Privacy Policy

Last updated: 6 January 2026

1. Introduction

MARC ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email routing and management service.

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, company name
  • Billing information: payment card details (processed securely by our payment provider)
  • AWS credentials: IAM role ARNs for accessing your SES accounts
  • Communications: correspondence with our support team

2.2 Information Collected Automatically

  • Usage data: API calls, email volumes, delivery statistics
  • Log data: IP addresses, browser type, access times
  • Device information: operating system, device identifiers

2.3 Email Data

When you send emails through MARC, we process email metadata (recipient addresses, subject lines, timestamps) to route messages and provide analytics. We do not store email content beyond the time necessary for delivery.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyse usage patterns and trends
  • Detect, prevent, and address technical issues
  • Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Contract: Processing necessary to provide our services to you
  • Legitimate interests: Improving our services, preventing fraud, ensuring security
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing

5. Data Sharing and Disclosure

We may share your information with:

  • Service providers: Third parties who perform services on our behalf (payment processing, hosting, analytics)
  • AWS: Your email data is processed through your own AWS SES accounts
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Transfers to countries with adequate data protection laws
  • Binding Corporate Rules where applicable

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

  • Account data: Retained while your account is active, then deleted within 90 days of account closure
  • Usage logs: Retained for 12 months for analytics and troubleshooting
  • Billing records: Retained for 7 years as required by UK tax law
  • Email metadata: Retained for 30 days, then anonymised or deleted

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within one month.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

10. Cookies

We use essential cookies to operate our service and analytical cookies to understand usage patterns. You can control cookie preferences through your browser settings. For more information, see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.