Privacy Policy

Last updated February 28, 2026

1. Who We Are and What This Policy Covers

Technology Financial Solutions LLC, doing business as MessageMatch ("we," "us," "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use:

  • the website messagematch.com (the “Site”),

  • its Associated Domains (including app.messagematch.com),

  • and related products and services that reference this Privacy Policy (e.g., our browser extensions, software development kits (SDKs), and snippets),

collectively, the “Services.” If you do not agree, please discontinue use.

This Privacy Policy applies to all domains operated by Technology Financial Solutions LLC in connection with the MessageMatch product, including messagematch.com, messagematch.ai and evolvecopy.ai, which are owned and operated by the same legal entity.

Service Scope. We provide website messaging and conversion rate optimization (CRO) tools that render Dynamic Variations on your properties; this Privacy Policy explains how related data is handled.

Community Channels. We host community spaces on third‑party platforms (e.g., LinkedIn, X/Twitter, Discord/Slack, YouTube). Contributions there may be public and are governed by the platform’s privacy/terms. Avoid sharing sensitive information.

Contact: [email protected] · PO Box 20981, Sedona, AZ 86341, United States.

2. Key Definitions

  • Customer Site Content: Content on properties you own or control (e.g., your website/app) that our Services interact with.

  • Service Outputs (Dynamic Variations): On-page text or element changes rendered by our Services based on your configurations.

  • Service Data: Logs, telemetry, configurations, prompts, responses, rules, performance metrics, and system events generated by or through the Services.

  • Optimization Data: Aggregated, de-identified, and/or derived data we create from Service Data, Customer Site Content, and Service Outputs to operate, secure, and improve the Services (including models and automations).

  • Personal Data/Personal Information (PI/PII): Information that identifies or can reasonably be linked to an identifiable person.

  • Call to Action (CTA): A labeled element (e.g., button/link) configured to track click behavior.

3. What We Collect

We collect information in these categories:

  • Account & Contact: name, email, company, role; billing contact and payment metadata (processed by Stripe; we do not store full card numbers or CVC).

  • Usage & Device: IP address, identifiers, event and performance logs, browser type, OS, page views only on pages where our snippet runs (not browsing history), referrer/UTM (campaign parameters), timestamps.

  • Configuration & Rules: elements you target, prompts/rules you define, integration settings, preview history.

  • Telemetry from Snippet/Extension: client-side events needed to render Service Outputs (e.g., element IDs, variation flags), and reliability metrics (i.e., load/timing/error signals; not browsing history).

  • Extension Telemetry (Chrome). The extension may read page metadata necessary to render Service Outputs and capture reliability events (i.e., load/timing/error signals; not browsing history). It does not read your browsing history or the contents of third‑party pages beyond what is required to operate.

  • Conversion rate optimization (CRO) metrics. We record aggregate page‑level click‑through metrics and per‑call‑to‑action (CTA) labeled clicks, including configured conversion events (e.g., form submission). We capture the text of buttons (CTAs) and page text (which may include Service Outputs), and we log related event metadata (e.g., timestamp, CTA label/ID, rule/variation ID or hash).

  • Troubleshooting Signals (Optional): we may also log limited Core Web Vitals flags (LCP/CLS/INP) and brief flashes of original content (“FOOC”) strictly to diagnose rendering issues, not as primary CRO metrics.

  • Support Content: messages, attachments you send us, and feedback submitted via the in‑app Support tab (Feedback section).

  • Integrations Data: data you choose to exchange with connected tools (e.g., analytics, customer relationship management systems (CRMs), customer data platforms (CDPs), tag managers) or your own webhooks/API. Typical items include CTA/click events (labels/IDs), page + UTM/referrer, rule/variation IDs, configured conversion events, and any fields you map in webhook payloads. We do not access your tools unless you enable an integration; disable an integration to stop new flow.

We do not intentionally collect sensitive categories (e.g., health, precise geolocation) unless you provide or enable them. Do not input such data unless necessary and lawful.

4. Why We Use Data (Purposes)

  • Operate the Services: authentication, rendering Service Outputs, measurement, troubleshooting.

  • Security & Abuse Prevention: Stripe payment fraud screening; login/throttle and endpoint‑anomaly detection; API/webhook rate limits and temporary IP blocks; monitored incident handling with kill‑switches and customer notice per §11.

  • Agentic Optimization & Improvements: develop, train, and enhance models/features using Service Data and Optimization Data.

