Privacy Policy

1. 01

   First-party data minimization

   We only gather first-party signals necessary to provision accounts, secure sessions, and provide contracted services. Optional telemetry is disabled by default so customers can decide when richer analytics justify the trade. When experimental capture is required, we use synthetic or anonymized surrogates until explicit consent is obtained.

2. 02

   Explicit consent checkpoints

   Consent prompts appear at each stage where sensitive data categories shift from storage to processing. We document time-stamped consent proofs and replicate them across primary and disaster-recovery regions. If consent is revoked, workflows fall back to least-privilege functionality rather than suspending access outright.

3. 03

   Confidential computing boundaries

   Production environments segment personally identifiable information from behavioral telemetry using hardware-backed enclaves. Encryption keys are rotated automatically every seven days and can be rotated instantly upon customer request. Access to decrypted data requires quorum approval from privacy, security, and product stakeholders.

4. 04

   Debugging without exposure

   Observability traces, crash dumps, and vendor tickets are scrubbed through automated redaction pipelines before anyone on our side reviews them. Redaction rules are version controlled and tested alongside code so that new data types are covered before they ever appear in logs. Human escalation requires an auditable business justification and expires after each incident is resolved.

5. 05

   Localized storage guarantees

   Customer data stays in the geographic region selected during onboarding, and we maintain active-active replication only within that chosen boundary. Backup media are encrypted with customer-specific keys and never exported to portable drives or third-party data centers. If we must migrate regions, we request written approval and supply a full migration runbook.

6. 06

   Vendor accountability

   Every subprocessor we lean on signs bespoke privacy schedules that mirror or exceed MAR commitments. We map data flows through automated inventories reviewed quarterly by compliance engineering. If a vendor regresses on their posture, we either isolate them behind a proxy service or sunset the integration.

7. 07

   Child and minor protections

   We do not knowingly collect data from individuals under the age of sixteen, and screening heuristics guard intake funnels for youth-oriented signals. If a record is flagged as belonging to a minor, we purge it within twenty-four hours and notify the reporting party with evidence of deletion. Educational deployments receive additional contractual addenda covering guardian consent.

8. 08

   Shadow copy elimination

   Contract engineers and research partners work inside controlled workspaces that prohibit local storage, screenshot export, or copy-paste outside approved sandboxes. This measure keeps shadow databases from emerging on personal devices. Audits run weekly to ensure ephemeral workspaces truly self-destruct after their lease expires.

9. 09

   Disaster rehearsal with privacy controls

   Business continuity exercises always include privacy observers who validate that emergency playbooks respect consent choices even during failover. During these rehearsals we simulate regulator inquiries and customer data subject requests to prove we can honor them while triaging outages. Lessons learned feed straight back into runbooks and policy documentation.

10. 10

    Research ethics review

    Any plan to use customer datasets for model evaluation or product research routes through an internal ethics council chaired by our founder. The council can veto experiments that stretch privacy expectations or demand stronger anonymization. Summaries of approved research are logged for inspection by customer security teams.

11. 11

    Consent lifecycle notifications

    Customers receive transparent notices whenever a new feature introduces additional data processing. Notices explain what is changing, why it matters, and how to opt out without breaking core functionality. We log acknowledgement status so account owners can confirm their teams understand the shift.

12. 12

    Annual red-team reviews

    Privacy red-teams attempt to pierce isolation boundaries, escalate privileges, and correlate pseudonymized records. Findings are shared with customer security contacts, along with the remediation roadmap and completion proof. We treat these reviews as obligations, not marketing exercises.

1. 01

   Purpose binding for each dataset

   Every table and object store in our platform has a declared processing purpose enforced through policy-as-code. Attempts to reuse a dataset for an undeclared purpose trigger alerts and require executive sign-off. This prevents scope creep and keeps product experiments honest.

2. 02

   Service telemetry segregation

   Operational telemetry is ingested to a logically separate analytics plane where identifiers are hashed before aggregation. Data scientists query anonymized aggregates while engineers troubleshoot issues using pseudonymous session identifiers. Raw identifiers reappear only when an on-call engineer unlocks them under break-glass procedures.

3. 03

   Algorithmic transparency ledger

   We maintain a ledger describing how automated decisioning systems use personal data to reach outcomes. Customers can request a signed copy of the ledger to support their own governance reviews. When a model changes materially, we append a plain-language summary explaining the impact on data subjects.

4. 04

   Retention with reversible timers

   Default retention windows are ninety days unless contractual obligations specify shorter periods. Customers can set reversible timers per dataset, and when the timer expires data is soft-deleted for fourteen days before permanent erasure. During soft-delete we provide restore tooling so accidental purges can be undone safely.

5. 05

   Data subject request automation

   Self-service dashboards let authorized customer administrators submit access, correction, restriction, portability, and deletion requests. Our automation fans the request across all systems, including warm backups and third-party subprocessors. We provide a progress timeline so administrators can see each step complete in real time.

6. 06

   Joint controllership clarity

   When we act as a joint controller, we document shared obligations, liabilities, and escalation paths in an attached joint controllership annex. The annex outlines which party leads communications with regulators and end users. We never assume expanded rights without mutual agreement.

