Privacy Policy
Last updated June 10, 2026
This Privacy Policy explains how MassFarmer ("MassFarmer", "we", "us", or "our") collects, uses, discloses, and protects personal information when you visit massfarmer.com, use our dashboard, companion applications, API, or any related services (collectively, the "Service").
We have written this Policy to the standard expected of an enterprise SaaS provider: it describes what we collect, why, on what legal basis, with whom we share it, how long we keep it, and what rights you have. By using the Service, you acknowledge this Privacy Policy. If you do not agree, please do not use the Service.
1. Who we are
MassFarmer provides a cloud platform for managing remote mobile device profiles, residential proxies, social-media account automation, media storage, team collaboration, and subscription billing.
Contact (privacy requests): hello@massfarmer.comSupport: info@massfarmer.com · t.me/massfarmer_support
2. Scope and our roles
This Policy covers personal information processed in connection with the Service.
We act in two distinct roles:
| Role | When | Examples |
|---|---|---|
| Controller | For data we collect about you to run our business | Your account, billing, security logs, support history, marketing preferences |
| Processor (service provider) | For personal data contained in content you submit and accounts you connect | Connected-account data, media files, automation configurations, audience data inside your workspace |
Where we act as a processor, you are responsible for ensuring you have a lawful basis to submit that data to the Service, and we process it only on your instructions as expressed through your use of the Service. Enterprise customers may request a data processing agreement at hello@massfarmer.com.
3. Information we collect
We collect information in three ways: (a) you provide it directly, (b) it is generated through your use of the Service, and (c) we receive it from third parties (for example, sign-in providers and payment processors).
3.1 Account and identity data
When you register or sign in, we may collect:
- Full name and email address
- Password (stored in hashed form; we never store plaintext passwords)
- Email verification status and one-time verification codes
- Profile image (if you upload one or connect a social login)
- OAuth tokens from connected sign-in providers (encrypted at rest)
- Messenger user ID, username, and chat ID (when you use messenger-based sign-in or our companion app)
- Two-factor authentication (2FA) secrets and backup codes
- Organization and team membership, roles, and invitation emails
- User preferences (e.g. theme, language, notification settings)
- API key metadata (prefix, permissions, usage statistics — we do not retain the full secret after creation)
Sign-in methods may include email and password, social login, or messenger-based authentication, depending on what we make available.
3.2 Billing and payment data
When you purchase Device Slots or subscriptions:
- Order details: device type (Android/iOS), quantity, geographic location, amount, and currency (USD)
- Payment status, invoice references, and subscription status
- Email address submitted at checkout (passed to our payment processor)
- Payment confirmation data received from our processor (retained for reconciliation, accounting, and fraud prevention)
We do not store full payment card numbers or cryptocurrency wallet private keys. Payments are handled by independent payment processors; their own privacy practices apply to payment data they collect directly.
3.3 Service and operational data
To operate cloud devices, proxies, and automations, we process:
- Device profiles: name, device type and version, remote session URLs, GPS coordinates, network statistics, error logs, and related technical metadata
- Connected accounts: usernames, platform or service name, profile links, external identifiers, and performance statistics (followers, views, and similar metrics) for accounts you connect to profiles
- Proxies: host, port, credentials, IP address, and status associated with your profiles
- Automations and tasks: automation definitions, schedules, execution status, results metadata, and external task identifiers
- Media files: files you upload or generate, including filename, MIME type, size, and technical metadata
- Affiliate data: referral codes, referral relationships, and commission records if you participate in our affiliate program
You are responsible for ensuring you have a lawful basis to provide connected-account, media, and automation data to us (see Section 2).
3.4 Technical and usage data
We collect automatically:
- IP address and network identifiers
- Browser type, user agent, operating system, and session identifiers
- Pages visited, features used, actions taken, and timestamps
- Cookie and local-storage identifiers (see Section 9)
- Logs of API requests, webhook deliveries, and security events
We may use analytics tools to understand aggregate usage and improve the Service. Where required by law, non-essential analytics are deployed only with your consent.
3.5 Communications
When you contact support or receive transactional messages from us, we process the content of those communications and associated metadata (channel, timestamps, participants) to resolve your request and maintain a support history.
4. How we use information
| Purpose | What it involves |
|---|---|
| Service delivery | Operating your account, provisioning cloud devices, proxies, and automations; storing media; running scheduled tasks |
| Security | Authenticating users, enforcing 2FA, detecting and preventing fraud, abuse, and unauthorized access; incident investigation |
| Billing | Processing payments, subscriptions, invoices, refunds where applicable, and affiliate commissions |
| Support | Responding to requests, diagnosing issues, honoring service-level commitments |
| Communications | Sending transactional messages (verification codes, password resets, team invitations, billing and service notices) |
| Improvement | Analyzing aggregate usage to improve performance, reliability, and features |
| Compliance | Meeting legal obligations and enforcing our Terms of Service |
We do not sell your personal information, and we do not use your private media or connected-account content for advertising unrelated to the Service.
5. Legal bases (EEA/UK users)
If you are in the European Economic Area or the United Kingdom, we process personal data on the following bases:
| Purpose | Legal basis |
|---|---|
| Account creation, Service delivery, billing | Performance of a contract |
| Security, fraud prevention, logging | Legitimate interests (balanced against your rights and freedoms) |
| Legal and tax compliance | Legal obligation |
| Marketing communications (if any) | Consent, or legitimate interests where permitted |
| Non-essential analytics cookies | Consent, where required |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, you may object as described in Section 11.