    ***Opt-Out of Model Training. You may request that your identifiable Service Data be excluded from use in model training and feature development by contacting us at [[email protected]]. This opt-out does not affect Optimization Data already de-identified prior to the request, and it does not limit our use of data required to operate the Services. Opt-out availability may vary by plan tier; contact us for details.***

  • Customer Support & Communications: respond to inquiries, send service notices, and improve the Services and app features based on user feedback (e.g., in‑app Support tab Feedback submissions and surveys), consistent with this Policy.

  • Legal & Compliance: enforce terms, comply with law, defend legal claims.

  • Marketing (optional): send product updates or offers; you can opt out.

5. Legal Bases (If You Are in the EEA/UK/Switzerland/California)

We process Personal Data under the following legal bases (under EU/UK data protection laws such as the GDPR/UK GDPR):

  • Performance of a contract: To create and manage your account; render Service Outputs; provide the app/extension/snippet; deliver customer support; and process payments (via Stripe).

  • Legitimate interests: To keep the Services secure (fraud/abuse detection, rate limiting), run analytics and service logs, and improve features and models (including Optimization Data). We assess and document that our legitimate interests (security, analytics, and service improvement) are not overridden by your privacy rights, and you can object at any time (see §9).

  • Consent (where required): We do not currently use non‑essential cookies. If we introduce non‑essential cookies or SDKs in the future—or for marketing communications and optional integrations or telemetry you enable—we will seek consent where required. You can withdraw consent at any time via available settings or by contacting us.

  • Compliance with legal obligations: To meet tax/audit/recordkeeping duties, respond to lawful requests, and enforce our rights.

If you are in the EEA/UK/Switzerland, you may have additional rights described in §9, including the right to object to processing based on our legitimate interests and the right to withdraw consent without affecting prior processing.

California Residents. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of Personal Information. We do not sell Personal Information. We may use Service Data and Optimization Data to train or improve AI/automated decision-making models; you may opt out of this use of your identifiable data as described in §4. To exercise rights, contact [[email protected]]. We will not discriminate against you for exercising your rights.

6. Our Data Sharing

We share information with:

  • Service providers/subprocessors (hosting, analytics, error monitoring, messaging, payments) under confidentiality and data protection terms. For example, we use GoHighLevel/LeadConnector for onboarding, messaging, and support; and Stripe for payments processing (PCI DSS handled by Stripe).

  • Integrations you enable (e.g., analytics/CRM/CDP/tag managers) to the extent needed to operate.

  • Legal/Compliance recipients (law enforcement, regulators) as required.

  • Corporate transactions (merger, sale) are subject to safeguards.

Law‑Enforcement Requests. We require valid legal process (e.g., subpoena, court order, or equivalent) before disclosing Personal Data, and we will notify affected customers before disclosure unless prohibited by law or there is an imminent risk of harm.

Distribution Platforms. Our browser extension is distributed via third‑party stores (e.g., Chrome Web Store). Store listings are hosted by those platforms and governed by their terms and privacy policies.

Integrations & Webhooks. Webhooks/API are available only on select higher‑tier plans or in special circumstances with our written approval. When you enable integrations or webhooks/API, you authorize us to transmit Service Data and any fields you configure to the destinations you specify. We do not access your CRM or other systems unless you enable an integration. Disable an integration to stop new data flow; historical data may persist per Retention (§8) and our Legal Terms §24. You are responsible for endpoint availability, authentication, and security.

We do not sell personal data. We may disclose Optimization Data that does not identify you. See Terms §12A for additional integration responsibilities.

6A. Controller/Processor Roles

We act as a controller for Service Data and Optimization Data. When you configure integrations or webhooks that send us Personal Data about your end users, we act as your processor and process such data on your instructions. For white‑label/OEM deployments, roles will be defined in the applicable agreement (typically: partner as controller to its clients; MessageMatch as processor to the partner). A Data Processing Addendum (DPA) can be made available upon request where required by law or contract. See Terms §24A for corresponding role definitions.

7. Cookies and Similar Technologies

We do not currently use cookies within our product or for our marketing purposes. We may use local storage and similar technologies strictly to operate core features (for example, remembering rule/version info or preferences). If we introduce cookies in the future, we will update this Policy and seek consent where required.

Prohibited Trackers. We prohibit the use of code or materials that surreptitiously collect or exfiltrate data (e.g., spyware, keyloggers, unauthorized web beacons/tracking pixels). Collection and transmission are permitted only as described in this Privacy Policy or through Customer‑enabled integrations.

Consent Banner. We do not currently display a cookie consent banner because we do not set non‑essential cookies. If this changes, we will present a banner where required and link to a Cookie Policy with details.

Third‑Party Cookies. Third‑party platforms or services you interact with (e.g., Stripe checkout, Community Channels, browser stores) may set their own cookies under their terms and privacy policies.

