Privacy Policy

Account Information

• Name and email address when you create an account
• Company information and project details you provide
• Profile information and preferences

Usage Information

• Ideas, documents, and content you create within the platform
• Activity logs and feature usage patterns
• Device information and browser type

Technical Information

• IP address and location data (for security purposes)
• Cookies and similar tracking technologies
• Error logs and performance metrics

We use your information solely to:

• Provide our service: Enable idea management, collaboration, and project organization
• Improve our platform: Analyze usage patterns to enhance features and performance
• Communicate with you: Send important updates, security notifications, and support responses
• Ensure security: Protect against fraud, abuse, and unauthorized access
• Comply with legal obligations: Meet regulatory requirements when necessary

We Do Not Sell Your Data

Molley never sells, rents, or trades your personal information to third parties.

Limited Sharing

We may share your information only in these specific circumstances:

• Service providers: Trusted vendors who help us operate our platform (hosting, analytics, support) under strict confidentiality agreements
• Legal requirements: When required by law, court order, or to protect our rights and safety
• Business transfers: In the event of a merger or acquisition, with advance notice to users
• With your consent: When you explicitly authorize us to share specific information

Team Collaboration

Information you share within your company or project teams is visible to other team members as part of the collaborative features.

We implement industry-standard security measures to protect your information:

• Encryption in transit and at rest
• Regular security audits and monitoring
• Access controls and authentication requirements
• Secure data centers and infrastructure
• Employee training on data protection practices

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update or correct inaccurate information
• Delete: Request deletion of your account and data
• Export: Download your data in a portable format
• Restrict: Limit how we process your information
• Object: Opt out of certain data processing activities

To exercise these rights, contact us at support@molley.io

We retain your information for as long as:

• Your account is active and you continue using our service
• Required to provide you with our services
• Necessary to comply with legal obligations
• Needed to resolve disputes or enforce our agreements

When you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

We use cookies and similar technologies to:

• Keep you logged in and remember your preferences
• Analyze how you use our platform to improve performance
• Provide security features and prevent fraud

You can control cookie settings through your browser, though this may affect some functionality.

The Molley Research Capture browser extension helps you save web pages to your research notebook. Here's how it handles your data:

What the Extension Collects

• Web page content: HTML from pages you explicitly select to capture
• Page URLs and titles: To identify captured content
• Your preferences: Company selection and group labels (stored locally in your browser)

What the Extension Does NOT Collect

• Browsing history or activity from pages you don't capture
• Data from other browser tabs or windows
• Passwords or sensitive form data
• Personal information beyond what's in your Molley account

How Extension Data is Used

• Content transmission: Captured pages are sent via HTTPS to Molley servers and stored in your research notebook
• Format conversion: HTML is converted to markdown for better readability
• Authentication: Your Molley session token is used to authenticate API requests (stored locally in your browser)
• Local storage: Preferences are saved in your browser and never sent to our servers

Extension Permissions Explained

• activeTab: Allows reading content from tabs you select when you click the extension icon (temporary access only)
• scripting: Enables extracting HTML from pages you choose to capture
• storage: Saves your preferences locally in your browser
• molley.io access: Connects to your Molley account to save captured content

Molley offers an optional Gmail integration that allows you to send outreach emails directly from the platform. This section describes exactly how we handle your Google account data.

What We Access

When you connect your Gmail account, we request the following Google OAuth scopes:

• gmail.send — Send emails on your behalf through the Molley platform
• gmail.compose — Create email drafts for your review before sending
• gmail.readonly — Read email metadata to confirm delivery status
• userinfo.email & userinfo.profile — Identify which Google account is connected

How We Use Your Gmail Data

Your Gmail data is used solely to:

• Send outreach emails you compose and approve within Molley
• Display your connected email address in the integration settings
• Verify delivery status of emails sent through the platform

We do not use your Gmail data for advertising, market research, or any purpose unrelated to the functionality described above.

How We Store Your Gmail Credentials

• OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256-GCM before being stored in our database
• We never store your Google password
• Tokens are only decrypted server-side at the moment they are needed to make an API call on your behalf

What We Do NOT Do

• We do not read, scan, or index the contents of your inbox
• We do not share your Gmail data with any third party
• We do not sell or use your Gmail data for advertising purposes
• We do not retain email content after it has been sent

Revoking Gmail Access

You can disconnect your Gmail account at any time by:

• Going to User Settings > Integrations in Molley and clicking Disconnect
• Visiting your Google Account Permissions page and removing Molley

When you disconnect, we immediately delete your stored OAuth tokens. No Gmail data is retained after disconnection.

Google API Services Compliance

Molley's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Molley offers an optional integration with Meta platforms (Facebook and Instagram) that allows you to publish social media content directly from the platform. This section describes exactly how we handle your Meta account data.

What We Access

When you connect your Facebook or Instagram account, we request the following permissions:

• pages_show_list — List the Facebook Pages you manage so you can select which page to publish to
• pages_read_engagement — Read basic engagement data on your posts to display publishing status
• pages_manage_posts — Create and publish posts to your selected Facebook Page on your behalf
• instagram_basic — Access basic Instagram account information linked to your Facebook Page
• instagram_content_publish — Publish content to your Instagram business account on your behalf

How We Use Your Meta Data

Your Meta data is used solely to:

• Display a list of Facebook Pages and Instagram accounts you manage, so you can select where to publish
• Publish social media posts you compose and approve within Molley to your selected pages or accounts
• Display publishing status and confirmation of posted content

We do not use your Meta data for advertising, profiling, market research, or any purpose unrelated to the functionality described above.

