This policy describes what personal data Mediation One collects, why, and how we protect it. We are a controller of account data and a processor of ad-revenue data you upload.
Data we collect
- Account data: email, name, hashed password, organization name, language preference.
- Billing data: handled by Lemon Squeezy, our Merchant of Record. We store only the customer and subscription identifiers they return; we never see your card number.
- Ad-revenue data: revenue, impressions, eCPM, country, network, ad-unit, and date fields you upload via CSV or API. We do not require, and do not process, end-user identifiers from your apps.
- Free-audit leads: email and optional name / studio entered on the public audit page, plus a summary of the audit produced.
- Operational logs: IP, user-agent and request paths for security and abuse prevention, retained for up to 30 days.
How we use data
We use account and revenue data solely to operate the Service for you: produce diagnoses, anomaly alerts, recommended actions, and dashboards. We use billing data to charge you. We use lead data to send your audit result and, if you opt in, occasional product updates. We use operational logs to keep the Service secure.
What we do not do
- We do not sell your data.
- We do not aggregate one customer’s revenue data with another customer’s for the benefit of others without explicit opt-in.
- We do not run advertising trackers on the dashboard.
Sub-processors
- Lemon Squeezy (payments, Merchant of Record — collects sales tax / VAT / JCT)
- Resend (transactional email)
- Cloudflare (DNS / CDN / WAF)
- Your chosen LLM provider, if AI Revenue Doctor is configured to call one
- Hosting provider (current location available on request)
Retention
Account and revenue data are retained while your subscription is active. On termination we delete personally identifiable data within 30 days and retain only anonymized aggregates needed for our financial records. Lead data is retained for 24 months unless you ask us to delete it sooner.
Your rights
You can request access, correction, export or deletion of your personal data by emailing hello@mediation.one. EU/UK/Japan residents have additional rights under GDPR / APPI which we honor.
Security
Data is encrypted in transit (TLS) and at rest. Access to production data is limited to authorized personnel using strong authentication. Passwords are stored using bcrypt.
Contact
Questions: hello@mediation.one.