8. Retention

We do not currently operate a routine deletion schedule for Service Data. All retention is subject to applicable law and contractual commitments. We retain Service Data and Optimization Data for ongoing operation, security, compliance, and improvement of the Services. We may maintain backups for reliability; retention and rotation practices may change over time. Where applicable law grants you deletion rights, we will process verified requests (which may exclude Optimization Data already aggregated/de‑identified). Retention periods may be extended to comply with legal obligations or preserve evidence in disputes or investigations.

9. Your Choices and Rights

  • Marketing: Opt out via unsubscribe links or by contacting us.

  • Do Not Track/Global Privacy Control: We honor legally recognized signals where applicable.

  • Access/Deletion/Correction/Portability: You can request access, deletion, correction, or export of Personal Data we hold about you, subject to verification and legal limits. We verify requests via email or account controls. If we deny your request, you may appeal by submitting a written appeal to [[email protected]] with the subject line "Privacy Request Appeal" within 60 days of our response. We will acknowledge receipt within 5 business days and provide a final determination within 30 days, including our reasoning. If you remain unsatisfied, you may contact your applicable data protection authority or state attorney general.

  • Optimization objections: We do not offer a self‑service opt‑out of optimization at this time. Where required by law or contract, contact us to request limitations on our use of your identifiable Service Data for optimization. Aggregated or de‑identified Optimization Data already created may be retained.

Submit requests: [email protected]. We will verify your identity and respond per applicable law. We aim to respond within 30–45 days where applicable. Exports will be provided in common machine‑readable formats (e.g., JSON or CSV) when feasible.

10. International Transfers

We are US‑based. Data is primarily hosted in the United States. We do not presently target or market to EU/UK residents. If we process EU/UK personal data and cross‑border transfer rules apply, we will use appropriate safeguards (such as the European Commission’s Standard Contractual Clauses and, for the UK, the UK Addendum/IDTA) and implement any additional measures required by law. If this changes, we will update this Policy and, where applicable, our Data Processing Addendum.

11. Security

We implement reasonable administrative, technical, and physical safeguards appropriate to the nature of data processed. Controls include encryption in transit, role‑based access controls, least‑privilege, audit logging, and periodic access reviews. However, no Internet service can be 100% secure.

Vulnerability reports. Email [email protected]; good‑faith research is welcome.

Incident notice. If a security incident affects Personal Data, we will notify affected customers without undue delay after confirmation and share remediation details. See Terms §28A for matching incident‑notice language.

12. Children’s Privacy

Our Services are intended for business users and are not directed to children. We do not knowingly collect Personal Data from individuals under 16 (or higher local age where required). Do not submit children’s Personal Data to the Services. If we become aware that a child has provided Personal Data, we will delete it.

13. Changes to This Policy

We may update this Policy from time to time. We will update the “Last updated” date and, where required, provide additional notice. Your continued use of the Services after changes means you accept the updated Policy.

14. Contact

Technology Financial Solutions LLC (MessageMatch)
PO Box 20981
Sedona, AZ 86341, United States
[email protected]

Legal Addendum (Interpretation)

This Policy is a notice and not a contract, except where expressly stated. Capitalized terms have the meanings in §2 or in our Legal Terms. Headings are for convenience and do not affect interpretation. “Including” means “including without limitation.” To the extent of any conflict between this Policy and the Legal Terms, the Legal Terms govern.

Originally effective date: January 01, 2025

Your Visitors Expect Relevance.

Are You Delivering It?

If your landing copy doesn’t reflect the user's mindset, conversions suffer. MessageMatch uses AI to bridge that gap—automatically.

No Developers?

No Problem

Code-Free Solution

Built for Speed and Flexibility

Built for business owners and marketers to test, tweak, and launch quickly—with the help of AI.

Feature Highlights Section

Every Feature, Built In

Powerful AI-backed features designed to launch fast, scale easily, and perform reliably.

Built for Speed and Flexibility.

Built for business owners and marketers to test, tweak, and launch quickly.

Every Feature,

Built In

Powerful features designed to launch fast, scale easily, and perform reliably.

Simple Setup

Update headlines and CTAs right from the dashboard—no coding or dev team required.

Universal Compatibility

Works on any website, any framework, any CMS.

Simple Setup

Instant content changes based on visitor intent.

Campaign Ready

Built-in support for SEO, ads, and UTM parameters.

Detailed Analytics

Track performance and optimize your messaging.

Enterprise Security

SOC 2 compliant with enterprise-grade security.

Improve Your Conversion Rate or Don't Pay

Get MessageMatch on your site in under five minutes and start converting—risk-free for 14 days. If you don't see a jump in CNVR—then don't pay us.