Legal

Privacy Policy

Last updated: June 5, 2026

1. Who We Are

Derail Logic (“we,” “us,” or “our”) operates the MartechAI platform (available at app.derail-logic.com) and the marketing website at derail-logic.com (collectively, the “Services”). We are committed to protecting your privacy and being transparent about how we handle your information.

2. Information We Collect

2.1 Information You Provide to Us

When you create a MartechAI account or use our Services, you may provide:

  • Account information: name, email address, and password (hashed with bcrypt; we never store plain-text passwords).
  • Workspace data: contacts, companies, deals, campaign briefs, email templates, landing page content, form configurations, brand voice settings, product intelligence profiles, and analytics configurations you create within the platform.
  • Integration data: when you connect third-party services (Google Analytics, Search Console, Google Ads, Facebook, Instagram, LinkedIn, X/Twitter, WordPress, HubSpot, Stripe), we access data through those services using OAuth or API keys you authorize. We only access the scopes you approve.
  • Payment information: billing details and payment method information are processed directly by Stripe. We do not store full credit card numbers on our servers. We retain subscription metadata (plan tier, status, billing interval, invoice history).
  • Form submissions: when visitors submit forms you create through MartechAI (including forms embedded on external websites), we store the submitted data on your behalf.
  • File uploads: images, documents, logos, and other files you upload to the platform are stored in our object storage (MinIO).
  • RAG knowledge base: documents and URLs you ingest for AI context (PDF, TXT, Markdown, JSON files and web page content) are processed into vector embeddings and stored in Qdrant.

2.2 Information Collected Automatically

When you visit our marketing website or use the MartechAI platform:

  • Usage analytics: we use Google Analytics 4 (GA4) on derail-logic.com to understand how visitors interact with our marketing site. GA4 collects pages visited, time on site, referring URLs, browser type, operating system, device type, and approximate geographic location (country/city level). GA4 does not collect personally identifiable information by default. IP addresses are anonymized.
  • Platform analytics: within the MartechAI application, we track feature usage, page views, and session data to improve the product. This data is associated with your workspace and account.
  • Form tracking: MartechAI forms (including those embedded on external sites via our form-embed.js script) capture UTM parameters, referrer URLs, and submission timestamps for marketing attribution purposes.
  • Cookies and similar technologies: see Section 6 below for details.
  • Server logs: our infrastructure automatically logs technical information including IP addresses, request timestamps, and user agents for security, debugging, and abuse prevention. PII in URLs is redacted from logs.
  • Email tracking: marketing emails sent through MartechAI may include tracking pixels and click-tracking links to measure opens and clicks. We filter out known bot/scanner user agents to maintain accurate metrics.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the MartechAI platform.
  • Process your account registration, authentication (JWT), and workspace management.
  • Power AI features (content generation, autopilot recommendations, RAG queries) using your workspace context and brand voice.
  • Send transactional emails (account invitations, password resets, report sharing, dashboard sharing) via AWS SES.
  • Send marketing emails you configure and authorize through the platform.
  • Process payments and manage subscriptions via Stripe.
  • Sync data with third-party integrations you connect (Google services, social platforms, WordPress, HubSpot).
  • Generate analytics, reports, and dashboards from your connected data sources.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Use.

4. How We Share Your Information

We do not sell your personal information or your customers’ data. We share information only in the following circumstances:

  • Service providers: we use third-party infrastructure and API providers to operate the Services, including:
    • Hostinger (VPS hosting — application servers, database, file storage, queue system)
    • Cloudflare (DNS, CDN, DDoS protection)
    • Stripe (payment processing — we do not store full payment card details)
    • AWS SES (transactional and marketing email delivery)
    • Google (GA4 analytics, Gemini AI API for content generation failover, OAuth-integrated services you connect)
    • DataForSEO (SEO audit and keyword tracking data you request)
    • Form.io CDN (form rendering library loaded by embedded MartechAI forms)
  • Third-party integrations you enable: when you connect services like Google Analytics, Search Console, Facebook, LinkedIn, WordPress, or HubSpot, data flows between those services and MartechAI as you configure it. You control which integrations are active and what data is shared.
  • Legal requirements: we may disclose information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: if Derail Logic is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your account information and workspace data for as long as your account is active. If you delete your account or specific data within the platform, we remove it from our active systems. Server logs and backups may retain data for up to 90 days for operational purposes. Email generation status caches are automatically cleared after 30 minutes.

