This Privacy Policy describes how Kanahiku LLC dba Massic (“Massic,” “we,” “us,” or “Company”) collects, stores, safeguards, and uses data and information (including non-public personal information, or “NPI”) provided by users through:

• Contact Information: Name, email address, phone number, company name.
• Service Data: Access credentials for analytics tools (e.g., GA4, GSC) and website information necessary for SEO services.
• Usage Data: Information about your interactions with our website, including IP address, browser type, and pages visited.
• Payment Information: Processed securely via our payment partners; we do not store full credit card details.

These services are collectively referred to as the “Services”. This policy is incorporated into and forms a material term of your registration and/or use of Massic’s Services. By using any of the Services, you consent to the practices described in this Privacy Policy and the Massic Terms of Service.

Massic collects two types of information:

Information You Provide to Us: Includes account creation details, business contact info, company information, user credentials, and more.

Information We Automatically Collect: Includes browser type, operating system, IP address, usage data, cookies, and other technical data.

We use collected information for the following purposes:

• Providing and maintaining our Services
• Improving and optimizing our Services
• Ensuring security and preventing fraud
• Responding to your requests
• Processing payments and managing accounts
• Sending service updates and important notices
• Complying with legal obligations

Compliance with Google API Services User Data Policy

Massic’s use of data obtained from Google APIs complies with the Google API Services User Data Policy, including the Limited Use of user data requirements and Workspace API User Data and Developer Policy. We only use this data to provide user-facing features, do not use it for advertising or unrelated purposes, do not share it with unauthorized third parties, and do not use it to train general-purpose AI/ML models.

If you connect a Webflow site through the Massic Webflow App or a related publishing integration, Massic may collect and process connector data needed to operate, secure, support, and improve that integration. This may include Webflow workspace ID, site ID, site name, connection state, OAuth access token, CMS collection identifiers, page identifiers, slugs, permalinks, content status, titles, excerpts, HTML content, SEO metadata, featured image metadata, media URLs, publishing status, and connector lifecycle events.

When a user authorizes the Massic Webflow App, Webflow’s OAuth service provides Massic with an access token and associated account information needed to link the Webflow site to the Massic account. Massic stores this token and related connection metadata to authenticate ongoing publishing requests on your behalf.

When the connector is active, Massic may send data to Webflow via its Data API to perform customer-authorized publishing actions. This may include publish requests, update requests, unpublish requests, preview requests, slug availability checks, content HTML, titles, slugs, excerpts, statuses, publish dates, SEO metadata, structured data, featured image references, and media metadata.

We use this data to authenticate connector requests, connect your Massic account to your Webflow site, publish and manage customer-authorized content, provide previews, check slug availability, synchronize connection state, diagnose connector issues, prevent fraud and abuse, protect the security of the Service, provide support, and comply with legal obligations.

We retain connector records, publishing records, and related logs while the relevant account or connection is active and as needed for security, audit, support, business operations, dispute resolution, and legal obligations. Revoking or disconnecting the Massic Webflow App removes Massic’s ability to access your Webflow site going forward, but does not automatically delete CMS items, pages, media, metadata, or other content already published to the site.

Customer content published through Massic may contain personal data if you choose to include it. Massic processes that content as customer-provided content under the Massic Terms of Service and this Privacy Policy. You are responsible for ensuring that you have appropriate rights, notices, and consents for any personal data included in content you publish through Massic.

The Massic Webflow App does not add third-party advertising cookies, tracking pixels, or unrelated telemetry to your Webflow site. If Massic later adds optional telemetry or analytics features to the connector, we will disclose those features and provide any required choices or consent mechanisms.

Connector data may be processed by Massic and its service providers, including hosting, infrastructure, security, logging, storage, analytics, and support providers. We do not sell personal information collected through the Webflow connector. Connector data may be processed in the United States and other locations where Massic or its service providers operate.

We do not sell your personal information. We may share data with:

• Service Providers like cloud storage providers, payment processors, analytics services, etc.
• Business Transfers like mergers, acquisitions, or sales of assets.
• Legal Requirements including compliance with laws or legal processes.

We implement appropriate safeguards to protect your information, including encryption, access controls, regular security assessments, and backup systems. However, we cannot guarantee 100% security of your information.

You have the right to:

• Access and update your information
• Export or delete your data
• Opt-out of marketing communications
• Manage your cookie preferences

For California residents:

• You can request deletion of your personal information
• You can opt-out of the sale of personal information (although we do not sell personal information)
• You can access and port your personal information

For international users, we process data in the United States and comply with applicable data protection laws, including GDPR, and implement appropriate safeguards for cross-border data transfers.

Our Services are not directed to children under 18. If we learn we have collected information from a child under 18, we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Site, sending you an email notification, or displaying a notice in our Services.

For questions about this Privacy Policy or our privacy practices, contact us at: legal@massic.io