Legal

Privacy Policy

Effective date: March 26, 2026 · Last updated: April 17, 2026

Marcenta ("we", "us", or "our") operates marcenta.ai (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights under applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regulations.

Marcenta is a business-to-business (B2B) service. This policy governs the personal data of individuals who represent business customers — such as marketing managers, analysts, and administrators who use Marcenta on behalf of their organisation. It does not govern data about your organisation's end users or customers, for which your organisation remains the data controller.

We have written this in plain English. If you have any questions, contact us at legal@marcenta.ai.

1. Who we are and how to contact us

Marcenta is the data controller responsible for your personal data. We are currently in the process of formal incorporation. Until incorporation is complete, the data controller is the founding team operating under the Marcenta brand.

Contact: legal@marcenta.ai
Website: marcenta.ai

We do not have a formal Data Protection Officer (DPO) at this stage. All privacy-related enquiries should be directed to legal@marcenta.ai and we will respond within 30 days.

2. What data we collect

2.1 Account data

When you sign up for Marcenta, we collect:

  • Name
  • Work email address
  • Company name

2.2 Marketing performance data

When you connect data sources such as Google Analytics 4, Google Search Console, LinkedIn Ads, Google Ads, or HubSpot, Marcenta ingests marketing metrics — numbers, aggregates, and performance statistics. This data consists of anonymous numerical metrics and does not contain personally identifiable information (PII) about your end users or customers. You are the data controller for any data you bring into Marcenta from your connected sources.

2.3 Usage data

We collect basic, anonymised usage data such as pages visited, features used, session duration, and browser type. This helps us understand how the product is used and improve it. This is collected via cookies and similar technologies (see Section 8).

2.4 Communications

If you contact us by email or through the product, we retain those communications to respond to your enquiry and improve our support.

2.5 What we do not collect

We do not collect PII about your customers, end users, or prospects. We do not collect sensitive personal data such as health information, financial information, or government identifiers. We do not knowingly collect data from children under the age of 13 (or 16 in the EU/UK). If you believe a child has provided us with personal data, contact us immediately at legal@marcenta.ai.

3. Lawful basis for processing (GDPR)

Under GDPR, we process your personal data on the following legal bases:

Contract performance

Processing your account data is necessary to provide you with the Service you have signed up for.

Legitimate interests

We process usage data and communications to improve the product, prevent abuse, and provide customer support. We have assessed that our legitimate interests are not overridden by your rights.

Consent

Where we send you marketing communications or use non-essential cookies, we rely on your consent. You may withdraw consent at any time.

Legal obligation

We may process your data where required to comply with applicable laws.

4. How we use your data

We use your data to:

  • Create and manage your account
  • Provide, operate, and improve the Marcenta platform
  • Generate AI-powered insights and analysis on your marketing data
  • Send transactional emails (account confirmation, password reset, product updates)
  • Send marketing communications where you have opted in
  • Respond to support requests and enquiries
  • Monitor for abuse and ensure platform security
  • Comply with legal obligations
  • Analyse usage patterns to improve the product (using anonymised data only)

We do not: sell your data, use your marketing data to train AI models without explicit consent, or share your data with third parties for their own marketing purposes.

5. Operator access to your data

As the platform operator, authorised Marcenta staff may access your account data and connected marketing metrics data in limited circumstances, including:

  • Investigating and resolving support tickets or technical issues you have reported
  • Diagnosing data ingestion or anomaly detection problems affecting your account
  • Ensuring platform security and investigating suspected abuse
  • Complying with legal obligations

Access to customer data by Marcenta staff is restricted to authorised personnel, logged, and limited to what is necessary for the specific purpose. We do not access your data for commercial analysis, benchmarking, or any purpose beyond operating and improving the Service.

This is standard practice for SaaS platforms. Just as your cloud infrastructure provider (e.g. AWS) can access your data for operational purposes, Marcenta operates on the same principle. We treat your data with confidentiality and do not share it with third parties except as described in this policy.

6. How we use AI and large language models

Marcenta uses AI models from Anthropic (Claude) and OpenAI (GPT) to generate insights, anomaly summaries, and analysis of your marketing performance data. When generating these insights, aggregated metric summaries — such as "sessions dropped 40% on March 15" — may be sent to our AI providers as part of the inference request.

We take the following steps to protect your data when using AI:

  • We send only the minimum data necessary to generate the requested insight
  • We do not send raw personally identifiable information to AI providers
  • We do not use your marketing data to train or fine-tune third-party AI models
  • Our AI providers (Anthropic and OpenAI) are contractually bound not to use API input data for model training by default

AI-generated insights are presented to assist your decision-making. They should be reviewed and verified by a human before acting on them.

7. Who we share your data with

We share your data only with trusted subprocessors who help us operate the Service. Each is contractually bound to process your data only on our instructions and to maintain appropriate security standards.

For details, including purpose, data processed, location, and provider privacy policies, see our Subprocessor List.

We may also disclose your data if required to do so by law, court order, or government authority.

8. International data transfers

Our primary database is hosted in India (Mumbai, ap-south-1 region) via Supabase. Our other subprocessors — including Anthropic, OpenAI, Vercel, Railway, and Resend — are based in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to and processed in these countries.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. Where subprocessors participate in the EU-US Data Privacy Framework, we rely on that framework as an additional safeguard.

By using Marcenta, you acknowledge that your data may be transferred to and processed in countries with different data protection laws than your own.

9. How long we keep your data

Account dataFor the duration of your account, plus 30 days after deletion
Marketing performance dataFor the duration of your account, plus 30 days after deletion
Usage dataUp to 12 months, then anonymised or deleted
Support communicationsUp to 3 years from last contact
Legal compliance recordsAs required by applicable law

10. Cookies and tracking

We use the following types of cookies:

Essential cookies

Required for authentication and session management. Cannot be disabled.

Analytics cookies

Used to understand how users interact with the product. Anonymised. Can be disabled.

Preference cookies

Remember your settings and preferences. Can be disabled.

We do not use advertising cookies or sell data to advertising networks.

11. Your rights

11.1 GDPR rights (EEA, UK, Switzerland)

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent at any time where processing is based on consent
  • Lodge a complaint — complain to your local data protection authority

11.2 CCPA rights (California residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information

To exercise any of these rights, contact us at legal@marcenta.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request.

12. Marketing communications and opt-out

We may send you marketing emails about new features, product updates, and relevant content where you have opted in or where we have a legitimate interest in doing so. Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing legal@marcenta.ai.

Opting out of marketing communications will not affect transactional emails such as account confirmation, password reset, or critical product notifications.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include encryption in transit (TLS) and at rest, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

14. Children's privacy

Marcenta is not directed at children. We do not knowingly collect personal data from children under the age of 13, or under 16 in the European Union. If you believe we have inadvertently collected data from a child, please contact us immediately at legal@marcenta.ai and we will delete it promptly.

15. Third-party links and integrations

Marcenta integrates with third-party services such as Google Analytics, Google Search Console, LinkedIn Ads, Google Ads, and HubSpot. When you connect these services, you are also subject to their privacy policies. We are not responsible for the privacy practices of third-party services. We encourage you to review their policies before connecting them to Marcenta.

16. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and by posting a notice in the product at least 14 days before the changes take effect. The updated policy will always be available at marcenta.ai/legal/privacy. Continued use of Marcenta after changes take effect constitutes acceptance of the updated policy.

17. Right to complain to a supervisory authority

If you are located in the EEA or UK and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact your national data protection authority.

We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us at legal@marcenta.ai first.

18. Contact us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

Email: legal@marcenta.ai

Website: marcenta.ai