SharksAPI.AI
Login Sign Up

Privacy Policy

How we protect and handle your data

Last updated: March 23, 2026

Quick Summary

We take your privacy seriously. We only access the data you explicitly connect, never share it with third parties for commercial purposes, and you can delete everything at any time. Your API tokens and credentials are encrypted and project-isolated.

1. Introduction

Welcome to SharksAPI.AI ("we," "our," or "us"), operated by Marketing Sharks OÜ. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing, sales, support, and business automation platform at https://sharksapi.ai.

By using SharksAPI.AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Registration Data: Name, email address, password (encrypted)
  • OAuth Data: When you sign in with Google, we receive basic profile information (name, email)
  • Project Data: Project names, settings, and configurations

2.2 Connected Services Data

When you connect third-party services, we access and store data based on your explicit consent:

CategoryServicesData Accessed
AnalyticsGoogle Analytics 4, Google Search Console, Mixpanel, Amplitude, Hotjar, PlausibleWebsite traffic, user behavior, search performance
AdvertisingGoogle Ads, Meta Ads (Facebook & Instagram)Campaign performance, spend, conversions
Social MediaFacebook, Instagram, LinkedIn, Twitter/X, YouTube, TikTok, PinterestPage analytics, engagement, followers
CRM & SalesPipedrive, HubSpot, Salesforce, Zoho CRM, Close CRMDeals, contacts, activities, pipeline
EmailGmail, SMTP/IMAP, Mailchimp, SendGrid, Brevo, KlaviyoEmail messages, campaigns, analytics
ProductivityGoogle Drive, Google Calendar, Notion, Slack, Asana, Trello, JiraFiles, events, tasks, messages
AccountingMerit Aktiva, QuickBooks, XeroInvoices, payments, customers
CMSWordPress, WebflowPosts, pages, SEO data
SupportZendesk, Intercom, Freshdesk, Crisp, LiveChatTickets, conversations, knowledge base
E-CommerceShopify, WooCommerce, StripeProducts, orders, customers, payments

2.3 API Tokens and Credentials

  • OAuth Tokens: Encrypted access and refresh tokens for connected services
  • API Keys: Encrypted API keys for third-party integrations
  • MCP Tokens: Bearer tokens for Claude AI MCP access (project-isolated)
  • Custom GPT Tokens: Bearer tokens for OpenAI Custom GPT access (project-isolated)

2.4 Usage Data

  • Chat conversations with AI assistants (MarketingBot, SalesBot, OpsAgent, ManagementBot, SupportAgent)
  • API usage logs and statistics
  • MCP tool call logs
  • Error logs and debugging information

3. How We Use Your Information

3.1 Service Provision

  • Provide AI-powered analytics, insights, and automation
  • Connect and sync data from your third-party services
  • Generate reports and dashboards
  • Enable MCP (Model Context Protocol) integrations with Claude AI
  • Enable Custom GPT integrations with OpenAI
  • Process email campaigns and scheduled tasks

3.2 AI Processing

  • Send relevant data to AI providers (OpenAI, Anthropic Claude, Google Gemini) for analysis
  • Generate insights, recommendations, and summaries
  • Create and optimize content (blog posts, emails, ads)
  • Provide 24/7 customer support via SupportAgent
Important: Your data may be sent to third-party AI providers (OpenAI, Anthropic, Google) for processing. Each provider has their own privacy policy and data handling practices. We use enterprise-grade API access where available.

4. Data Security

4.1 Encryption

  • In Transit: All data is transmitted over HTTPS/TLS encryption
  • At Rest: Sensitive data (passwords, API keys, OAuth tokens) is encrypted using AES-256
  • API Tokens: Sanctum tokens are hashed and project-isolated

4.2 Access Control

  • Project Isolation: Each project's data is strictly isolated
  • Token-Based Access: API and MCP tokens are project-specific
  • OAuth2 + PKCE: MCP connections use industry-standard OAuth2 with PKCE
  • Role-Based Permissions: Admin and user roles with granular capabilities

4.3 Infrastructure

  • Hosted on AWS EU (Frankfurt) infrastructure
  • Regular security updates and patches
  • Automated backups
  • Application-level monitoring and logging

5. Data Sharing and Third Parties

5.1 Third-Party Services We Use

  • OpenAI: AI processing for MarketingBot, SalesBot, OpsAgent
  • Anthropic (Claude): AI processing via MCP integration
  • Google Cloud: OAuth authentication and API access
  • AWS SES: Transactional and campaign email delivery
  • Your Connected Services: We access data from services you explicitly connect

5.2 We Do NOT Share Your Data With

  • Advertisers or marketing companies
  • Data brokers or aggregators
  • Other users or projects (strict isolation)
  • Any third parties for commercial purposes

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

6. Data Retention and Deletion

6.1 Retention Period

  • Active Accounts: Data is retained as long as your account is active
  • Synced Data: Analytics and metrics are stored for historical analysis
  • Chat History: AI conversations are stored for context
  • Logs: System logs are retained for 90 days

6.2 Your Right to Delete

You can delete your data at any time:

  • Disconnect individual services from your dashboard
  • Delete specific projects and their data
  • Revoke MCP and API tokens
  • Delete your entire account
  • Contact tanel@marketingsharks.ee for complete data deletion

7. Your Rights (GDPR)

As an EU-based service (Estonia), we comply with GDPR. You have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: tanel@marketingsharks.ee

8. Cookies

8.1 Essential Cookies

  • Session Cookies: Keep you logged in
  • CSRF Tokens: Protect against cross-site request forgery
  • Preferences: Remember your settings and selected project

8.2 No Third-Party Advertising Cookies

We do NOT use advertising cookies or tracking pixels from third parties.

9. MCP, Custom GPT, and AI Agent Access

9.1 MCP (Model Context Protocol)

  • SharksAPI.AI provides MCP server access for Claude AI (Anthropic)
  • MCP connections use OAuth2 with PKCE for secure authorization
  • Each MCP session is bound to a specific project
  • Tool calls are logged for security and debugging
  • You can revoke MCP access at any time

9.2 Custom GPT Access

  • API tokens for Custom GPTs are project-specific and encrypted
  • Tokens can be revoked from the API Tokens page
  • Custom GPTs can only access data from their linked project

9.3 AI Agents

  • Our AI agents (MarketingBot, SalesBot, OpsAgent, ManagementBot, SupportAgent) process your data to provide insights and automation
  • Agent actions are logged and auditable
  • Agents operate within project boundaries only
Important: Never share your API tokens or MCP credentials publicly. Treat them like passwords.

10. Children's Privacy

SharksAPI.AI is a business tool not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will notify you by email.

12. Contact Us

If you have any questions about this Privacy Policy:

Company: Marketing Sharks OÜ

Email: tanel@marketingsharks.ee

Website: https://sharksapi.ai

Country: Estonia, European Union

Back to Home