Privacy policy

Last updated: 09/28/2025

1) Overview

This Privacy Policy explains how Marz, Inc. (“Marz”, “we”) collects, uses, shares, and protects personal information when you use our websites, dashboards, and Services, and describes your choices and rights.

We operate globally. This Policy includes regional disclosures for the EEA/UK (GDPR), California (CCPA/CPRA), Brazil (LGPD), Canada (PIPEDA/CASL), and minors (COPPA/GDPR-kids).

2) Personal information we collect

Information you provide:

• Account & profile (name, email, password, company, role, links to social profiles).
• Campaign data (briefs, specs, content drafts, approvals, messages).
• Payment & tax (payout/pay-in details processed via our payment partners; we store tokens/records, not full card numbers).
• Age/consent attestations (e.g., date of birth; parental/guardian consent where required).
• Support requests and communications.

Information we collect automatically:

• Device & usage: IP address, identifiers, browser, OS, pages viewed, clicks, session metadata, approximate location (from IP).
• Cookies, pixels, SDKs, and similar tech for login, security, analytics, and (where applicable) marketing measurement.
• Event logs for fraud prevention and audit.

Information from third parties (as authorized by you or permitted by law):

• Social platforms’ APIs (e.g., Creator handle, stats, post URLs/metadata) when you connect accounts.
• Payment processors (status of transactions).
• Service providers (KYC, sanctions screening, analytics).
• Publicly available sources (open social posts/metrics).

3) How we use personal information (purposes & legal bases)

• Provide & improve the Services (set up accounts; run campaigns; escrow & payouts; dashboards; matching; support).
• Safety, fraud, and dispute handling (KYC/AML/sanctions checks; device/IP risk analysis; compiling and exporting evidentiary records to payment processors, card networks, and banks; enforcing Terms; verifying disclosures/permanence; preventing chargebacks).
• Analytics & product development (service usage, performance).
• Communications (service emails, transactional messages; with consent where required, product updates or offers).
• Legal (comply with law; respond to lawful requests; protect rights).

Legal bases (GDPR/UK): performance of contract; legitimate interests (e.g., fraud prevention, dispute handling, service improvement); consent (e.g., non-essential cookies/marketing); legal obligations.
LGPD: consent, contract, legitimate interest, legal/regular exercise of rights.
You may withdraw consent at any time where consent is the basis.

4) How we share information

We share personal info with:

• Counterparties: When a Brand and a Creator engage on a Deal, we share necessary info between them (e.g., Creator’s profile/contact for the Deal; Brand’s brief and point of contact).
• Service providers: Cloud hosting, databases, analytics, email/SMS, payment processing, KYC, customer support—bound by contract to use data only for our purposes.
• Payment processors, card networks & acquiring banks: For fraud prevention, risk assessment, and dispute/chargeback handling, including submission of evidentiary records.
• Social platforms: When you connect accounts or post links, we may process relevant profile/post data consistent with the platform’s terms and your permissions.
• Legal and safety: To comply with law, enforce Terms, protect our users or our rights.
• Business transfers: In a merger, acquisition, or asset sale, your data may be transferred to the successor.

We do not sell your personal information in the traditional sense. For California, some analytics/ads cookies may be deemed a “sale/share”; see §10 for opt-out.

5) Cookies & tracking technologies

We use:

• Strictly necessary cookies (login, security, fraud prevention).
• Analytics/performance (usage, diagnostics).
• Advertising/measurement (only where applicable and with required consent).

Where required (e.g., EEA, certain LATAM countries), we request consent before setting non-essential cookies/pixels and provide a Cookie Preferences tool to manage choices. You can also control cookies in your browser. We honor applicable Global Privacy Control (GPC)/opt-out signals where legally required.

6) International data transfers

We are U.S.-based and may transfer your data to the United States and other countries that may not provide the same level of protection as your home jurisdiction. For EEA/UK transfers, we rely on Standard Contractual Clauses (SCCs) and implement additional safeguards as needed. Where applicable, we may participate in recognized data-transfer frameworks.

7) Data retention

We retain personal information as long as needed to provide the Services and for legitimate business needs, including fraud prevention and dispute/chargeback handling (e.g., preserving logs and evidentiary records), and then delete or anonymize it. Typical examples: account data (while account is active); transactional/escrow records (for statutory periods); logs (shorter rolling windows). Some records relevant to disputes may be retained until applicable chargeback windows and legal limitation periods expire. You can request deletion; see §9.

8) Security

We employ administrative, technical, and organizational measures (encryption in transit, access controls, monitoring, least-privilege) to protect personal information. For fraud prevention and dispute handling, we may maintain and analyze IP addresses, device identifiers/fingerprints, timestamps, and behavioral signals and share relevant subsets with payment processors, card networks, or banks strictly for risk and dispute resolution purposes. No system is 100% secure; please protect your account credentials.

9) Your rights

EEA/UK (GDPR): right to access, rectify, erase, restrict, port, and object; right to withdraw consent; right to lodge a complaint with your supervisory authority.
Brazil (LGPD): confirm processing; access; correct; anonymize/block/delete; portability; information on sharing; revoke consent.
Canada (PIPEDA): access and correction; withdrawal of consent subject to legal/contractual limits.
California (CCPA/CPRA): right to know categories/specific pieces, delete, correct, opt-out of “sale/share” of personal information, limit use of sensitive personal information, and non-discrimination for exercising rights.

Limitations. We may deny or delay certain requests (e.g., deletion) where we must retain data for legal obligations or the establishment, exercise, or defense of legal claims, including fraud prevention and chargeback/dispute handling (see §7).

To exercise rights or make inquiries, email privacy@go-marz.com. We may verify your identity and, for authorized agents, request proof of authorization.

10) California “Do Not Sell or Share” & “Your Privacy Choices”

If we use cookies/analytics/ads that constitute a “sale”/“sharing” under CPRA, you may opt-out via our Your Privacy Choices link or Cookie Preferences, and by enabling GPC in your browser. We do not knowingly sell/share data of users under 16.

11) Children & teens

We do not knowingly collect personal information from children under 13. If you believe a child under 13 used the Services, contact us to delete their data.
Creators aged 13–17 may use the Services only with parental/guardian consent; we may require additional verification and payment/contract consent by the guardian. We use clear language for minors and limit profiling/targeting consistent with applicable laws.

12) Social platform integrations

If you connect your TikTok/Instagram/YouTube (or other) accounts, we access only the permissions you grant and process data to operate the Services (e.g., matching, verification, analytics). We do not control those platforms’ privacy practices; your use of them is governed by their policies.

13) Changes to this Policy

We may update this Policy. If changes are material, we will notify you (e.g., in-product or by email). Your continued use after the effective date means you accept the updated Policy.

14) Contact us

Email: support@go-marz.com (privacy inquiries and legal notices) | Marz, Inc.
If required by law, you may also contact our EU/UK representative (details provided upon request).