Privacy Policy

Last updated: July 13, 2026

UTM Copilot (“UTM Copilot,” “we,” “us,” or “our”) is a service operated by Method Four. This Privacy Policy explains what information we collect when you use the UTM Copilot service at www.utmcopilot.com (the “Service”), how we use and share that information, and the choices you have.

If you have any questions about this policy or our data practices, contact us at support@utmcopilot.com.

1. Information We Collect

We collect the following categories of information:

  • Account information. Your name and email address, collected and managed through Clerk, our authentication provider, when you create an account or sign in.
  • Organization and team data. Organization names, team memberships, and member roles you or your organization administrators configure.
  • Content you create. UTM records, governance conventions and rules, taxonomy value requests, short links, and related settings you create in the Service.
  • Chat conversations. Messages you exchange with the AI assistant. We store conversations so we can provide conversation history and continue your work across sessions.
  • Uploaded files. CSV files you upload for import are parsed and stored so we can run and audit your imports.
  • Usage and analytics data. Events describing how the Service is used, including AI cost and performance telemetry (such as which model handled a request, latency, and estimated cost), used to operate, secure, and improve the Service.
  • Short-link click data. When someone clicks a short link you create, we record the referrer, user agent, and country of the click. We do not collect precise location data.
  • API keys. If you create API keys, we store them in hashed form. We cannot recover a key’s plaintext value after it is created.
  • Payment information. Payments are processed by Stripe through Clerk Billing. We never store your card numbers or full payment credentials on our systems.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service;
  • Authenticate you and enforce organization and role-based access controls;
  • Generate, validate, and manage UTM records and governance rules on your behalf, including through AI-powered features;
  • Maintain your chat history so conversations can be resumed and referenced;
  • Process CSV imports and bulk operations you initiate;
  • Provide analytics such as compliance rates, usage, and AI cost tracking;
  • Process subscriptions and payments;
  • Communicate with you about the Service, including support responses and important notices;
  • Monitor for, prevent, and investigate fraud, abuse, and security incidents; and
  • Comply with legal obligations.

3. AI Processing

UTM Copilot is an AI-first product. To provide features such as the conversational assistant, UTM validation, and AI-assisted CSV imports, your chat messages and the contents of uploaded CSV files are processed by third-party large-language-model providers (for example, OpenAI, Anthropic, and Google), routed through the Vercel AI Gateway.

This processing is performed solely to deliver the Service to you. We do not use your content to train our own models, and we route requests through providers under terms intended to limit their use of your data to providing the inference service.

4. How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

  • With subprocessors that help us operate the Service (see Section 5);
  • Within your organization. Content you create in an organization workspace (UTM records, conventions, imports, and related activity) is visible to other members of that organization according to their roles;
  • For legal reasons, when we believe disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of UTM Copilot, our users, or others; and
  • In a business transfer, such as a merger, acquisition, or sale of assets, in which case this policy will continue to apply to your information.

5. Subprocessors

We rely on the following service providers to operate UTM Copilot:

  • Vercel — application hosting, first-party analytics, and AI gateway routing;
  • Clerk — authentication, user management, and billing;
  • Neon — database hosting;
  • Stripe — payment processing (via Clerk Billing); and
  • Large-language-model providers (for example, OpenAI, Anthropic, and Google) — AI inference for chat and import features, routed through the Vercel AI Gateway.

Each subprocessor is bound by contractual obligations regarding the security and use of your data.

6. Cookies and Analytics

We keep our use of cookies minimal:

  • Essential cookies. Authentication and session cookies set by Clerk are required for sign-in and account security.
  • First-party analytics. We use Vercel Analytics to understand aggregate site usage.

We do not use third-party advertising trackers, and we do not place ad-network cookies on your device.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Chat conversations, UTM records, and import data are retained so you can access your history and audit trails.

If you delete your account, we remove your personal data within 30 days, except where we are required to retain certain records to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements.

8. Your Rights and Choices

You may, at any time:

  • Request access to, an export of, or deletion of your personal data by emailing support@utmcopilot.com;
  • Update your account information through your account settings;
  • Delete your account, which triggers the deletion process described in Section 7; and
  • Unsubscribe from marketing emails using the link in any such email.

Depending on where you live, you may have additional rights under applicable data protection laws (such as the GDPR or state privacy laws), including the right to correct your data or object to certain processing. We honor such requests as required by law.

9. Data Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit, organization-level data isolation, hashed storage of API keys, and role-based access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work continuously to protect your data.

10. International Data Transfers

UTM Copilot is operated from the United States, and our subprocessors may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in jurisdictions that may have different data protection laws than your own.

11. Children's Privacy

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact Us

UTM Copilot is operated by Method Four. For any privacy questions or requests, contact us at support@utmcopilot.com.