6. How we share information
We share personal information only as necessary to operate the Service, with the following categories of carefully selected service providers:
| Category | Purpose |
|---|---|
| Payment processors | Subscription billing and fraud prevention |
| Cloud and hosting providers | Infrastructure, databases, backups |
| Communications providers | Transactional email and support messaging |
| Authentication and security providers | Sign-in, bot protection, abuse prevention |
| Analytics providers | Aggregate usage measurement (where enabled) |
| AI and automation infrastructure | Features you enable in your workspace |
| File storage providers | Media and uploaded content |
As a matter of policy, we do not publish the identity of our suppliers: our supply chain is confidential information and part of the proprietary value of the Service. Every provider is bound by confidentiality and data-processing obligations appropriate to its role, and we remain accountable to you for their processing of your data on our behalf.
We may also disclose information:
- To professional advisers (lawyers, accountants, auditors) under confidentiality obligations
- To law enforcement, regulators, or courts when required by law, or where necessary to protect the rights, property, or safety of MassFarmer, our customers, or the public
- In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and with notice where required by law
7. International transfers
We and our service providers may process data in countries other than your own. Where personal data is transferred from the EEA, UK, or Switzerland to countries not deemed adequate, we rely on appropriate safeguards such as Standard Contractual Clauses (with supplementary measures where needed) or other lawful transfer mechanisms.
8. Data retention
We retain personal information for as long as necessary for the purposes described in this Policy, then delete or anonymize it. Indicative periods:
| Data | Retention |
|---|---|
| Account data | Until account deletion, plus a short backup window |
| Billing and tax records | Typically 7 years where tax law requires |
| Server and security logs | Rolling retention, typically 30–90 days (longer if needed for an active security investigation) |
| Support communications | For the life of the account plus a reasonable period for dispute resolution |
| Deleted accounts | Anonymized or deleted within ~30 days of verified deletion, subject to legal holds |
You may request account deletion at any time in Dashboard → Account → Danger zone.
9. Cookies and similar technologies
| Cookie / storage | Purpose | Duration |
|---|---|---|
| Session cookies | Authentication and security | Session / as configured |
| Language preference | Locale selection | Persistent |
| Referral attribution | Affiliate program | As configured |
| Analytics cookies | Usage measurement (if enabled) | Per provider policy |
Essential cookies are required for sign-in and security; the Service cannot function without them. Non-essential cookies (such as analytics) are subject to your jurisdiction's consent rules. You can control cookies through your browser settings; disabling essential cookies may prevent you from using the Service.
10. Security
We implement technical and organizational measures appropriate to the risk, including:
- TLS encryption for data in transit
- Encryption at rest for sensitive credentials, including OAuth tokens
- Hashing of passwords and one-time codes
- Role-based access controls and the principle of least privilege
- Rate limiting, bot protection, and abuse monitoring
- Infrastructure isolation and network segmentation
- Logging and monitoring of security-relevant events
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We encourage you to use strong, unique passwords and to enable two-factor authentication.
If you believe you have found a vulnerability, report it to hello@massfarmer.com — we review every report. Where a personal-data breach affects you and notification is required by law, we will notify you and the competent authority without undue delay.
11. Your rights
Depending on your location, you may have the right to:
- Access — receive a copy of your personal data and information about how we process it
- Rectification — correct inaccurate or incomplete data
- Erasure — delete your data (account deletion is available in-product)
- Restriction — limit certain processing while a dispute or verification is pending
- Objection — object to processing based on legitimate interests, and to direct marketing at any time
- Portability — receive data you provided in a structured, commonly used, machine-readable format
- Withdraw consent — where processing is based on consent
- Complain — lodge a complaint with your local supervisory authority
To exercise your rights, email hello@massfarmer.com. We may need to verify your identity before responding, and we aim to respond within 30 days (extendable where the law permits for complex requests). We will not discriminate against you for exercising your rights.
Note on workspace data: if your data is processed in a customer's workspace (for example, you appear in content a customer uploaded), we may redirect your request to that customer, who is the controller of that data (see Section 2).
12. Regional disclosures
12.1 California (CCPA/CPRA)
California residents have the rights to know, access, correct, delete, and obtain a portable copy of personal information, and to opt out of "sale" or "sharing" of personal information. We do not sell personal information, and we do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes requiring a right to limit. You may designate an authorized agent to submit requests on your behalf.
12.2 Other jurisdictions
Residents of other jurisdictions with comprehensive privacy laws may have similar rights under their local law. We honor valid requests under applicable law regardless of where you live; contact us as described in Section 11.
13. Automated decision-making
We do not make decisions producing legal or similarly significant effects on you based solely on automated processing. Automated systems are used for security purposes (such as fraud and abuse detection); where such a system materially restricts your account, you may contact support to request human review.
14. Children
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
15. Third-party platforms and connected accounts
When you connect social-media or messaging accounts to the Service, those platforms' own terms and privacy policies govern your activity on them. We are not responsible for the privacy practices, policies, or enforcement actions of third-party platforms. Data that you or your automations publish to a third-party platform is processed by that platform under its own policies and is outside our control.
16. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date, and — where the change materially affects how we process your data — notified through the dashboard or by email in advance where required by law. Continued use of the Service after the effective date constitutes acknowledgment of the updated Policy where permitted by law.
17. Contact us
- Privacy inquiries and rights requests: hello@massfarmer.com
- General support: info@massfarmer.com · @massfarmer_support