7. 07

   Security parity for prototypes

   Experimental betas and pilot features inherit the same security and privacy controls as production releases. Sandboxed prototypes run within the production boundary, eliminating the risk of forgotten shadow environments. Feedback loops ensure prototypes graduate or are retired with a full data disposal checklist.

8. 08

   Cross-border safeguards

   When data must cross borders, we employ standard contractual clauses, supplemental encryption, and region-specific access controls. Data residency dashboards highlight exactly which jurisdictions host your information. Requests from public authorities are reviewed by counsel and challenged where the scope feels excessive.

9. 09

   Privacy incident hotline

   Dedicated incident channels allow customer security teams to reach MAR privacy engineers twenty-four seven. Hotline runbooks include pre-filled notification templates to accelerate regulator outreach if a notifiable incident occurs. We prioritize rapid containment while preserving forensic evidence.

10. 10

    Machine learning guardrails

    Model training jobs consume sanitized datasets where direct identifiers are replaced with stable tokens. We monitor model outputs for memorization or inversion risk and retrain with differential privacy budgets when necessary. Customers can request custom redaction layers tailored to their regulatory environment.

11. 11

    Employee privacy literacy

    Every MAR team member completes a privacy certification path covering jurisdictional nuances, ethical handling, and customer empathy. Completion is tracked and tied to access privileges: miss a renewal and your production access is revoked automatically. Leadership refreshers include tabletop exercises centered around real-world privacy failures.

12. 12

    Independent verification

    We commission annual SOC 2 Type II, ISO 27001, and regional privacy assessments led by accredited auditors. Summary reports and bridge letters are shareable under NDA for customers who need evidence for their boards. Corrective actions are budgeted as first-class engineering work, not deferred maintenance.

1. 01

   Right to transparent onboarding

   During onboarding we provide layered notices describing what data is required, which systems process it, and how retention works. These notices are available in plain language and legalese so teams can choose the format that suits them. We track which version of the notice each user saw for historical accuracy.

2. 02

   Right to correct information

   Administrators can correct metadata instantly, while sensitive identity elements route through dual control to prevent fraudulent changes. Each correction request generates an audit trail showing who made the change, why, and which systems synchronized afterward. We notify downstream processors to keep copies aligned.

3. 03

   Right to data portability

   We offer export tooling in CSV, JSON, and Parquet formats, complete with schema descriptions. Customers can schedule recurring exports to their object storage or request one-off signed packages delivered via secure channels. Exports omit internal-only annotations so that competitive insights remain protected.

4. 04

   Right to erasure

   Deletion requests trigger irreversible wipe jobs that cascade to caches, search indexes, analytics warehouses, and support tooling. We supply a signed destruction certificate once every location confirms deletion. If legal obligations require retention, we place the data in a sealed vault with access logging.

5. 05

   Right to restriction of processing

   Customers can pause non-essential processing flows while still maintaining business-critical operations. Restriction status is clearly labeled in dashboards, and we send periodic reminders so teams can decide when to resume processing. If restriction lasts beyond ninety days, we run a joint review to decide on long-term controls.

6. 06

   Right to object to profiling

   We do not engage in automated decisioning that produces legal or similarly significant effects without human oversight. If profiling features are requested, we provide opt-out toggles and alternative workflows. Audit logs capture every manual override so we can prove that human review genuinely occurred.

7. 07

   Right to confidentiality in support

   Support conversations use secure portals rather than email, and attachments expire automatically. Customers can mask or tokenise sensitive fields before our team can view them. When a ticket closes, the conversation history follows the same retention policy as the underlying system data.

8. 08

   Right to clear pricing on data services

   We never monetize individual user data or sell lists. If a customer opts into data enhancement services, pricing is documented up front and limited to aggregated insights. Cancellation is immediate and does not affect access to the core platform.

9. 09

   Right to legal recourse

   Our contracts embed dispute resolution language that respects the governing law chosen by the customer. We cooperate in regulatory investigations and support customers who need to demonstrate due diligence. Arbitration venues are selected with customer input for fairness and accessibility.

10. 10

    Right to accessibility

    Privacy portals, request forms, and documentation comply with WCAG 2.2 AA accessibility standards. Alternate contact paths exist for screen-reader users or teams that rely on assistive technology. We welcome suggestions on improving accessibility and respond with a remediation timeline.

11. 11

    Right to informed innovation

    When we launch new intelligence capabilities, we publish plain-language briefs about how data is used, what safeguards exist, and how to decline participation. Beta testers receive additional dashboards tracking the data they contribute. Opting out never downgrades existing service levels.

12. 12

    Right to independent audit

    Large customers can appoint an independent auditor to review our privacy controls once per year. We provide secured workspace access, sample data, and engineering contacts to support the review. Findings are addressed through a mutually agreed remediation calendar.

Staying aligned as the platform evolves

MAR evolves quickly, but privacy commitments remain stable. When a new capability could materially change how data moves, we deliver at least thirty days notice, preview documentation, and optional walkthrough calls. We version policies so you can track edits over time, and at your request we will snapshot previous drafts for audit evidence.

Questions, concerns, or regulator outreach requests can be directed to support@gomarai.com or through the secure contact form. Expect acknowledgement within twelve hours and a full response inside two business days.