If you cancel your subscription, your workspace data remains accessible in a read-only state for 30 days, after which it is permanently deleted. You may request earlier deletion by contacting us.

6. Cookies and Tracking Technologies

6.1 Marketing Website (derail-logic.com)

Our marketing website uses the following cookie categories:

  • Necessary cookies: required for the site to function (session management, CSRF protection). These cannot be disabled.
  • Analytics cookies: Google Analytics 4 (G-Y5V64FV3T7) for understanding site traffic and usage patterns. GA4 uses first-party cookies (_ga, _ga_*) with anonymized IPs. By default, analytics storage is denied until you accept via our cookie consent banner.
  • Marketing cookies: reserved for future advertising and remarketing features. Currently not in active use.

You can manage your cookie preferences at any time through the cookie consent banner displayed on the site. Your preferences are saved in localStorage and honored on subsequent visits.

6.2 MartechAI Platform (app.derail-logic.com)

The platform uses necessary cookies for authentication (JWT access and refresh tokens stored in localStorage) and session management. We do not use third-party tracking cookies within the authenticated application.

6.3 Embedded MartechAI Forms

When you embed a MartechAI form on your own website, the form-embed.js script loads the Form.io rendering library from cdn.form.io. Form.io may set its own cookies. The form embed script also captures UTM parameters and referrer information for marketing attribution. This data is stored in your MartechAI workspace and subject to your own privacy practices.

7. AI Data Processing

MartechAI includes AI-powered features (content generation, autopilot recommendations, marketing copilot, image generation, RAG queries). When you use these features:

  • Content generation: prompts and workspace context (brand voice, ICPs, product intelligence, RAG knowledge) are sent to AI models. Primary inference runs on our local infrastructure (Arc GPU). Google Gemini API serves as failover when local resources are unavailable. Prompts and generated outputs are not used to train third-party models.
  • RAG (Retrieval-Augmented Generation): documents you upload are chunked, embedded, and stored in a Qdrant vector database. Embeddings are generated via our local AI infrastructure or Gemini API as failover. Queries are matched against your workspace’s vector store only.
  • Image generation: image prompts are sent to AI image models. Generated images are stored in your workspace.
  • AI Prospecting: contact and segment data you select for AI prospecting campaigns is used to generate personalized email drafts through LangGraph workflows.

8. Email Communications

We use AWS SES to deliver emails from the platform. This includes:

  • Transactional emails: account invitations, password resets, dashboard/report sharing notifications, and system alerts.
  • Marketing emails: campaigns, sequences, and AI-generated prospecting emails you create and send through the platform. These are sent from your configured sender identity.

Marketing emails include open and click tracking by default. We filter out known bot and scanner user agents (GoogleImageProxy, Microsoft Safe Links, Proofpoint, Barracuda, etc.) to maintain accurate engagement metrics.

9. Data Security

We implement reasonable technical and organizational measures to protect your data:

  • Passwords are hashed using bcrypt and never stored in plain text.
  • Authentication uses short-lived JWT access tokens with refresh token rotation.
  • API communications are encrypted in transit via HTTPS (TLS).
  • Multi-tenant data isolation: every database query is scoped to your tenant and workspace.
  • Role-based access control (viewer, editor, admin, tenantAdmin) limits what users can see and do within a workspace.
  • Server logs redact PII from URLs.
  • The platform has passed an OWASP security audit.
  • Stripe handles payment processing and is PCI DSS Level 1 compliant.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously review and improve our security practices.

10. International Data Transfers

Our infrastructure is hosted in the United States (Hostinger VPS, with local GPU infrastructure for AI processing). If you access the Services from outside the United States, your data will be transferred to and processed in the United States. By using the Services, you consent to this transfer.

Certain third-party services we use (Google, Stripe, Cloudflare, DataForSEO) may process data in additional jurisdictions. We rely on their respective compliance certifications and data processing agreements.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to or restrict certain processing activities.
  • Withdraw consent where processing is based on consent.

You can exercise many of these rights directly through your MartechAI account settings. For requests that cannot be fulfilled through the platform, contact us at the email below.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the platform or via email. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of the Services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]

Mail: Derail Logic, [Business Address], United States

Also see our Terms of Use.