See what’s trending across Google, YouTube, TikTok and Reddit.

See what’s trending across Google, YouTube, TikTok and Reddit.

Privacy Policy

Last updated: 15 May 2026

1. Who we are

My Content Lab (the “Service”, “we”, “us”) is operated by AMW Media LTD, a company registered in England & Wales. We act as the data controller for personal data processed through mycontentlab.co.uk and the My Content Lab application.

For any privacy or data-protection enquiries: legal@mycontentlab.co.uk.

2. What data we collect

  • Account data — name, email address, hashed password, organisation name, role and preferences.

  • OAuth tokens & scopes — when you connect a marketing platform (Meta / Facebook / Instagram, Google / Google Analytics 4 / Google Search Console / Google Ads / Google Business Profile / YouTube, LinkedIn organic and Ads, Pinterest, TikTok organic and Ads, Threads), we store the access and refresh tokens and the scopes you granted, encrypted at rest.

  • Marketing analytics — aggregated metrics returned by those APIs (impressions, reach, clicks, posts, video views, ads spend, conversions, etc.). We do not collect message content, direct messages, or personally identifiable information about your followers.

  • Billing data — handled by Stripe. We store your subscription tier and Stripe customer ID; we never see or store full card numbers.

  • Usage & cookies — page views, feature usage and device data via Google Tag Manager (GTM) for product analytics. See section 14 (Cookies).

3. How we use your data

We use the data above strictly to:

  • Provide the reporting dashboards, AI insights and PDF reports you request;

  • Sync platform data on the schedule you configure;

  • Authenticate you, secure your account and prevent abuse;

  • Process subscriptions and send transactional service emails;

  • Respond to support, legal and billing enquiries.

We do not sell your data, use it to train machine-learning models, or use it for advertising.

4. Google API Services Limited Use disclosure

My Content Lab’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained from Google APIs (Google Analytics, Search Console, Google Ads, Google Business Profile, YouTube) is:

  • Used only to provide and improve user-facing features inside the My Content Lab dashboard and exported reports;

  • Not transferred to third parties except as necessary to provide those features, comply with applicable law, or as part of a merger / acquisition with appropriate notice;

  • Not used to serve advertisements;

  • Not used to train generalised or third-party AI / ML models;

  • Not read by humans, except (a) with your explicit consent, (b) where necessary for security, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised for internal operations.

5. Meta Platform Terms compliance (Facebook, Instagram, Threads)

Where we process Platform Data received from Meta (via the Facebook Graph, Instagram Graph, Marketing API, or Threads API), we comply with the Meta Platform Terms and Developer Policies. We:

  • Use Platform Data only to provide the requested reporting features to the user who connected the account;

  • Do not sell, license or sublicense Platform Data;

  • Do not merge Platform Data across users for ad targeting or model training;

  • Delete Platform Data within 30 days when you disconnect the platform, delete your account, or when Meta instructs us to do so;

  • Maintain administrative, physical and technical safeguards to protect Platform Data.

6. LinkedIn, Pinterest and TikTok data

For data accessed through the LinkedIn Marketing Developer Platform, Pinterest API v5 and TikTok Login Kit / Business API, we:

  • Process only the page-level / account-level analytics required to render your reports;

  • Honour the platform’s retention and deletion requirements, deleting tokens and cached data within 30 days of disconnection;

  • Never share this data with third parties for advertising or resale.

7. Legal bases for processing (UK GDPR)

  • Contract — to deliver the Service you have subscribed to.

  • Legitimate interest — to secure the Service, prevent fraud and improve the product.

  • Consent — for non-essential cookies and optional marketing emails. You can withdraw consent at any time.

  • Legal obligation — to retain billing records required by HMRC.

8. Sub-processors we share data with

  • Supabase / Lovable Cloud — database, authentication and storage hosting (EU region).

  • Stripe, Inc. — payment processing (US, UK SCCs in place).

  • Resend, Inc. — transactional email delivery (US, UK SCCs in place).

  • Google LLC — when you connect a Google product, your data is fetched from Google’s servers under their terms.

  • Meta Platforms, Inc., LinkedIn, Pinterest, TikTok — same as above for their respective APIs.

9. International transfers

Some sub-processors are located outside the UK / EEA. Where this is the case, transfers are protected by the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an equivalent adequacy mechanism.

10. How long we keep your data

  • Account data — for as long as your account is active, then up to 12 months after closure.

  • OAuth tokens — until you disconnect the platform, delete your account, or revoke the token at the source platform.

  • Synced platform analytics — for the historical window allowed by your subscription tier (12 months standard, 24 months Agency), then rolling-deleted.

  • Billing records — 7 years (UK statutory retention).

  • Encrypted off-site backups — 30 days.

11. Security

We protect your data with industry-standard controls: TLS 1.2+ in transit, AES-256 at rest, encrypted OAuth tokens, Postgres Row-Level Security for multi-tenant isolation, hashed passwords (bcrypt / Argon2), least-privilege access, and audit logging on all admin actions.

12. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you;

  • Have inaccurate data corrected;

  • Have your data erased (see our Data Deletion page);

  • Receive your data in a portable format;

  • Object to or restrict processing;

  • Withdraw consent;

  • Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, email legal@mycontentlab.co.uk.

13. Children

The Service is not directed at people under 16, and we do not knowingly collect data from children.

14. Cookies

We use a minimal set of essential cookies for authentication and session management, plus first-party analytics cookies via Google Tag Manager. You can clear or block cookies in your browser settings; doing so may impact some Service features.

15. Changes to this policy

We will update the “Last updated” date at the top of this page when this policy changes. Material changes will be communicated by email to your account address.

16. Contact