Privacy Policy

MasteriFlow is operated by Eagleston Limited(CRO 782100), a company incorporated in Ireland. When this policy refers to “MasteriFlow”, “we”, “us”, or “our”, it means Eagleston Limited.

Questions about this policy can be directed to privacy@mastriflow.com.

We collect the following categories of personal data:

• Account data — name, email address, and hashed password (if you register with email/password).
• Google OAuth data — when you sign in with Google, we receive your Google profile name, email, and profile picture. If you connect your YouTube channel, we also receive read-only access to your channel and video data (titles, descriptions, tags, view counts).
• Usage data — video ideas you submit for AI generation, keywords you track, and AI session history.
• Billing data — your subscription plan and payment status. Card details are processed directly by Stripe and never stored on our servers.
• Technical data — IP address, browser type, and pages visited, collected via standard server logs.

• To provide, operate, and improve the MasteriFlow service.
• To authenticate your account and maintain secure sessions.
• To generate AI-powered title, description, and tag suggestions using your submitted video ideas.
• To process subscription payments and manage your billing through Stripe.
• To send transactional emails (account verification, payment receipts, credit alerts).
• To monitor keyword trends and serve your personalised trending feed.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data to train AI models beyond the context of your own session.

If you are in the European Economic Area (EEA), our legal bases for processing are:

• Contract — processing necessary to deliver the service you signed up for.
• Legitimate interests — fraud prevention, security, and service improvement.
• Consent — marketing emails, where you have opted in.
• Legal obligation — compliance with applicable law.

We share data with the following sub-processors to operate the service:

• Neon (PostgreSQL) — stores your account, session, and keyword data.
• OpenAI — processes your video ideas to generate titles, descriptions, and tags. Data is not used by OpenAI to train models under our enterprise terms.
• Google / YouTube Data API — provides keyword and video data when you connect your channel.
• Stripe — handles all payment processing. Their privacy policy applies to card data.
• Resend — delivers transactional emails.
• DataForSEO — provides keyword volume and competition data.
• Vercel — hosts the application and processes request logs.

We retain your account data for as long as your account is active. If you delete your account, your personal data will be permanently deleted within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for 7 years under Irish law).

AI generation session history is retained for 12 months on paid plans, and 30 days on the Free plan, after which it is automatically purged.

Under GDPR, if you are in the EEA, you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a machine-readable format.
• Restriction — limit how we process your data.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email privacy@mastriflow.com. We will respond within 30 days.

MasteriFlow uses essential cookies only — specifically a session cookie to keep you logged in. We do not use advertising or tracking cookies. No cookie consent banner is shown because we only set strictly necessary cookies.

We use industry-standard measures including TLS encryption in transit, bcrypt password hashing, and access controls to protect your data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take all reasonable precautions.

Our infrastructure is hosted in the United States (Vercel, Neon) and the European Union. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or by displaying a notice on mastriflow.com before the change takes effect. The effective date at the top of this page will always reflect the latest version.

For privacy-related questions, contact us at privacy@mastriflow.com.

If you are in the EEA and believe your rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission (dataprotection.ie).