Privacy Policy

Marcenta ("we", "us", or "our") operates marcenta.ai and the Marcenta product (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights under applicable privacy laws, including the GDPR and the CCPA/CPRA where applicable.

Marcenta is a business-to-business service. In many cases, we process customer data on behalf of the organisation using Marcenta. For example, when you connect third-party sources such as Google Analytics 4, Google Search Console, Google Ads, LinkedIn Ads, or HubSpot, your organisation is typically the controller or business for that source data, and Marcenta acts as a processor or service provider for the limited purpose of delivering the Service.

We have written this in plain English. If you have any questions, contact us at legal@marcenta.ai.

1. Who we are and how to contact us

Marcenta is the data controller for account, billing, website, and relationship data that we collect directly from you. For customer source data that you connect to the Service, Marcenta generally acts as a processor or service provider on your organisation's behalf.

Marcenta is currently operated by the founding team under the Marcenta brand unless a specific Marcenta legal entity is identified in your order form, invoice, or other commercial agreement.

Contact: legal@marcenta.ai
Website: marcenta.ai

2. What data we collect

2.1 Account and workspace data

When you sign up for Marcenta or are invited to a workspace, we may collect:

• Name
• Work email address
• Company or workspace name
• Workspace membership, role, and invitation status
• Authentication and session data required to keep you signed in securely

2.2 Connected source data

When you connect supported third-party sources such as Google Analytics 4, Google Search Console, Google Ads, LinkedIn Ads, or HubSpot, Marcenta ingests marketing, sales, and performance data so we can provide analytics, reporting, anomaly detection, and AI-assisted analysis.

Marcenta is designed to process aggregated marketing analytics data. Depending on the source you connect and how your organisation configures it, connected data may also include limited business contact or CRM-related data, such as contact counts, form submission metadata, campaign names, owner names, pipeline stages, landing pages, or similar records.

You are responsible for ensuring you have the right to connect and disclose data from those sources to Marcenta, and for ensuring you do not send prohibited, sensitive, or unnecessary personal data through integrations.

2.3 Usage, device, and diagnostic data

We collect data about how the Service is used, including pages viewed, features used, browser and device information, IP-derived technical metadata, request logs, error events, and service telemetry. We use this data to secure, operate, troubleshoot, and improve the Service.

2.4 Billing and subscription data

If you subscribe to a paid plan or trial, we may process subscription and billing metadata such as plan tier, trial status, billing period dates, payment customer identifiers, and subscription status. Payment processing is handled by our billing provider; we do not intentionally store full payment card numbers in Marcenta.

2.5 Communications and shared content

If you contact us, send support requests, invite teammates, or use product features that send emails or share reports, we process the relevant communication data, including sender and recipient email addresses and the content needed to deliver the message.

2.6 What we do not intentionally collect

Marcenta is not designed for the intentional collection of special-category or highly sensitive personal data such as health data, government identifiers, or full payment card data. Please do not use the Service to upload such data unless we have expressly agreed to support that use case in writing.

2A. Data Ownership

Customers retain ownership of data they connect, upload, and generate through the Service, including source data, configuration data, and AI-assisted outputs.

For customer data processed through connected sources and workspace activity, Marcenta acts as a processor or service provider on the customer's behalf and processes that data to provide and secure the Service.

Customers control what integrations, workspaces, and datasets are connected to Marcenta and can disconnect integrations or remove data according to available product controls.

3. Lawful basis for processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

4. How we use your data

We use personal data to:

• Create and manage accounts, workspaces, and permissions
• Authenticate users and maintain secure sessions
• Connect to third-party sources and process source data on your behalf
• Generate analytics, reports, anomaly detection, and AI-assisted insights
• Provide billing, subscriptions, plan enforcement, and customer support
• Send transactional messages, invitations, alerts, and report emails
• Monitor reliability, abuse, fraud, and platform security
• Maintain internal records and comply with legal obligations

We do not: sell personal data, share personal data with third parties for their own direct marketing, or use your customer source data to train third-party AI models for general-purpose model improvement without your explicit consent.

We do not use customer data for advertising profiling or cross-context behavioural advertising.

5. Operator access to your data

Authorised Marcenta personnel may access account, billing, diagnostic, and customer source data when reasonably necessary to operate the Service, respond to support requests, investigate incidents, enforce our terms, or comply with law.

We limit that access to authorised personnel and to the information reasonably required for the task at hand. We do not access customer data for resale or unrelated commercial exploitation.

6. How we use AI and large language models

Marcenta uses AI models to help generate insights, summaries, charts, anomaly explanations, diagnostic prompts, and other AI-assisted outputs. To provide those features, we may send prompts and structured source data or metric summaries to API-based model providers that are necessary to generate the requested result.

