Legal
Privacy Policy
Privacy Policy
Privacy Policy
Last Updated: February 18, 2026
This Privacy Policy explains how M2 AI, LLC (“M2 AI,” “we,” “us”) collects, uses, discloses, and protects information when you use our website and AI automation services.
1. Scope This policy applies to:
• m2ai.tech
• app.m2ai.tech
• Services where M2 AI provides AI agents, workflow automation, and integrations
2. What We Do M2 AI provides software and services that can:
• Analyze business content and communications
• Generate draft outputs and suggested actions
• Execute automations in connected systems based on your configuration
3. Roles: Controller and Processor Depending on context, M2 AI acts as:
• Controller for account, billing, support, security, and product analytics data
• Processor/Service Provider for customer content processed on your instructions (for example, inbox, CRM, or workflow data) If we process personal data as your processor, a Data Processing Addendum (DPA) is available on request.
4. Information We Collect 4.1 Information You Provide • Account and contact data (name, email, company, role)
• Billing data (handled by payment processors; we do not store full card numbers)
• Prompts, instructions, workflow settings, and uploaded content
• Support requests and communications 4.2 Information We Collect Automatically
• Log and telemetry data (timestamps, feature usage, API events)
• Device/browser data (IP address, user agent, OS)
• Security events and audit records
• Cookie data for authentication, preferences, and analytics 4.3 Information from Integrations When you authorize integrations (for example, email, calendar, CRM, social, commerce, or payment systems), we receive data according to scopes you approve.
5. AI Processing and Automated Actions Disclosure Our services use AI models and agent workflows. By using AI features, you acknowledge:
• Inputs may be processed by M2 AI systems and approved subprocessors
• Outputs are probabilistic and may be inaccurate
• Automated actions may execute in connected systems based on your configuration
• You are responsible for review before use in legal, financial, HR, medical, or other high-stakes contexts We do not use customer content to train public models unless you explicitly opt in by written agreement.
6. How We Use Information We use information to:
• Provide and operate services
• Run automations and integrations you configure
• Secure accounts and prevent abuse
• Provide support and billing
• Improve reliability and performance using de-identified or aggregated analytics
• Comply with legal obligations
7. Lawful Bases (EEA/UK/Swiss Users) Where GDPR or similar laws apply, lawful bases include:
• Contract performance
• Legitimate interests (service security, fraud prevention, product reliability)
• Consent (where required)
• Legal obligation 7A. Automated Decision-Making and Profiling M2 AI does not make solely automated decisions that produce legal effects or similarly significant effects on individuals without human involvement, unless such operation is expressly configured and directed by the customer. Where required by law, we support customer obligations to provide notice and human review mechanisms for significant automated decisions.
8. Sharing and Disclosure We do not sell personal information. We disclose information only:
• To subprocessors/service providers under contract • To connected platforms as required to perform enabled workflows
• If required by law, court order, or valid legal process • In a merger, acquisition, or asset sale (with notice where legally required)
9. Subprocessors We use provider categories such as: • Cloud infrastructure and storage
• AI inference providers
• Payment processors
• Security, monitoring, and analytics tools
• Customer support and communications tools Current subprocessor details are available on request at richard@m2ai.tech.
10. Data Retention We retain data for limited periods based on purpose: Data Type | Typical Retention Account profile and contract records | During account + 7 years (tax/legal records) Service content and workflow data | During account + up to 30–90 days after termination, unless contract states otherwise System and security logs | 12–24 months Support tickets | Up to 3 years Backups | Rolling backup cycles, generally up to 30 days We may retain data longer when required by law, legal hold, fraud prevention, or dispute resolution.
11. Security and Incident Notification We use reasonable administrative, technical, and physical safeguards, including:
• Encryption in transit (TLS)
• Encryption at rest for production systems
• Role-based access controls and least privilege
• Access logging and security monitoring
• Incident response procedures If we confirm a breach affecting personal data, we will provide notice without undue delay and, where GDPR applies, support notification within 72 hours of becoming aware when legally required.
12. Your Privacy Rights Depending on your location, you may have rights to:
• Access data we hold
• Correct inaccurate data
• Delete data (subject to legal exceptions)
• Receive a portable copy
• Opt out of certain profiling/targeted advertising where applicable
• Appeal a denied request To submit a request: richard@m2ai.tech.
13. Appeals Process If we deny your request, you may submit an appeal within 30 days by emailing richard@m2ai.tech with subject line “Privacy Rights Appeal.” We will review and respond within the timeline required by applicable law.
14. California and Texas Notices For California residents, we provide CCPA/CPRA-style disclosures, including categories collected, purposes, and rights requests. For Texas residents, we support rights requests and appeals consistent with applicable Texas privacy law requirements. M2 AI does not sell personal information and does not share personal information for cross-context behavioral advertising.
15. International Transfers If you access services outside the United States, your data may be processed in the U.S. or other jurisdictions where our providers operate. Contractual safeguards are used where required.
16. Children Services are not directed to children under 13, and we do not knowingly collect their personal data.
17. Changes to This Policy We may update this policy from time to time. Material changes will be communicated through the service or by email where appropriate.