How We Store Your Meta Credentials

• OAuth tokens (Page access tokens) are encrypted at rest using AES-256-GCM before being stored in our database
• We never store your Facebook or Instagram password
• Tokens are only decrypted server-side at the moment they are needed to make an API call on your behalf

What We Do NOT Do

• We do not read, scan, or store your Facebook or Instagram private messages
• We do not access your personal Facebook profile, friends list, or timeline
• We do not sell, share, or transfer your Meta data to any third party
• We do not use your Meta data for advertising or ad targeting purposes
• We do not retain post content after it has been published

Revoking Meta Access

You can disconnect your Facebook or Instagram account at any time by:

• Going to Settings > Social Media in Molley and clicking Disconnect
• Visiting your Facebook Business Integrations settings and removing Molley

When you disconnect, we immediately delete your stored access tokens and associated page data. No Meta data is retained after disconnection.

Data Deletion

You may request deletion of all Meta-related data we hold by contacting us at support@molley.io. Upon receiving a valid deletion request, we will:

• Delete all stored OAuth tokens associated with your Meta accounts
• Remove all connected page and account metadata
• Confirm deletion within 30 days

You may also initiate deletion through Meta's platform by removing Molley from your Facebook Business Integrations.

Meta Platform Terms Compliance

Molley's use of data received from Meta APIs complies with the Meta Platform Terms and the Meta Developer Policies, including all data use restrictions and transparency requirements.

Molley offers an optional integration with X (formerly Twitter) that allows you to publish posts directly from the platform. This section describes exactly how we handle your X account data.

What We Access

When you connect your X account, we request the following OAuth 2.0 scopes:

• tweet.read — Read your tweets to confirm publishing status and avoid duplicate posts
• tweet.write — Post tweets on your behalf from content you compose and approve within Molley
• users.read — Read your basic profile information (username, display name) to identify the connected account
• offline.access — Maintain the connection without requiring you to re-authorize each session

How We Use Your X Data

Your X data is used solely to:

• Display your connected X account in the integration settings
• Publish posts you compose and approve within Molley to your X account
• Verify that posts were published successfully

We do not use your X data for advertising, analytics resale, profiling, or any purpose unrelated to the functionality described above.

How We Store Your X Credentials

• OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256-GCM before being stored in our database
• We never store your X password
• Tokens are only decrypted server-side at the moment they are needed to make an API call on your behalf

What We Do NOT Do

• We do not read, store, or analyse your direct messages
• We do not access your followers list, likes, or bookmarks
• We do not sell, share, or transfer your X data to any third party
• We do not use your X data for advertising or ad targeting purposes
• We do not retain post content after it has been published

Revoking X Access

You can disconnect your X account at any time by:

• Going to Settings > Social Media in Molley and clicking Disconnect
• Visiting your X Connected Apps settings and revoking Molley's access

When you disconnect, we immediately delete your stored OAuth tokens. No X data is retained after disconnection.

Data Deletion

You may request deletion of all X-related data we hold by contacting us at support@molley.io. Upon receiving a valid request, we will delete all stored tokens and associated account metadata and confirm deletion within 30 days.

X Developer Agreement Compliance

Molley's use of data received from X APIs complies with the X Developer Agreement and Policy, including all restrictions on data usage, storage, and display.

Molley offers an optional integration with LinkedIn that allows you to publish professional content directly from the platform. This section describes exactly how we handle your LinkedIn account data.

What We Access

When you connect your LinkedIn account, we request the following permissions:

• openid & profile — Read your basic profile information (name, profile picture) to identify the connected account
• email — Read your email address to display which LinkedIn account is connected
• w_member_social — Create and publish posts to your LinkedIn profile or company page on your behalf

How We Use Your LinkedIn Data

Your LinkedIn data is used solely to:

• Display your connected LinkedIn account in the integration settings
• Publish professional content you compose and approve within Molley to your LinkedIn profile or company page
• Verify that posts were published successfully

We do not use your LinkedIn data for recruiting, advertising, profiling, or any purpose unrelated to the functionality described above.

How We Store Your LinkedIn Credentials

• OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256-GCM before being stored in our database
• We never store your LinkedIn password
• Tokens are only decrypted server-side at the moment they are needed to make an API call on your behalf

What We Do NOT Do

• We do not read, store, or access your LinkedIn messages or connections
• We do not scrape your profile or your connections' profiles
• We do not sell, share, or transfer your LinkedIn data to any third party
• We do not use your LinkedIn data for advertising, recruiting, or profiling purposes
• We do not retain post content after it has been published

Revoking LinkedIn Access

You can disconnect your LinkedIn account at any time by:

• Going to Settings > Social Media in Molley and clicking Disconnect
• Visiting your LinkedIn Permitted Services settings and removing Molley

When you disconnect, we immediately delete your stored OAuth tokens. No LinkedIn data is retained after disconnection.

Data Deletion

You may request deletion of all LinkedIn-related data we hold by contacting us at support@molley.io. Upon receiving a valid request, we will delete all stored tokens and associated account metadata and confirm deletion within 30 days.

LinkedIn API Terms Compliance

Molley's use of data received from LinkedIn APIs complies with the LinkedIn API Terms of Use and the LinkedIn API Best Practices, including all restrictions on data usage, storage, and member privacy.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws.

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Sending you an email notification
• Providing notice through our platform

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

If you have any questions about this privacy policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.