aAI CMO
Log inGet access
Draft — pending legal review. Last updated: 25 June 2026.

Privacy Policy

Who we are. AI CMO is a marketing-analytics platform operated by K. Gong Holding ApS (CVR 37994480), Suhmsgade 2B, 4., 1125 København K, Danmark. This policy explains what data we process when you use AI CMO and what rights you have. For privacy questions, contact info@kgong.dk.

What AI CMO does. AI CMO lets e-commerce businesses connect their own advertising and commerce platforms (Meta, Google Ads, Shopify, Klaviyo) and view consolidated, reconciled marketing analytics in one dashboard. We act as a data processor for the platform data you connect, and as a data controller for your account information.

Data we collect

  • Account data: the email address you sign up with, and basic organisation details you enter.
  • Connection credentials:when you connect a platform via OAuth, we store that platform's access and refresh tokens encrypted (AES-256-GCM). We never see or store your platform passwords.
  • Marketing & commerce data (read-only): ad spend and campaign metrics, order and revenue aggregates, and related reporting data from the platforms you connect. We read this solely to display analytics back to you.
  • Technical data: essential session/authentication cookies and standard server logs needed to run the service.

How we use data

Only to provide the service: to authenticate you, to fetch and display your connected analytics, and to maintain and secure the platform. We do not sell personal data and do not use it for advertising.

Legal basis (GDPR)

Performance of our contract with you (providing the service), our legitimate interest in operating and securing the platform, and your consent where required (e.g. non-essential cookies).

Data isolation

AI CMO is multi-tenant. Each customer's data is isolated by row-level security; one tenant can never access another tenant's data.

Sub-processors

We use Supabase (database and authentication) and Vercel (hosting). Personal data is stored in Switzerland (Supabase, Zurich region — covered by an EU adequacy decision) and processed within the EU (Vercel, Frankfurt). These providers process data only on our instructions.

Retention & deletion

Disconnecting a source deletes its stored tokens. Deleting your account/organisation deletes all associated data. See Data Deletion for how to request deletion and expected timeframes.

Your rights

Subject to GDPR you may request access, rectification, erasure, restriction, portability, and may object to processing. To exercise any right, contact info@kgong.dk; we respond within the statutory timeframe. You may also lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

Changes

We'll update this page and the “last updated” date when this policy changes.

Contact

K. Gong Holding ApS, Suhmsgade 2B, 4., 1125 København K, Danmark · info@kgong.dk.