• We use a data minimisation approach and aim to send only the minimum data reasonably necessary for the requested feature.
• We do not intentionally send raw sensitive personal data to AI providers.
• Our AI providers state that API-submitted content is not used for model training by default, subject to their terms and policies.
• AI conversation context and outputs may be stored for a limited period to support feature quality, continuity, debugging, and user experience.
• Customers may request deletion of stored AI conversations or outputs where technically feasible and subject to applicable legal, security, or operational retention requirements.
• AI outputs can be inaccurate or incomplete, are not professional advice, and should not be treated as automated business decisions.

6.1 Automated decision-making disclaimer

Marcenta provides assistive analytics and recommendations. Humans remain responsible for reviewing outputs and for all business decisions and actions taken from those outputs.

7. Who we share your data with

We share personal data only with service providers and subprocessors that help us operate the Service, such as infrastructure providers, authentication and database providers, AI providers, email providers, billing providers, and monitoring providers.

For current details, see our Subprocessor List.

7.1 Service providers and infrastructure

We use third-party service providers for infrastructure and operations, including providers such as Supabase, Vercel, Railway, OpenAI, Anthropic, and Resend. These providers process data only to provide services on Marcenta's behalf under applicable contractual and platform controls.

7.2 Subprocessor changes

We may update our subprocessors from time to time. Where changes are material, we may provide notice through the Service, by email, or by updating our published subprocessor information.

We may also disclose personal data if required by law, regulation, court order, or valid governmental request, or where necessary to protect rights, safety, and the security of the Service.

If Marcenta is involved in a merger, acquisition, financing, reorganisation, bankruptcy, asset sale, or similar business transfer, customer and user data may be transferred as part of that transaction, subject to this Privacy Policy and applicable law.

8. International data transfers

Marcenta uses providers that may process data in multiple countries, including India and the United States. If you are located in a jurisdiction that restricts international transfers, we rely on appropriate transfer mechanisms such as contractual safeguards and, where available, recognised adequacy or certification mechanisms.

8.1 Enterprise data processing terms

Enterprise customers may request a Data Processing Addendum (DPA) where required by applicable law.

9. How long we keep your data

Deleted data may remain in encrypted backups or disaster recovery systems for a limited retention period before permanent removal.

10. Cookies and similar technologies

Marcenta uses cookies and similar technologies that are necessary for authentication, session continuity, security, and core application functionality.

We may also use limited diagnostic or analytics technologies to understand service performance and product reliability. Where applicable law requires consent for non-essential cookies or similar technologies, we will obtain that consent before using them.

We do not sell personal data to advertising networks.

11. Your rights

11.1 GDPR rights

If GDPR applies, you may have rights to access, correct, delete, restrict, object to, or port certain personal data.

11.2 California rights

If California law applies, you may have rights to know, access, correct, delete, and limit certain uses of personal information, subject to applicable exceptions.

To exercise applicable rights, contact us at legal@marcenta.ai. We may need to verify your identity before acting on a request.

11.3 Customer rights and controls

Depending on your plan and role, you can also request or manage practical account controls, including data export requests, account deletion, workspace deletion, AI conversation or output deletion where technically feasible and subject to applicable legal, security, or operational retention requirements, and integration disconnect controls.

12. Marketing communications

We may send marketing communications where permitted by law. You can opt out at any time using the unsubscribe mechanism in the message or by contacting legal@marcenta.ai. Transactional and service-related messages are not marketing opt-in dependent.

13. Security and access controls

We use technical and organisational safeguards designed to protect personal data, including encryption in transit and at rest, org-scoped tenant isolation, role-based access controls, infrastructure and vendor controls, and operational monitoring. Access is restricted to authorised personnel who need it for legitimate service operations.

We maintain operational and activity logging for key product and system events, monitor systems for misuse and security events, and maintain incident handling processes designed to investigate, contain, and remediate material incidents. Marcenta infrastructure is hosted through trusted cloud providers. No system is completely secure, and we cannot guarantee absolute security.

Customers are responsible for managing workspace access permissions, protecting account credentials, and maintaining appropriate internal access controls.

14. Children's privacy

Marcenta is not directed to children, and we do not knowingly provide the Service to children under 13, or under 16 where a higher local age applies.

15. Third-party links and integrations

The Service connects to third-party platforms and data providers such as Google Analytics 4, Google Search Console, Google Ads, LinkedIn Ads, HubSpot, CRM systems, analytics platforms, advertising platforms, and related business tools. Their privacy practices are governed by their own terms and policies, not this Privacy Policy. Connecting third-party integrations may permit Marcenta to access, import, process, and analyse data made available by those services according to your configuration, permissions, and account settings.

16. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, by providing in-product or email notice.

17. Contact us