Privacy Policy

Effective: May 9, 2026 · Last updated: May 14, 2026

MC20 ("the Service," "we," "our") is a multi-tenant business operations platform operated by NeedAWebNow, a sole proprietorship based in Saint Cloud, Florida, USA ("NeedAWebNow," "Eddy Morillo"). This policy describes what data we collect, how we use it, and your rights.

1. Information we collect

When you create an account or use MC20, we collect:

• Account information: name, email address, role, and the project(s) you belong to.
• Customer relationship data you enter: contacts, leads, invoices, quotes, transactions, time entries, notes, files, and tasks.
• Integration data accessed with your authorization — see Section 3.
• Usage telemetry: pages visited, features used, performance metrics, errors, and audit-log entries for sensitive actions. We do not sell or share this telemetry with third-party advertisers.
• Communication content: messages you send through MC20 channels, AI assistant conversations, and email drafts you compose with our tools.

2. How we use your information

• To provide the features you request (CRM, invoicing, inbox automation, analytics, AI assistance).
• To authenticate you, secure your account, and prevent abuse.
• To send transactional notifications (invoice receipts, alerts, password resets).
• To improve the Service, debug issues, and provide support.
• We do not sell, rent, or share your data with third-party advertisers. We do not use your data to train AI models that serve other customers.

3. Google Workspace integrations

With your explicit OAuth consent, MC20 may connect to your Google account to access Gmail, Google Analytics, Google Search Console, and Google Tag Manager on your behalf. The scopes we request and how we use the accessed data are detailed below.

Gmail (gmail.modify, gmail.labels)

When you connect a Gmail account to MC20's Inbox Agent, we access your messages to:

• Classify incoming messages by intent (e.g., lead, billing, support).
• Apply labels you have configured (e.g., "MC20 / lead").
• Draft and, with your explicit per-message approval, send replies on your behalf.
• Identify dormant conversations and surface re-engagement opportunities.

We do not read, transfer, or store the contents of your Gmail messages for any purpose other than providing the Service features you have explicitly enabled. Message bodies are processed in memory and the AI providers we use (Anthropic, DeepSeek) are configured for zero data retention. We retain only metadata (sender, subject, timestamp, classification result) needed for your audit log.

MC20's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Analytics (analytics.readonly, analytics.edit, analytics.manage.users)

When you connect Google Analytics, MC20 reads property metadata, dimensions, metrics, reports, and audience data to display dashboards inside the Service. With analytics.edit, you can apply changes to your GA4 properties (events, conversions, custom dimensions) initiated from MC20. With analytics.manage.users, you can grant MC20 service accounts read-only access to your properties for automated reporting. We do not use your Analytics data for any purpose outside the Service features you initiate.

Google Search Console (webmasters)

We read your verified site list, indexing status, query/page impression data, and Core Web Vitals to surface SEO insights and audit reports. We do not modify your Search Console settings without an explicit action you take in MC20.

Google Tag Manager (tagmanager.edit.containers, tagmanager.publish)

When you connect Tag Manager, MC20 may install, update, or publish container tags and triggers on your behalf — but only when you initiate the action through our UI. We never make changes silently.

3a. TikTok integration (NeedAWebNow)

MC20 includes a TikTok integration registered with the TikTok Developer Platform under the app nameNeedAWebNow. When you connect a TikTok account to NeedAWebNow, you explicitly authorize the app to access the data described below. NeedAWebNow is operated by NeedAWebNow (sole proprietorship, Saint Cloud, FL, USA) and is the controller of any data accessed through this integration.

Scopes requested by NeedAWebNow

• user.info.basic — your TikTok display name, avatar, and open ID for identifying your connected account inside MC20.
• video.list / video.publish — only when you initiate a publish action; we never post on your behalf without an explicit click.
• research.adlib.basic / research.data.basic — public ad-library and content insights, where granted, used only to render reports inside MC20.

How NeedAWebNow uses TikTok data

• Display your connected TikTok account and basic profile inside the MC20 dashboard.
• Surface engagement and ad-performance metrics in the analytics views you have opened.
• Publish content to your TikTok account, on a per-post basis, only when you click Publish in MC20.

NeedAWebNow does notsell, rent, or share TikTok data with third parties for advertising. We do not train AI models with your TikTok content. Access tokens are encrypted at rest with AES-256-GCM. You can disconnect NeedAWebNow at any time from inside MC20 (Settings → Connections) or from your TikTok account's authorized-apps list, which immediately revokes the integration.

NeedAWebNow's use and transfer of information received from TikTok APIs adheres to theTikTok API Terms of Serviceand the TikTok Privacy Policy.

4. Data sharing and sub-processors

We share data only with the third-party sub-processors required to operate the Service:

• Hetzner Online GmbH (hosting infrastructure, Germany).
• Anthropic and DeepSeek (LLM providers, configured for zero data retention).
• Stripe (payment processing, only billing data — never Gmail or Analytics content).
• Resend (transactional email delivery).
• Cloudflare (CDN and DDoS protection).
• Replicate (image generation, when you trigger it).

We do not sell your personal data to anyone. We do not share it with advertisers.

5. Data retention

We retain your account data for as long as your account is active. If you cancel, we delete your data within 30 days unless retention is required by law (e.g., financial records for tax purposes). Audit logs of administrative actions are retained for one year for security purposes. You can request immediate deletion of any specific data via the procedure in Section 8.

6. Security

OAuth tokens are encrypted at rest with AES-256-GCM. All traffic is served over HTTPS (TLS 1.2+). We enforce role-based access control inside the platform; per-tenant data is logically isolated and a member of one project cannot read another project's data. We follow industry best practices for password hashing, session management, and audit logging.

7. Children's privacy

MC20 is not directed at children under 13. We do not knowingly collect personal information from children.

8. Your rights and choices

• Access & export. You can export your data at any time from /settings.
• Correction. You can edit or update your data inside the Service.
• Deletion. You can delete your account or specific data via /settings or by emailing us — see Section 11.
• Revoke Google access. You can disconnect any Google integration at any time at myaccount.google.com/permissions, which immediately revokes our access tokens.
• Object & restrict. EU/UK residents have additional rights under GDPR — contact us to exercise them.

9. International data transfers

MC20 is hosted in Germany (Hetzner). If you access the Service from outside Germany, your data is transferred to Germany and processed there. We rely on Standard Contractual Clauses for any cross-border transfers of EU personal data.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email and via an in-product notice at least 14 days before they take effect. The "Last updated" date at the top of this policy reflects the latest revision.

11. Contact

For privacy questions, data deletion requests, or any other concern, contact:

NeedAWebNow / MC20
Eddy Morillo
Saint Cloud, FL 34772, USA
Email: hello@needawebnow.com
Phone: 786-426-4902