Logo

Legal

Privacy Policy

Effective Date: 17 February 2026. This Privacy Policy explains how Multiplied Studio handles personal data, both as a service provider generating media for your campaigns, and as a business interacting directly with you.

Introduction & Who We Are

Welcome to Multiplied. We are a B2B design and automation platform. We do not run third-party advertising trackers, and we never sell your data.

  1. About Us: Multiplied Studio (Pty) Ltd ("Multiplied", "we", "us") operates a dynamic creative platform designed for marketers and brands. This Privacy Policy applies to our website at multiplied.media, our service platforms, and our APIs.
  2. Two Distinct Roles: Because we provide a B2B service, we handle two very different types of data. When you (the marketer or brand) engage us for our service, we act as a Data Controller for your business contact information. When you use our platform to generate personalized media for your own customers, we act strictly as a Data Processor for that campaign data.
  3. Age Restriction: Our services are designed strictly for businesses and professionals. They are not aimed at, nor intended for, children.
  4. Contacting Us: Multiplied Studio (Pty) Ltd is located at 80 Strand Street, Cape Town, 8001, South Africa. Our Data Protection Officer is Lloyd Hofmeyr, who can be contacted at privacy@multiplied.media.

Our Role As Data Processor (The 7/30 Rule)

When you use our platform to generate campaigns, we only process your data to make the media. Input data is permanently deleted after 7 days; hosted media is deleted after 30 days. We never sell or mine this data.

  1. What Data We Receive: When our clients use our automation platform, they securely send us campaign data (which may include names, loyalty metrics, or retail purchase history) to generate personalized GIFs, video, or images.
  2. Strict Purpose Limitation: We process this data only on the instructions of our clients (who are the Data Controllers). We use it exclusively to render the personalized media requested. We do not use this data for our own marketing, profiling, or any external purposes.
  3. 7-Day Input Deletion: Any data supplied by the client to generate media is retained for a maximum of seven (7) days. After this brief processing window, it is permanently and irreversibly deleted from our systems.
  4. 30-Day Media Deletion: The final generated media outputs are hosted on our secure AWS infrastructure for a period of thirty (30) days following the campaign send date. After 30 days, the specific personalized media is permanently deleted, and the URLs fall back to a generic, non-personalized image.
  5. Extended Storage: The strict 7-day and 30-day deletion rules apply by default. If a client requires data or media retention beyond these periods, it must be pre-arranged in writing and will incur additional costs.

Our Role As Data Controller (Your Business Contact Data)

When you (the B2B marketer) engage us, submit a brief, or contact us, we collect your name, email, and billing info to manage our business relationship and communicate with you.

  1. Information You Give Us: We collect personal data when you fill in forms on our site, request a demo, engage our services (e.g., via email or Slack), submit a brief, or contact support. This includes your name, email address, phone number, company name, and job role.
  2. Why We Process It: Our lawful basis for processing this data is the performance of our contract with you, and our legitimate interest in providing you with customer support, managing our business relationship, and sending you critical service updates.
  3. Marketing Communications: If you are an existing customer, or if you have opted in, we may occasionally email you about new features or services similar to those you already use. You can unsubscribe from these messages at any time by clicking the link in the email or contacting us.
  4. Data Sharing & Disclosure: We do not sell your business contact data. We may share it internally with our subsidiaries (such as Multiplied Solutions (Pty) Ltd) for operational purposes, with trusted service providers who help us run our business (such as billing or CRM tools), or if required by law or a corporate merger.

Website Analytics & Cookies

We use PostHog to see how our website is performing and understand user journeys. We do not run third-party advertising trackers to follow you across the internet.

  1. How We Use Cookies: Our website uses cookies (small text files placed on your device) to distinguish you from other users. This helps us provide a smooth browsing experience and allows us to improve our site structure.
  2. PostHog Analytics: We utilize PostHog to track and measure the performance of our website. This collects standard usage information such as the pages you visit, the links you click, and your time spent on the site.
  3. Managing Cookies: You can configure your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Where We Store Your Data

Our primary servers are located in the United States, but EU hosting is available. Our operations team is based in South Africa.

  1. Server Infrastructure: By default, data processed through our platform is securely hosted on Amazon Web Services (AWS) infrastructure located in the United States. Upon specific request, we can provision routing and hosting on European (EU) servers for enterprise clients.
  2. International Transfers: Multiplied Studio is headquartered in South Africa. This means that data (including support tickets and account information) may be accessed by our team operating outside the European Economic Area (EEA).
  3. Safeguards: Whenever we transfer personal data internationally, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as utilizing standard contractual clauses or relying on adequacy decisions where applicable.

Data Security

We use HTTPS encryption, secure cloud infrastructure, and strict access controls to protect your data during its brief lifecycle on our platform.

  1. Technical Measures: All data transfers to, from, and within our platform are encrypted via HTTPS. Our servers are located in highly secure AWS data centers, and we implement strict internal access controls including strong passwords and two-factor authentication (2FA).
  2. Communication Security: We handle our client communications and service delivery over secure channels (such as Slack and authenticated email). We never request passwords or sensitive access information through unverified channels.
  3. Breach Notification: In the unlikely event of a suspected personal data breach, we have procedures in place to deal with it and will notify you, and any applicable regulator, of a breach where we are legally required to do so.

Your Privacy Rights

Under data protection laws (such as GDPR and POPIA), you have specific rights regarding your personal data, including the right to access, correct, or delete it.

  1. Access & Correction: You have the right to request a copy of the personal information we hold about you (a data subject access request) and to request that any incomplete or inaccurate data be corrected.
  2. Erasure: You can ask us to delete or remove your personal data where there is no good reason for us continuing to process it. (Note: Campaign data is already automatically erased after 7 days).
  3. Object & Restrict: You have the right to object to the processing of your personal data where we are relying on a legitimate interest, or to request that we restrict the processing of your personal data in certain scenarios.
  4. Exercising Your Rights: If you wish to exercise any of these rights, please contact us at privacy@multiplied.media. You will not have to pay a fee to access your personal data, though we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
  5. Data Controller Inquiries: If your inquiry relates to data we process on behalf of one of our clients (e.g., you received an email with a personalized GIF generated by our platform), please direct your inquiry to that specific brand, as they are the Data Controller. We will assist our clients in responding to such requests as required by law.

Changes To This Policy

This Privacy Policy is subject to change as our services evolve. We will post the updated version on this page and encourage you to periodically review it for the latest information on our privacy practices. If we make significant changes, we will notify our active clients via email.

If you have any questions or comments regarding this privacy statement, please contact us at privacy@multiplied.media.