain CMO Delivery OS
• Process and manage client engagements and marketing initiatives
• Track time, utilization, and capacity across CMO assignments
• Generate dashboards, analytics, and reporting
• Enable collaboration between CMOs and clients, including facilitating communication and visibility into initiatives, updates, and deliverables
• Facilitate weekly updates and executive summaries

3.2 AI-Powered Features

• Generate AI briefings and executive summaries using OpenAI’s GPT-4o-mini model
• Create summarized reports and insights from entered data (including KPIs, initiatives, and related business context)
• Enhance content generation for client-facing materials

Note: When using AI features, relevant project and client data is transmitted to OpenAI’s API for processing. OpenAI’s use of this data is governed by their own privacy policy and terms of service.

3.3 Communication

• Facilitate communication between CMOs and clients through the Platform (including sharing updates, comments, and notifications)
• Send transactional emails (password resets, notifications) via SendGrid
• Deliver in-app notifications and alerts
• Provide customer support and respond to inquiries
• Send administrative and system updates

3.4 Security and Compliance

• Authenticate users and maintain secure access
• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Maintain audit logs for accountability and compliance

3.5 Platform Improvement

• Analyze usage patterns to improve features and user experience
• Troubleshoot technical issues
• Develop new functionality and enhancements
• Conduct internal research and analytics

4. How We Share Your Information

4.1 Within the Platform (Role-Based Access)

Information is shared within the Platform according to strict role-based access controls:

• Admins: Full access to all data across all clients and users
• CMO Leads: Access to assigned client data and team activities
• CMO Support: Limited access based on specific assignments
• Client Executives: Access only to their organization’s published data
• Client Viewers: Read-only access to designated client information

4.2 Third-Party Service Providers

We share information with trusted third-party service providers who assist in operating the Platform:

OpenAI (GPT-4o-mini):

• Purpose: AI-powered executive briefing generation
• Data Shared: Client data, initiative descriptions, KPIs, and update content as necessary to generate briefings
• Privacy Policy: https://openai.com/privacy

SendGrid:

• Purpose: Transactional email delivery (password resets, notifications)
• Data Shared: Email addresses, names, email content
• Privacy Policy: https://www.twilio.com/legal/privacy

Hosting and Infrastructure Providers:

• Purpose: Platform hosting, application deployment, database storage, and infrastructure services
• Data Shared: Platform data stored and processed to provide the services
• Security: Providers are expected to maintain administrative, physical, and technical safeguards appropriate to the sensitivity of the data

Analytics Providers:

• Purpose: Platform performance monitoring and usage analytics
• Data Shared: Anonymized usage data and technical metrics

4.3 Legal and Compliance Requirements

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Mixed Media Ventures, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity, subject to this Privacy Policy.

4.5 With Your Consent

We may share information with third parties when you provide explicit consent or direction to do so.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

Technical Safeguards:

• Encrypted data transmission using SSL/TLS protocols
• Secure password hashing and storage
• JWT-based authentication with secure session management
• Database encryption at rest
• Regular security patches and updates
• Role-Based Access Control (RBAC) to restrict access to sensitive information based on user role and assignment
• Audit logging to record access and key actions to support security monitoring and accountability

Organizational Safeguards:

• Role-based access control (RBAC) limiting data access
• Comprehensive audit logging of sensitive actions
• Employee confidentiality agreements
• Regular security training for personnel
• Incident response procedures

Infrastructure Security:

• Secure hosting with reputable cloud providers
• Regular backups and disaster recovery procedures
• Network firewalls and intrusion detection
• Vulnerability scanning and penetration testing

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information using industry best practices.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

General Retention Periods:

• Active User Accounts: Data retained while account is active
• Business Data (including KPIs, initiatives, and budgets): Retained as long as the account is active, or as needed for our business records
• Client Project Data: Retained for duration of engagement plus 7 years for business and legal purposes
• Time Entry and Billing Records: Retained for 7 years in compliance with financial recordkeeping requirements
• Audit Logs: Retained for 3 years for security and compliance purposes
• Deactivated Accounts: Data retained for 90 days, then anonymized or deleted unless legal obligations require retention

Data Deletion Requests: Users may request deletion of their personal data, subject to legal and contractual retention obligations.

7. Your Rights and Choices

7.1 Access and Portability

• Request a copy of the personal information we hold about you
• Export your data in a machine-readable format (CSV)

7.2 Correction and Update

• Correct inaccurate or incomplete personal information
• Update your account profile and preferences

7.3 Deletion

• Request deletion of your personal information, subject to legal and contractual retention requirements
• Note: Deletion may impact your ability to use the Platform

7.4 Objection and Restriction

• Object to certain processing of your personal information
• Request restriction of processing under certain circumstances

7.5 Withdraw Consent

• Withdraw consent for processing based on consent (does not affect lawfulness of prior processing)

7.6 Opt-Out of Communications

• Unsubscribe from non-essential email communications
• Note: Transactional emails (password resets, security alerts) cannot be opted out of while using the Platform

Exercising Your Rights: To exercise any of these rights, please contact us at privacy@mixedmediaventures.com. We will respond to your request within 30 days in accordance with applicable law.

8. International Data Transfers

CMO Delivery OS is operated from the United States. If you are accessing the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from the laws of your jurisdiction. By using the Platform, you consent to the transfer of your information to the United States and other countries.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.

9. Children’s Privacy

CMO Delivery OS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@mixedmediaventures.com.

10. Links to Third-Party Websites

The Platform may contain links to third-party websites, services, or resources not operated by Mixed Media Ventures. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Right to Know

You have the right to request disclosure of:

• Categories of personal information collected
• Categories of sources from which information is collected
• Business or commercial purpose for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information collected about you

11.2 Right to Delete

You have the right to request deletion of personal information we have collected, subject to certain exceptions.

11.3 Right to Opt-Out of Sale or Sharing

We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.

11.4 Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA rights.

11.5 Authorized Agent

You may designate an authorized agent to submit requests on your behalf.

To exercise these rights, contact us at: privacy@mixedmediaventures.com

12. European Data Protection (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process personal data based on:

• Contract Performance: Processing necessary to provide Platform services
• Legitimate Interests: Platform improvement, security, and business operations
• Consent: Where you have provided explicit consent
• Legal Obligations: Compliance with applicable laws

12.2 Data Controller

Mixed Media Ventures acts as the data controller for personal information processed through CMO Delivery OS.

12.3 Data Protection Officer

For GDPR-related inquiries, contact: privacy@mixedmediaventures.com

12.4 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on the Platform
• Updating the “Last Updated” date at the top of this policy
• Sending an email notification to registered users (for significant changes)
• Displaying an in-app notification upon next login

Your continued use of CMO Delivery OS after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. CMO Delivery OS does not currently respond to DNT signals, as there is no industry-wide standard for how to interpret such signals.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mixed Media Ventures
Email: privacy@mixedmediaventures.com
Website: https://www.mixedmediaventures.com

For privacy-specific inquiries, please include “Privacy Policy - CMO Delivery OS” in your subject line.