Privacy Policy

Last Updated: 24 June 2025

1. Introduction

Welcome to Marketingmary. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered marketing intelligence platform ("Service").

This policy is designed to meet the standards of global data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR).

2. Who We Are

The Marketingmary platform is currently operated by WHITE HAT SEO LTD. For the purposes of data protection law, WHITE HAT SEO LTD is the data controller responsible for your personal data.

• Company Name: WHITE HAT SEO LTD
• Company Registration Number: 12282273
• Registered Address: 20-22 Wenlock Road, London, N1 7GU, United Kingdom

For any privacy-related questions or requests, you can contact us at:

• Email: info@marketingmary.com
• Postal Address: 20-22 Wenlock Road, London, N1 7GU, United Kingdom

As a UK-based company processing data of individuals in the European Union, we have appointed a single point of contact for EU data subjects and supervisory authorities, who can be reached at the details above.

3. The Information We Collect

We collect information to provide and improve our Service. The types of data we collect are detailed below.

3.1. Data You Provide to Us:

• Account Information: When you register an account for your organisation, we collect your name, email address, company name, and job title. We may also collect your phone number if you choose to provide it.
• User Content & Platform Data: We collect information you and your users upload or input into the Service, including user prompts, documents, website content for analysis, and marketing materials.
• Payment Information: When you subscribe to a paid plan, our secure payment processor will collect your payment details. Marketingmary does not store your full payment card information.

3.2. Data We Collect Automatically:

• Usage Data: We collect information about how you and your users interact with our Service. This includes features used, AI token usage, API calls, and patterns of project and company creation within your organisation's workspace.
• Device and Log Data: We automatically log information such as your IP address, device type, browser information, and general location data when you use the Service for security, auditing, and analytical purposes.

3.3. Data from Third Parties (Future V1.0 Feature):

• If you choose to enable MCP Integrations with third-party services (e.g., HubSpot, Google Analytics), we will collect data from those services on your instruction and behalf.

3.4. Special Category Data:

• We do not intentionally collect any "special categories" of sensitive personal data (as defined by GDPR). Our platform includes content filtering to detect and handle cases where users might inadvertently include such data.

4. How and Why We Use Your Data (Purpose & Legal Basis)

We only use your personal data when the law allows us to. Below are the purposes for which we process your data and the legal bases we rely on.

Our Legitimate Interests: We have a legitimate interest in improving our Service to benefit all users, ensuring the security of our platform, and providing insights to the marketing community through aggregated, anonymised data. Where we rely on legitimate interests for processing, including for the improvement of our AI models, you have the right to object.

5. Data Sharing and Third Parties

We do not sell your personal data. We only share it in the following limited circumstances:

• Sub-processors: We use trusted third-party service providers to help us operate our Service. These include cloud hosting providers and AI service providers. All our sub-processors are bound by strict data protection obligations. A full list is available in our Data Processing Agreement.
• Third-Party Integrations: If you enable an MCP Integration, we will share your data with that third-party service on your instruction.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Some of our sub-processors are based outside the UK and European Economic Area (EEA), primarily in the United States. When we transfer your data to these countries, we ensure it is protected by relying on legally-approved transfer mechanisms, such as:

• The EU-U.S. Data Privacy Framework and the UK Extension (the "Data Bridge"), which provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs) as a fallback mechanism for transfers to other countries.

7. Data Retention

We only keep your personal data for as long as necessary to fulfil the purposes we collected it for. Our retention periods are as follows:

• Account Data: For the duration of your contract with us, plus up to 7 years for legal and tax purposes.
• User-Generated Content: For as long as your account is active, plus a 90-day grace period after termination for data export.
• Chat Conversations: Configurable by your organisation's administrator, with a default of 1 year.
• Audit Logs: Retained for 2 years for security purposes.
• Deleted Data: Soft-deleted data is retained for 30 days before permanent deletion.

8. Your Data Protection Rights

Under data protection law, you have rights including:

• Right of Access: To ask for copies of your personal information.
• Right to Rectification: To ask us to rectify inaccurate information.
• Right to Erasure: To ask us to erase your personal information.
• Right to Restriction of Processing: To ask us to restrict the processing of your information.
• Right to Object to Processing: To object to processing where we rely on legitimate interests.
• Right to Data Portability: To ask that we transfer the information you gave us to another organisation.
• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

You can exercise these rights by contacting us at privacy@marketingmary.com. We also provide in-app tools to help you manage your data and communication preferences. This includes the ability to opt-out of marketing communications and to opt-out of having your organisation's content used in the anonymised datasets for AI model training.

9. Children's Data

Our Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly.

10. Cookies

We use necessary cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyse website traffic. For more detailed information about the cookies we use, please see our separate Cookie Policy.

11. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@marketingmary.com.

You can also complain to the Information Commissioner’s Office (ICO), the UK's independent body set up to uphold information rights.

• ICO Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• ICO Helpline: 0303 123 1113
• ICO Website: https://www.ico.org.uk

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes and update the "Last Updated" date at the top of this policy.