18. Contact M2 AI, LLC 2240 FM 1092 Rd, Suite 4020, Missouri City, TX 77459 richard@m2ai.tech
Privacy Policy
Last Updated: February 18, 2026
This Privacy Policy explains how M2 AI, LLC (“M2 AI,” “we,” “us”) collects, uses, discloses, and protects information when you use our website and AI automation services.
1. Scope This policy applies to:
• m2ai.tech
• app.m2ai.tech
• Services where M2 AI provides AI agents, workflow automation, and integrations
2. What We Do M2 AI provides software and services that can:
• Analyze business content and communications
• Generate draft outputs and suggested actions
• Execute automations in connected systems based on your configuration
3. Roles: Controller and Processor Depending on context, M2 AI acts as:
• Controller for account, billing, support, security, and product analytics data
• Processor/Service Provider for customer content processed on your instructions (for example, inbox, CRM, or workflow data) If we process personal data as your processor, a Data Processing Addendum (DPA) is available on request.
4. Information We Collect 4.1 Information You Provide
• Account and contact data (name, email, company, role)
• Billing data (handled by payment processors; we do not store full card numbers)
• Prompts, instructions, workflow settings, and uploaded content
• Support requests and communications 4.2 Information We Collect Automatically
• Log and telemetry data (timestamps, feature usage, API events)
• Device/browser data (IP address, user agent, OS)
• Security events and audit records
• Cookie data for authentication, preferences, and analytics
4.3 Information from Integrations When you authorize integrations (for example, email, calendar, CRM, social, commerce, or payment systems), we receive data according to scopes you approve.
5. AI Processing and Automated Actions Disclosure Our services use AI models and agent workflows. By using AI features, you acknowledge:
• Inputs may be processed by M2 AI systems and approved subprocessors
• Outputs are probabilistic and may be inaccurate
• Automated actions may execute in connected systems based on your configuration
• You are responsible for review before use in legal, financial, HR, medical, or other high-stakes contexts We do not use customer content to train public models unless you explicitly opt in by written agreement.
6. How We Use Information We use information to:
• Provide and operate services
• Run automations and integrations you configure
• Secure accounts and prevent abuse
• Provide support and billing
• Improve reliability and performance using de-identified or aggregated analytics
• Comply with legal obligations
7. Lawful Bases (EEA/UK/Swiss Users) Where GDPR or similar laws apply, lawful bases include:
• Contract performance
• Legitimate interests (service security, fraud prevention, product reliability)
• Consent (where required)
• Legal obligation 7A. Automated Decision-Making and Profiling M2 AI does not make solely automated decisions that produce legal effects or similarly significant effects on individuals without human involvement, unless such operation is expressly configured and directed by the customer. Where required by law, we support customer obligations to provide notice and human review mechanisms for significant automated decisions.
8. Sharing and Disclosure We do not sell personal information. We disclose information only:
• To subprocessors/service providers under contract
• To connected platforms as required to perform enabled workflows
• If required by law, court order, or valid legal process
• In a merger, acquisition, or asset sale (with notice where legally required)
9. Subprocessors We use provider categories such as:
• Cloud infrastructure and storage
• AI inference providers
• Payment processors
• Security, monitoring, and analytics tools
• Customer support and communications tools Current subprocessor details are available on request at richard@m2ai.tech.
10. Data Retention We retain data for limited periods based on purpose: Data Type | Typical Retention Account profile and contract records | During account + 7 years (tax/legal records) Service content and workflow data | During account + up to 30–90 days after termination, unless contract states otherwise System and security logs | 12–24 months Support tickets | Up to 3 years Backups | Rolling backup cycles, generally up to 30 days We may retain data longer when required by law, legal hold, fraud prevention, or dispute resolution.
11. Security and Incident Notification We use reasonable administrative, technical, and physical safeguards, including:
• Encryption in transit (TLS)
• Encryption at rest for production systems
• Role-based access controls and least privilege
• Access logging and security monitoring
• Incident response procedures If we confirm a breach affecting personal data, we will provide notice without undue delay and, where GDPR applies, support notification within 72 hours of becoming aware when legally required.
12. Your Privacy Rights Depending on your location, you may have rights to:
• Access data we hold
• Correct inaccurate data
• Delete data (subject to legal exceptions)
• Receive a portable copy
• Opt out of certain profiling/targeted advertising where applicable
• Appeal a denied request To submit a request: richard@m2ai.tech.
13. Appeals Process If we deny your request, you may submit an appeal within 30 days by emailing richard@m2ai.tech with subject line “Privacy Rights Appeal.” We will review and respond within the timeline required by applicable law.
14. California and Texas Notices For California residents, we provide CCPA/CPRA-style disclosures, including categories collected, purposes, and rights requests. For Texas residents, we support rights requests and appeals consistent with applicable Texas privacy law requirements. M2 AI does not sell personal information and does not share personal information for cross-context behavioral advertising.
15. International Transfers If you access services outside the United States, your data may be processed in the U.S. or other jurisdictions where our providers operate. Contractual safeguards are used where required.
16. Children Services are not directed to children under 13, and we do not knowingly collect their personal data.
17. Changes to This Policy We may update this policy from time to time. Material changes will be communicated through the service or by email where appropriate.
18. Contact M2 AI, LLC 2240 FM 1092 Rd, Suite 4020, Missouri City, TX 77459 richard@m2ai.tech
Let AI do the Work so you can Scale Faster
Book a Call Today and Start Automating