Marlvel Logo
Marlvel.aiHome

Privacy Policy

How we handle your data at Marlvel

Last updated: March 5, 2026

1. Data Collection

We collect:

  • Account info (Email, Name).
  • Usage data (Logs, Feature interaction).
  • Input data (App Store URLs, connected integrations) to build your AppWiki.

2. AI & Data Usage

We use your data to power the AI Product Growth Engine.

  • We do NOT sell your data.
  • We do NOT use your private code/specs to train public models shared with other customers without your explicit consent.
  • Aggregated, anonymized data may be used to improve system performance.

3. Cookies & Tracking

We use a two-level consent model for analytics:

Level 1 — Default (no consent required)

  • PostHog — Anonymous, aggregated usage analytics only. No personal profiles are created, no session recording.
  • Sentry — Error monitoring and crash reporting (legitimate interest). No personal data is collected beyond technical error details.

Level 2 — With your consent (Accept clicked)

  • PostHog — Identified user profiles and session recording (with masked inputs).
  • Amplitude — Product analytics with session replay to understand feature usage.
  • Firebase Analytics — Event tracking for app performance insights.

You can change your consent at any time by clearing your browser cookies/local storage and refreshing the page. The cookie banner will reappear, allowing you to make a new choice.

4. Security & Bot Protection

We use Cloudflare Turnstile to protect our authentication pages against automated abuse (bots, credential stuffing, spam).

  • Turnstile runs in invisible mode — no CAPTCHA puzzle is shown to legitimate users.
  • Cloudflare may collect your IP address, browser type, and interaction data to determine whether you are a human visitor.
  • This data is processed by Cloudflare under their own privacy policy: cloudflare.com/privacypolicy.
  • Legal basis: Legitimate interest (security of our platform and users' accounts).
  • No consent is required as this is classified as a strictly necessary security measure.

5. Session Recording

Session recordings are only enabled with your explicit consent (Level 2). When enabled:

  • All form inputs are masked by default (passwords, emails, text fields).
  • Recordings help us understand user flows and improve the product experience.
  • Recordings are stored for a maximum of 90 days and then automatically deleted.
  • No recording occurs without your consent.

6. Your Rights (GDPR — EU/EEA)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Opt out — Dismiss the cookie banner to use Marlvel with minimal, anonymous analytics only.
  • Access — Request a copy of the personal data we hold about you.
  • Deletion — Request the erasure of your personal data from our systems.
  • Rectification — Request correction of any inaccurate personal data.
  • Portability — Request your data in a structured, machine-readable format.
  • Withdraw consent — Withdraw your analytics consent at any time by clearing local storage.

To exercise any of these rights, contact us at legal@marlvel.ai. We will respond within 30 days.

7. Your Rights (CCPA — California)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

  • Right to Know — You can request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose, and the third parties with whom we share it.
  • Right to Delete — You can request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing service delivery).
  • Right to Opt-Out of SaleWe do NOT sell your personal information. We do not and will not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality, or service levels.
  • Right to Correct — You can request that we correct inaccurate personal information we maintain about you.

Categories of Personal Information Collected

  • Identifiers — Name, email address, account ID.
  • Internet activity — Browsing history within Marlvel, feature interactions, search queries (with consent).
  • Professional information — Organization name, role within the platform.
  • Inferences — Product usage patterns derived from analytics (with consent).

To exercise your CCPA rights, contact us at legal@marlvel.ai with the subject line "CCPA Request". We will verify your identity and respond within 45 days.

8. Data Retention

We retain your data for as long as necessary to provide our services:

  • Account data — Retained for the lifetime of your account. Deleted upon account deletion request.
  • Analytics data — Retained for up to 24 months, then automatically aggregated or deleted.
  • Session recordings — Automatically deleted after 90 days.
  • Server logs — Automatically deleted after 90 days.

9. International Transfers

Your data may be processed by our sub-processors in different regions:

  • EU-based — Amplitude (EU server zone), Supabase (EU region).
  • US-based — Vercel, Cloudflare, PostHog, Sentry, Firebase, Anthropic, Google, OpenAI.

Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable to ensure adequate data protection.

10. Third Parties

We use the following trusted sub-processors:

  • Vercel — Hosting and deployment.
  • Supabase — PostgreSQL database hosting.
  • PostHog — Product analytics and feature flags.
  • Amplitude — Product analytics and session replay (with consent).
  • Sentry — Error monitoring and performance tracking.
  • Firebase / Google Analytics — Event tracking (with consent).
  • Anthropic / Google / OpenAI — LLM providers for AI features.
  • Cloudflare — Bot protection (Turnstile) on authentication pages.
  • Resend — Transactional email delivery.

All sub-processors adhere to strict security standards (SOC2/GDPR where applicable).

11. Contact

For privacy inquiries, data access, or deletion requests: legal@marlvel.ai

Privacy Questions?

Contact our Data Protection Officer

legal@marlvel.ai

We typically respond within 24 hours