Legal

Privacy Policy

Effective date: March 26, 2026 · Last updated: March 26, 2026

Marcenta ("we", "us", or "our") operates marcenta.ai (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights under applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regulations.

We have written this in plain English. If you have any questions, contact us at privacy@marcenta.ai.

1. Who we are and how to contact us

Marcenta is the data controller responsible for your personal data. We are currently in the process of formal incorporation. Until incorporation is complete, the data controller is the founding team operating under the Marcenta brand.

Contact: privacy@marcenta.ai
Website: marcenta.ai

We do not have a formal Data Protection Officer (DPO) at this stage. All privacy-related enquiries should be directed to privacy@marcenta.ai and we will respond within 30 days.

2. What data we collect

2.1 Account data

When you sign up for Marcenta, we collect:

  • Name
  • Work email address
  • Company name

2.2 Marketing performance data

When you connect data sources such as Google Analytics 4, Google Search Console, or LinkedIn Ads, Marcenta ingests marketing metrics — numbers, aggregates, and performance statistics. This data consists of anonymous numerical metrics and does not contain personally identifiable information (PII) about your end users or customers. You are the data controller for any data you bring into Marcenta from your connected sources.

2.3 Usage data

We collect basic, anonymised usage data such as pages visited, features used, session duration, and browser type. This helps us understand how the product is used and improve it. This is collected via cookies and similar technologies (see Section 8).

2.4 Communications

If you contact us by email or through the product, we retain those communications to respond to your enquiry and improve our support.

2.5 What we do not collect

We do not collect PII about your customers, end users, or prospects. We do not collect sensitive personal data such as health information, financial information, or government identifiers. We do not knowingly collect data from children under the age of 13 (or 16 in the EU/UK). If you believe a child has provided us with personal data, contact us immediately at privacy@marcenta.ai.

3. Lawful basis for processing (GDPR)

Under GDPR, we process your personal data on the following legal bases:

Contract performance

Processing your account data is necessary to provide you with the Service you have signed up for.

Legitimate interests

We process usage data and communications to improve the product, prevent abuse, and provide customer support. We have assessed that our legitimate interests are not overridden by your rights.

Consent

Where we send you marketing communications or use non-essential cookies, we rely on your consent. You may withdraw consent at any time.

Legal obligation

We may process your data where required to comply with applicable laws.

4. How we use your data

We use your data to:

  • Create and manage your account
  • Provide, operate, and improve the Marcenta platform
  • Generate AI-powered insights and analysis on your marketing data
  • Send transactional emails (account confirmation, password reset, product updates)
  • Send marketing communications where you have opted in
  • Respond to support requests and enquiries
  • Monitor for abuse and ensure platform security
  • Comply with legal obligations
  • Analyse usage patterns to improve the product (using anonymised data only)

We do not: sell your data, use your marketing data to train AI models without explicit consent, or share your data with third parties for their own marketing purposes.

5. Who we share your data with

We share your data only with trusted subprocessors who help us operate the Service. Each is contractually bound to process your data only on our instructions and to maintain appropriate security standards.

ServicePurposeLocation
SupabaseDatabase, authentication, data storageUSA
OpenAIAI analysis and insight generationUSA
AnthropicAI analysis and insight generationUSA
VercelFrontend hosting and deploymentUSA
RailwayBackend hosting and deploymentUSA

We may also disclose your data if required to do so by law, court order, or government authority.

6. International data transfers

All of our subprocessors are based in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data will be transferred to and processed in the United States.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. Where subprocessors participate in the EU-US Data Privacy Framework, we rely on that framework as an additional safeguard.

By using Marcenta, you acknowledge that your data may be transferred to and processed in the United States, which may have different data protection laws than your country.

7. How long we keep your data

Account dataFor the duration of your account, plus 30 days after deletion
Marketing performance dataFor the duration of your account, plus 30 days after deletion
Usage dataUp to 12 months, then anonymised or deleted
Support communicationsUp to 3 years from last contact
Legal compliance recordsAs required by applicable law

8. Cookies and tracking

We use the following types of cookies:

Essential cookies

Required for authentication and session management. Cannot be disabled.

Analytics cookies

Used to understand how users interact with the product. Anonymised. Can be disabled.

Preference cookies

Remember your settings and preferences. Can be disabled.

We do not use advertising cookies or sell data to advertising networks.

9. Your rights

9.1 GDPR rights (EEA, UK, Switzerland)

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent at any time where processing is based on consent
  • Lodge a complaint — complain to your local data protection authority

9.2 CCPA rights (California residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information

To exercise any of these rights, contact us at privacy@marcenta.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request.

10. Marketing communications and opt-out

We may send you marketing emails about new features, product updates, and relevant content where you have opted in or where we have a legitimate interest in doing so. Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing privacy@marcenta.ai.

Opting out of marketing communications will not affect transactional emails such as account confirmation, password reset, or critical product notifications.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include encryption in transit (TLS) and at rest, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

12. Children's privacy

Marcenta is not directed at children. We do not knowingly collect personal data from children under the age of 13, or under 16 in the European Union. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@marcenta.ai and we will delete it promptly.

13. Third-party links and integrations

Marcenta integrates with third-party services such as Google Analytics, LinkedIn, and others. When you connect these services, you are also subject to their privacy policies. We are not responsible for the privacy practices of third-party services. We encourage you to review their policies before connecting them to Marcenta.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and by posting a notice in the product at least 14 days before the changes take effect. The updated policy will always be available at marcenta.ai/legal/privacy. Continued use of Marcenta after changes take effect constitutes acceptance of the updated policy.

15. Right to complain to a supervisory authority

If you are located in the EEA or UK and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact your national data protection authority.

We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us at privacy@marcenta.ai first.

16. Contact us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

Email: privacy@marcenta.ai

Website: marcenta.ai