Privacy Policy

2.1 Information you provide

We collect information that you voluntarily provide when you:

• Register or manage an account (name, email address, organization details)
• Use the Service (messages, prompts, files you upload, tasks, and similar content)
• Connect third-party services (OAuth tokens, account identifiers, and data those services make available)
• Contact support or provide feedback
• Participate in surveys or waitlist flows

2.2 Information collected automatically

When you access the Service, we and our providers may collect:

• Device and network data (such as IP address, browser type, and operating system)
• Usage data (pages or screens viewed, features used, and approximate timing)
• Diagnostic and log data (errors, performance metrics, security signals)
• Cookies and similar technologies (see Section 9)

2.3 Connected services (overview)

You may choose to link third-party accounts so MARIN can work across your tools. We only access data that you authorize through each provider's consent or permission flow. Detailed categories appear in Sections 2.4–2.8.

2.4 Google account data (Gmail, Calendar, Drive)

If you connect a Google account, we access Google user data only after you complete Google's consent screen. As of the date above, requested permissions correspond to OAuth scopes including: userinfo.email, userinfo.profile, gmail.modify, gmail.settings.basic (for example send-as or signature-related behavior where applicable), calendar.events, and drive.

• Access and use. We use this data to provide features you request—such as reading or sending email, managing calendar events, and creating, editing, searching, or organizing Drive files.
• Storage. We store OAuth tokens and connection metadata on our systems. We may cache or retain content and metadata from Google APIs as needed to operate the Service, consistent with Section 7 and until you disconnect or delete your account, subject to legal holds.
• Sharing. We do not sell Google user data. We may share it with subprocessors who host, secure, or process data on our behalf (including AI infrastructure where applicable), only to deliver the Service and subject to contractual protections.
• Limited Use. Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements (for example, we do not use Google user data for serving ads).

Disconnect Google anytime in MARIN (for example under Connections) and revoke access in your Google Account security settings.

2.5 Microsoft 365 data (Outlook, Calendar, OneDrive)

If you connect a Microsoft work or personal account, we access Microsoft data only after you complete Microsoft's sign-in and consent flow. As of the date above, we request Microsoft Graph permissions consistent with scopes such as: openid, email, profile, offline_access, User.Read, Mail.ReadWrite, Mail.Send, MailboxSettings.ReadWrite, Calendars.ReadWrite, and Files.ReadWrite (OneDrive files and folders you ask us to work with).

We use this data to provide the Service—for example, to read or send Outlook messages, manage calendar events, adjust mailbox settings when you ask us to, and create, edit, search, or organize OneDrive content. We store OAuth tokens and related metadata on our systems and may retain content from Microsoft APIs as needed to operate features you use. We do not sell this data. Disconnect Microsoft in MARIN and revoke the app in your Microsoft account permissions if you wish to remove access.

2.6 Dropbox

If you connect Dropbox, we receive authorization tokens and may access files, folders, and metadata Dropbox exposes for the permissions you grant. We use that access to power file search, summaries, organization, and other workflows you initiate. Tokens are stored securely; disconnect Dropbox in MARIN or in your Dropbox account settings to revoke access.

2.7 Other optional integrations

Depending on product configuration, you may be able to connect additional services—such as Notion, GitHub, LinkedIn, Instagram, X (Twitter), or Zoom. Each integration only receives the permissions you approve on that provider's screen. We use connected data to provide the features you enable (for example, posting or retrieving content, managing repos or pages you specify, or meeting-related actions). The exact data categories depend on the provider and the scopes you grant; review each provider's permissions before connecting.

2.8 Web content, research, and crawling

When you use features that rely on public web information—such as researching a URL you provide, answering questions with live context, or fetching page text for analysis—we may retrieve and process public web pages and search results on your behalf.

• We may use Firecrawl (or similar crawling and extraction services) to fetch and normalize content from URLs you supply or that are relevant to your request.
• We may use web search and browsing tools provided through AI providers such as Anthropic and OpenAI so the model can retrieve current public information when a feature requires it.

Text and metadata from those requests may be sent to our backend systems and to those vendors solely to fulfill your request. We do not use this activity to sell personal data or to serve third-party advertising. Public pages may still contain personal information if it was published publicly—we do not control site owners' content.

2.9 Account authentication (Clerk)

We use Clerk for sign-in, session management, and related account security features. Clerk processes authentication data (such as identifiers, email, and session tokens) in accordance with their documentation and privacy policy. Enabling the Service requires this processing.

5.1 With your consent

We share information when you direct us to—for example, by connecting a third-party account or explicitly requesting an action that sends data to another service.

5.2 Service providers and subprocessors

We use carefully selected vendors to run the Service. They may process personal data on our instructions and under contractual obligations. Categories include:

• Cloud infrastructure. Providers such as Amazon Web Services (AWS) for APIs, storage, databases, and related hosting used by our application and backend.
• Authentication. Clerk (and webhook infrastructure such as Svix where Clerk delivers signed webhooks).
• AI and search. Anthropic and OpenAI for language models and, where enabled, web search or browsing tools.
• Web crawling and extraction. Firecrawl (and similar services we may use for the same purpose) to retrieve and structure public page content you request.
• Analytics and marketing tags. Google Tag Manager may load measurement or advertising tags according to our configuration; those tools are subject to their own policies and may use cookies (see Section 9).
• Scheduling and demos. Calendly (or comparable booking links) when you choose to book time with us—those pages are governed by the provider's privacy notice.
• Fonts, assets, and CDNs. For example, Google Fonts, jsDelivr, or similar CDNs that deliver scripts or icons may receive technical requests (such as IP address) in the ordinary course of loading the site.
• Brand imagery (marketing). Our marketing pages may load logos from services such as Logo.dev; those requests typically include the domain name needed to render an image and are governed by the vendor's policy.

We may add or change vendors as the Service evolves; when we make material changes to how we share data, we will update this policy and the "Last updated" date.

5.3 Legal requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and security of users, MARIN, or others.

5.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will provide notice where required by law.