Privacy Policy

1. Data controller

The data controller for personal data processed through the Marketor platform is:

Mangleis Group Ab Oy
Business ID: 3152831-8
Finland
Email: support@marketor.fi
Website: marketor.fi

When you use Marketor as a client and store your own contacts in the platform, you act as a data controller for your contacts' data. Marketor acts as a data processor on your behalf. This relationship is governed by our Data Processing Agreement.

2. What data we collect

Account data

When you create a Marketor account, we collect your email address and password (stored as a secure hash — we never store your actual password). You may also provide your name and display name.

Contact data you add to the platform

When you use Marketor CRM, you add contact records for people in your professional network. This data belongs to you as the data controller. It may include names, email addresses, phone numbers, LinkedIn profiles, company names, roles, and notes. You are responsible for ensuring you have a legitimate basis for storing this data.

Usage data

We collect data about how you use the platform: which pages you visit, which features you use, and when you log in. This is used to improve the service and to provide support when needed.

Payment data

Payments are processed by Stripe. We do not store your full card number or payment credentials. Stripe provides us with a transaction reference and the last four digits of the card used.

Communication data

If you contact us by email, we keep a record of that communication.

3. How we use your data

To provide and operate the Marketor platform
To authenticate you and keep your account secure
To send you service-related communications (password resets, account notifications)
To process your subscription payments
To provide customer support
To improve and develop the platform based on usage patterns
To comply with legal obligations

We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to train AI models.

4. Legal basis for processing

We process your personal data on the following legal bases under the EU General Data Protection Regulation (GDPR):

Contract performance (Article 6(1)(b)): Processing necessary to provide you with the Marketor service — account creation, authentication, payment processing.
Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests — platform improvement, fraud prevention, security. We have assessed that these interests are not overridden by your rights.
Legal obligation (Article 6(1)(c)): Processing required to comply with Finnish and EU law — financial record keeping, tax obligations.
Consent (Article 6(1)(a)): For any marketing communications we may send — you can withdraw consent at any time.

5. Who we share data with

We share your data only with the service providers necessary to operate the platform. Each provider acts as a data processor under a data processing agreement.

Supabase Inc. (USA): Database and authentication. Your account data and CRM contacts are stored in Supabase's PostgreSQL database, hosted in the EU (Frankfurt region).
Netlify Inc. (USA): Website hosting. The Marketor web application is served from Netlify's CDN.
Resend Inc. (USA): Email delivery. Used to send password reset emails and service notifications from noreply@marketor.fi.
Stripe Inc. (USA): Payment processing. Handles all subscription payments. Subject to Stripe's own privacy policy and PCI DSS compliance.
Anthropic Inc. (USA): AI features. When you use AI-powered features (next action suggestions, meeting briefs), your request data is sent to Anthropic's Claude API. No personal data is stored by Anthropic beyond the duration of the request.

We do not share your data with any other parties. We will disclose data to law enforcement if required by a valid legal obligation under Finnish law.

6. International data transfers

Some of our service providers are based in the United States. When your data is transferred to the USA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V:

Standard Contractual Clauses (SCCs) approved by the European Commission
Provider participation in the EU-US Data Privacy Framework where applicable

Your CRM contact data is stored in Supabase's EU region (Frankfurt, Germany) and does not leave the EU under normal operation.

7. How long we keep your data

Account data: For the duration of your subscription plus 30 days after cancellation, to allow reactivation. After 30 days, account data is permanently deleted upon request.
CRM contact data: Retained for as long as your subscription is active. Deleted permanently within 30 days of account closure.
Payment records: Retained for 7 years as required by Finnish accounting law (Kirjanpitolaki).
Support communications: Retained for 2 years.
Usage logs: Retained for 12 months.

8. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Article 15): You can request a copy of all personal data we hold about you.
Right to rectification (Article 16): You can correct inaccurate data directly in your account settings or by contacting us.
Right to erasure (Article 17): You can request deletion of your personal data. We will delete all account data within 30 days, subject to our legal retention obligations.
Right to restrict processing (Article 18): You can ask us to limit how we use your data in certain circumstances.
Right to data portability (Article 20): You can export your CRM contact data in CSV format directly from the platform at any time.
Right to object (Article 21): You can object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@marketor.fi. We will respond within 30 days.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): tietosuoja.fi.

9. Cookies

Marketor uses a minimal number of cookies strictly necessary to operate the service:

Authentication cookie: Set by Supabase to keep you logged in. Session-based — expires when you close your browser or after 7 days of inactivity.
Preference cookies: Store your UI preferences (view mode, sort order) locally. No personal data.

We do not use advertising cookies, tracking cookies, or analytics cookies that share data with third parties. Google Fonts is loaded from Google's CDN, which may set its own cookies subject to Google's privacy policy.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify active users by email at least 14 days before the changes take effect. The date at the top of this page shows when it was last updated.

Continued use of Marketor after changes become effective constitutes acceptance of the updated policy.