Privacy Policy

This Privacy Policy describes how Mariete (“Mariete”, “we”, “our” or “us”) collects, uses, discloses and protects the personal information of customers, website visitors, partners and other individuals in connection with our platform, products, websites and services (together, the “Services”).

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services. For enterprise deployments, this Policy is supplemented by the Data Processing Addendum (DPA) included in your agreement with us.

We collect information you provide to us directly, information we receive automatically when you use the Services, and information from third-party sources where you have authorised that sharing.

Account and profile information. Name, email address, company, role, billing details and authentication identifiers when you create an account or are provisioned by your organisation.

Customer content. Prompts, documents, data sources, configurations and agent outputs you submit to, or generate inside, the Services. Customer content is processed on your behalf and under your instruction.

Usage data. Log data, device and browser information, IP address, approximate location, referrer, pages viewed, actions taken and timestamps. We use this to operate, secure and improve the Services.

Cookies and similar technologies. We use first-party and limited third-party cookies for authentication, preferences, product analytics and attribution. See the Cookies section below.

Communications. When you contact us, apply to the partner programme or respond to a survey, we collect the content of the communication and any metadata associated with it.

We use the information we collect to:

• Operate, maintain, secure and improve the Services;
• Authenticate users and authorise access to workspaces;
• Execute the agent tasks you request and return cited outputs;
• Communicate with you about the Services, including operational notices, security alerts and support responses;
• Bill for the Services and enforce our agreements;
• Detect, prevent and respond to fraud, abuse and security incidents;
• Comply with legal obligations and enforceable governmental requests;
• Conduct research and analytics to make the Services more useful.

We do not use Customer content to train foundation models. We do not sell personal information. Where we rely on legitimate interests as the legal basis for processing, we have balanced those interests against your rights.

We share information only in the circumstances described below:

Sub-processors. We engage vetted sub-processors to provide infrastructure (cloud hosting, logging, email), customer support and limited analytics. A current list is available on request and is maintained as part of our DPA for enterprise customers.

Model providers. Where an agent calls a model provider, prompts and context are transmitted to that provider under zero-retention terms. Your content is not retained by the provider beyond the request needed to produce a response, and is not used to train foundation models.

Within your organisation. Workspace administrators can see users, roles, activity and billing within their tenant.

With your consent. We share information with third parties when you explicitly instruct us to do so — for example, when you connect an integration.

Legal and safety. We may disclose information where required by law, to enforce our agreements, to protect Mariete or the rights and safety of others, or in connection with an investigation of fraud or abuse.

Business transfers. In the event of a merger, acquisition, financing, reorganisation or sale of assets, information may be transferred subject to this Policy.

We retain personal information for as long as your account is active or as needed to provide the Services, resolve disputes and enforce our agreements. Customer content is retained according to your workspace configuration and the retention terms of your agreement with us.

On termination, Customer content is returned or deleted in accordance with your agreement, with narrow exceptions for information we are required to retain by law.

We maintain administrative, technical and physical safeguards designed to protect personal information against unauthorised access, loss, misuse and alteration. These include encryption in transit (TLS 1.3) and at rest (AES-256), role-based access control, least-privilege provisioning, audit logging, vulnerability management and third-party penetration testing.

No system is perfectly secure. You are responsible for maintaining the confidentiality of your credentials and for access controls inside your workspace. Suspected incidents may be reported to security@mariete.ai.

Mariete operates globally. Where personal information is transferred across borders, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) and equivalent safeguards. Enterprise customers can select EU, UK or US data residency at contract signing for storage and inference.

Depending on where you live, you may have the right to access, correct, delete, port, restrict or object to the processing of your personal information, and to withdraw consent where processing is based on consent. Residents of the EEA, UK, Switzerland and certain US states (including California) have specific rights under the GDPR, UK GDPR, Swiss FADP, the CCPA and other applicable laws.

To exercise your rights, contact privacy@mariete.ai. Where you are a user of a workspace administered by a customer, we will direct your request to that customer, who is the controller of the content you submitted.

We use cookies and similar technologies for authentication, session management, preferences, product analytics and limited marketing attribution. You can control non-essential cookies through your browser settings and through our cookie notice where presented.

Disabling essential cookies will prevent the Services from working as intended. We do not use cookies to infer political affiliation, religion, health status or other sensitive categories.

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@mariete.ai and we will take steps to delete it.

We may update this Policy to reflect changes to our practices, our Services or legal requirements. When we make material changes, we will provide notice — through the product, by email, or by updating the “Last updated” date at the top of this page. Continued use of the Services after a change takes effect constitutes acceptance of the updated Policy.

Privacy questions, rights requests and data-protection enquiries: privacy@mariete.ai. Security matters: security@mariete.ai. All other legal enquiries: legal@mariete.ai.