Customers

Pricing

EN

Privacy

Privacy Policy of Mable GmbH

§ 1 Introduction

  1. By using Mable’s services, you grant us access to certain data, which we handle in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws of the European Union.

  2. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it.

§ 2 Data Controller Information

  1. Mable GmbH acts as the Data Controller for all personal data collected and processed through its services.

  2. The Mable GmbH is based at Bahnhofplatz 12, 76137 Karlsruhe, Germany.

§ 3 Categories of Data We Process

We may process the following categories of data:

  1. Contact details (e.g., email address)

  2. Authentication credentials (e.g., encrypted passwords)

  3. Analytics and advertising data (e.g., Google Analytics, Meta Ads, TikTok, Pinterest)

  4. E-commerce transaction data (e.g., Shopify and Shopware order details)

  5. Web and application usage data

  6. Web and application usage data

  7. Support interaction data (e.g., helpdesk tickets, chat transcripts, feedback forms)

§ 4 Legal Basis for Processing

  1. We process your data based on the following legal grounds:

    1. Your explicit consent (Art. 6(1)(a) GDPR): For example, when you opt into email marketing or allow integration with external services.

    2. Contractual necessity (Art. 6(1)(b) GDPR): For the performance of a contract, such as providing the Mable service to you.

    3. Compliance with legal obligations (Art. 6(1)(c) GDPR): Where we are required by law to retain certain records or cooperate with lawful investigations.

    4. Legitimate interests (Art. 6(1)(f) GDPR): For purposes such as improving our services, prevention of fraud, internal analytics, and ensuring platform security. When relying on this basis, we always assess and balance our interests against your fundamental rights and freedoms.

    5. Protection of vital interests (Art. 6(1)(d) GDPR): In rare cases, such as where data processing is necessary to protect someone’s life or physical integrity.

    6. Public interest or official authority (Art. 6(1)(e) GDPR): Only applicable if processing is required for a task carried out in the public interest or the exercise of official authority.

  1. We always ensure transparency and maintain clear documentation of our processing activities as required by GDPR.

§ 5 Secure Data Transfer and Storage

  1. Data is transferred via secure (SSL/TLS) connections to protect it during transmission. All data storage is encrypted both in transit and at rest. We use industry-leading cloud infrastructure providers including Google Cloud, AWS, and Oracle, all of which adhere to stringent international security standards such as ISO/IEC 27001.

  2. All our data is stored and processed in the European Economic Area (EEA). Our data centers are protected through physical and logical access controls, continuous monitoring, and routine security audits. Access to stored data is strictly limited to authorized Mable personnel and select contractors who are bound by confidentiality obligations.

  3. Data backups are performed regularly and encrypted to ensure business continuity and disaster recovery capabilities. We also employ firewall protection, role-based access control, and security incident response procedures to ensure a high level of protection for your personal data.‍

§ 6 Email and Passwords

  1. Your email is used for support and limited product announcements (opt-out possible).

  2. Passwords are stored in encrypted form.‍

§ 7 Authentication and Integrations

  1. Google Login: Grants access to name, profile image, email, and Google Analytics properties.

  2. Pinterest, TikTok, META Login: May provide access to profile and performance data necessary for integration.

  3. We never use login data for profiling or sell it to third parties.

§ 8 Analytics and Performance Data

  1. Google Analytics: Used to display site performance, develop internal analytics, and create anonymized benchmarks (minimum cohort size: 10).

  2. TikTok, Pinterest & Meta (Facebook/Instagram) and Google Ads: Access is limited to campaign performance data and meta-information, such as cost, impressions, and engagement rates.

  3. Data from all analytics platforms is used only for customer services or benchmarking in anonymous form.‍

§ 9 Shopify and Shopware Integration

We access and process only non-personal order data (order ID, amount, product). When transferring personally identifiable information (PII) to destinations like Segment.com, it is passed directly without storage. PII refers to any data that can be used to identify an individual, such as names, email addresses, or phone numbers.

§ 10 Advertising Platforms Access

  1. We access the following data for service analytics only:

    1. Account meta-information

    2. Ad performance data (costs, clicks)

    3. Associated identifiers

  2. This includes Meta Ads, TikTok Ads, Pinterest Ads and Google.

§ 11 Use of Google OAuth & User Data

  1. We do not collect or store PII via Google OAuth. Any data accessed is application-specific (e.g., conversion metrics).

  2. This data is stored temporarily and deleted within 60 days of account closure or inactivity.‍

§ 12 Cookies and Tracking Technologies

  1. We use cookies only where necessary to provide core functionality or with your explicit consent.

  2. You may manage your cookie preferences via our Cookie Consent Manager.

§ 13 Data Sharing and Processors

  1. Your data may be shared with the following categories of recipient:

    1. Cloud infrastructure providers (e.g., Google Cloud, AWS, Oracle)

    2. Internal staff and contractors (bound by NDAs)

    3. Legal authorities (where required)

  2. We do not sell your data to third parties.

§ 14 International Data Transfers

  1. All personal data is exclusively stored and processed within the European Union (EU) and European Economic Area (EEA).

  2. We do not transfer data to third countries outside the EU/EEA.

§ 15 Data Retention

  1. Application-specific and anonymized data: retained as long as necessary for service provision.

  2. User data: deleted within 60 days after account closure or inactivity.

§ 16 Your Rights Under GDPR

  1. You have the right to:

    1. Access your personal data

    2. Rectify inaccurate or incomplete data

    3. Erase your data (“right to be forgotten”)

    4. Restrict or object to processing

    5. Data portability

    6. Withdraw consent at any time

    7. Lodge a complaint with a supervisory authority

  2. To exercise any of these rights, please contact us at data-privacy@mable.ai

§ 17 Changes to This Privacy Policy

  1. We reserve the right to update this Privacy Policy.

  2. Material changes will be notified to users via email or platform notification.

§ 18 Contact Information

Mable GmbH Bahnhofplatz 12
76137 Karlsruhe, Germany
E-Mail: data-privacy@mable.ai

Data Protection Officer:

Mr. Thomas Ott
kolbcom GmbH P7, 22, 68161 Mannheim
E-Mail: info@kolbcom.de

Effective Date: 18.06.2025
Version: 2.3

Product

Home

Algorithm Data Optimization

Signal Quality

Solution

For Agency

For Brands

Resources

Customers

Pricing

Want to try?

Book A Free Demo

EN

Legal Notice

Terms

Privacy

© 2026, Mable

© 2026, Mable