Last updated · May 28, 2026
Mediaberry, Inc. (“Mediaberry”, “we”, “us”) provides a SaaS platform that delivers AI-curated retail-investor sentiment briefs to investor relations professionals. This policy explains what data we collect, how we use it, and the choices you have.
↳ This is a first-draft policy. Before public launch, have your counsel review against your actual data practices, jurisdiction, and applicable law (GDPR, CCPA, PIPEDA, etc.).
Account information. When you create a Mediaberry account, we collect your work email, name, company name, job title, and market-cap band. Payment processing is handled by Stripe; we retain your Stripe customer ID and subscription status, but Mediaberry never stores card numbers, CVVs, or bank details.
Usage data. We log which features you use, the AI calls associated with your account (token counts, costs, ticker and event metadata), and email delivery status. This is used for billing, abuse prevention, and product improvement.
Public content. Mediaberry ingests publicly available retail-investor conversations from sources you configure (e.g., X / Twitter, Reddit, Stocktwits, Seeking Alpha). We do not ingest private posts, direct messages, or any non-public content.
Cookies. We use first-party cookies for authentication only. We do not use third-party tracking or advertising cookies.
To deliver the service: generate briefs, send alerts, render the dashboard, manage your subscription, and respond to support.
To improve the product: aggregate usage analytics, compare AI provider performance (the A/B test described in our docs), and identify bugs or abuse.
To meet legal obligations: tax records, anti-fraud, and responses to lawful process.
We do not sell personal information, and we do not use your account data to train any third-party AI model.
Generating briefs and other AI features sends prompt content to our AI providers — currently Google (Gemini) and Anthropic (Claude). The content sent includes ticker symbols, public retail conversation excerpts, and any free-form context you supply (e.g., for talking points).
We rely on each provider's commitments not to train on customer prompt content. As of the last-updated date above: Google Cloud Vertex AI offerings (and the consumer Gemini API under our usage tier) and Anthropic's API are configured for no-training-on-customer-data by default. We will update this page if those commitments change.
We rely on the following subprocessors to operate Mediaberry:
Each subprocessor processes data only as needed to deliver its slice of the service. Contact legal@mediaberry.com for the current list with version numbers.
Active accounts: data is retained for the life of the account. Briefs, mentions, and alerts are retained for the period defined by your subscription terms; older data is automatically purged.
Deleted accounts: when you delete your account, we mark it as deleted, cancel your subscription, and stop new ingestion within minutes. Historical data is retained for 30 days for support / re-activation, then permanently removed.
Data is encrypted in transit (TLS 1.2+) and at rest (Supabase / AWS KMS). API keys are stored as SHA-256 hashes; cleartext is never persisted. Access to production systems is limited to named employees and audited.
To report a security issue, email security@mediaberry.com.
Depending on your jurisdiction, you may have rights to access, correct, export, or delete personal data we hold about you. Most self-service is available in /settings. For requests beyond that, email legal@mediaberry.com and we will respond within 30 days.
We will post material changes here with a new last-updated date. For changes that materially expand our use of personal data, we will email registered users at least 30 days before they take effect.
↳ Questions? legal@mediaberry.com