Privacy Policy
Last updated: February 10, 2026
1. Who We Are
Mitkadem OS ("the Platform", "we", "us") is a SaaS marketing automation platform operated by Mitkadem Ltd., registered in Israel. The Platform provides marketing campaign management, content creation, social media publishing, and advertising services for small businesses.
Mitkadem OS manages Facebook and Instagram advertising campaigns on behalf of our clients. Our platform connects to clients' Meta business assets through the official Meta Marketing API to create ads, publish content, and optimize campaign performance.
AI-Esthetic (ai-esthetic.marketing) is the client-facing product for beauty industry professionals, powered by the Mitkadem OS backend.
Contact: privacy@mitkadem.com · Israel
2. Information We Collect
Information you provide directly:
— Name and email address (via Google OAuth sign-in); — Business information: brand name, niche, target audience, services, location, and business goals (provided during onboarding); — Images and visual materials you upload for content creation; — Communication preferences and settings.
Information from connected social media accounts:
When you connect your Facebook or Instagram accounts via Facebook Login and Meta API, we access: — Facebook Page names, IDs, and access tokens; — Instagram Business/Creator account information; — Page Insights and Instagram Insights (reach, engagement, follower demographics); — Published content and post performance data; — Ad campaign performance metrics: impressions, reach, clicks, conversions, cost per result, and ROAS; — Advertising account information for campaign management on behalf of authorized clients.
Automatically collected information:
— Usage data: pages visited, features used, actions taken within the Platform; — Device information: browser type, operating system; — Log data: IP addresses, access timestamps, error logs.
3. How We Use Your Information
We use collected data for the following purposes: — To provide and operate the Platform services; — To create and manage advertising campaigns on Facebook and Instagram through the Marketing API, including campaign creation, ad set configuration, audience targeting, budget management, and ad creative optimization on behalf of our clients; — To publish content (images, videos, carousels, stories) to clients' Facebook Pages and Instagram Business accounts with their explicit authorization via Facebook Login; — To retrieve ad performance metrics and provide clients with analytics dashboards; — To access Page Insights and Instagram Insights to analyze organic and paid content performance, measure audience growth, and improve advertising strategies; — To manage ad creative lifecycle — generate, A/B test, rotate, and retire ad variations based on performance data; — To communicate with you about your account and service updates; — To process payments and manage subscriptions; — To ensure security and prevent fraud.
Clients connect their Facebook Pages and Instagram Business accounts through our platform using Facebook Login. They grant specific permissions and maintain full control over their connected assets. All data is used solely to provide the marketing automation service each client has subscribed to.
4. Meta Platform Data Compliance
We access data through Meta Platform APIs in strict compliance with the Meta Platform Terms and the Meta Developer Policies.
Specifically: — We only access Platform Data that users have explicitly authorized through Facebook Login; — Meta data is used solely to provide the marketing automation and advertising management services the client requested; — We do not sell, lease, or trade Meta Platform data to any third party; — We do not transfer Platform Data to any data brokers, advertising networks, or other third parties; — We do not use Meta data for purposes unrelated to the services authorized by the client; — Meta data is not used for surveillance, discriminatory practices, or any unlawful purpose; — Access tokens are stored securely and encrypted at rest; — We honor data deletion requests promptly and maintain transparency about our data practices.
5. Data Sharing
We do not sell your personal data to third parties. We may share limited data with the following service providers who assist in operating the Platform:
— Cloud hosting: Railway, Vercel (infrastructure and deployment); — Content generation providers (only anonymized business context is sent, not personal data or Platform Data); — Image generation services (visual content creation); — Payment processing: authorized Israeli payment providers; — Analytics: aggregated, anonymized usage statistics.
All service providers are contractually obligated to protect your data and use it only for the specified purposes. Meta Platform Data is never shared with or transferred to third parties.
6. Data Storage and Security
Your data is stored on secure cloud servers with the following protections: — Encryption in transit (TLS/SSL) and at rest; — JWT-based authentication with secure session management; — Access control: only authorized personnel can access user data; — Regular security audits and vulnerability assessments; — Social media access tokens are encrypted and stored separately from other data; — All API communications between microservices use authenticated and encrypted channels.
7. Data Retention
We retain your data for as long as your account is active and as needed to provide the services. Specifically: — Account data: retained while your account is active; — Generated content: retained while your account is active; — Social media tokens: retained while the connection is active, revoked upon disconnection; — Ad campaign data: retained while subscription is active; — Usage logs: retained for up to 12 months; — After account deletion, all data is permanently removed within 30 days.
8. Your Rights
You have the following rights regarding your personal data:
— Access: Request a copy of all personal data we hold about you; — Correction: Request correction of inaccurate or incomplete data; — Deletion: Request complete deletion of your data (see Section 9); — Portability: Request your data in a machine-readable format; — Withdrawal: Withdraw consent for data processing at any time; — Disconnection: Disconnect your social media accounts at any time through the Platform dashboard or by removing the app from your Facebook settings.
To exercise any of these rights, contact us at privacy@mitkadem.com.
9. Data Deletion Procedure
You can request deletion of your data at any time by:
1. Sending an email to privacy@mitkadem.com with the subject line "Data Deletion Request" and the email address associated with your account.
2. Visiting our Data Deletion Request page.
3. Removing the Mitkadem application from your Facebook account settings — this triggers our automated Data Deletion Callback.
Upon receiving a deletion request, we will: — Revoke all social media access tokens within 24 hours; — Delete all personal data, generated content, analytics, and onboarding information; — Remove all Platform Data from our databases within 30 days; — Send confirmation of deletion to your email.
Our Data Deletion Callback URL: https://www.mitkadem.com/api/delete-data
10. Cookies and Tracking
The Platform uses essential cookies for: — Session management (authentication); — Language preferences; — Theme preferences (light/dark mode).
We do not use third-party tracking cookies or advertising trackers. No data is shared with advertising networks through cookies.
11. Children's Privacy
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete that information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We will notify users of material changes via email or through our platform. Continued use of the Platform after changes constitutes acceptance of the updated policy.
13. Governing Law
This Privacy Policy is governed by the laws of the State of Israel, including the Protection of Privacy Law, 5741-1981. Any disputes shall be subject to the exclusive jurisdiction of the courts in Israel.
14. Contact Us
If you have any questions about this Privacy Policy or your personal data, please contact us:
Mitkadem Ltd.
Email: privacy@mitkadem.com
Website: www.mitkadem.com
Location: Israel