Legal document
Privacy Policy
Last updated: May 2026
1. Data Controller & Identity Disclaimer
The data controller responsible for your personal data is Marginia. For any privacy-related inquiries, data access requests, or to exercise your statutory rights, you may contact our designated data compliance desk at: š§ hello@marginia.org. Please note that Marginia operates as an independent digital platform. References to "Marginia" inside this agreement constitute the digital identity of the platform operators, administrators, and developers.
2. Legal Basis and Scope of Data Collected
We only collect personal data that is necessary to provide you with our automated services. We process your data under the following legal bases pursuant to Art. 6(1) of the GDPR: Identity & Account Data: Account email address, username, password hashes, and registration timestamps. Art. 6(1)(b): Performance of a Contract (To manage your user account). Transaction & Billing Data: Subscription status, billing history, invoice records, and masked metadata. (Full credit card details are collected directly by Stripe; we do not store raw card numbers). Art. 6(1)(b): Contract Performance & Art. 6(1)(c): Legal/Tax Obligation. User Input & Content Data: Product URLs, text logs, titles, listings, and original product images uploaded for AI optimization. Art. 6(1)(b): Performance of a Contract (To generate requested SEO outputs). Technical & Analytics Data: IP addresses, browser types, device identifiers, referral sources, and session time tracking. Art. 6(1)(f): Legitimate Interest (To secure the platform and monitor stability).
3. Special Disclaimer on AI Data Processing & Third-Party Models
Because Listo AI utilizes third-party cutting-edge generative artificial intelligence (including but not limited to Google Vertex AI frameworks, Imagen 3, and Gemini APIs), you must acknowledge the following processing rules: No Direct Enterprise Training: We pass your product data and source images to enterprise-grade cloud APIs. We do not voluntarily allow these third-party AI sub-processors to utilize your proprietary product data or unedited images to train public base models. Content Integrity: You are strictly prohibited from uploading personal images, biometric data, sensitive identification documents, or unencrypted private personal information into the Listo AI input forms. Marginia shall not be held liable for any privacy or confidentiality breaches arising from your inclusion of personal, private, or protected third-party data within your product listings or prompt fields.
4. Data Sharing & Trusted Third-Party Sub-Processors
We do not sell, rent, or trade your personal data to advertising companies or third-party brokers. To maintain a functional global SaaS infrastructure, we transfer data exclusively to the following trusted cloud sub-processors: ā¢ Vercel Inc. (USA): Frontend architecture deployment and global content delivery network (CDN). ā¢ Supabase Inc. (USA): Secure encrypted database management and user authentication storage. ā¢ Stripe Inc. (USA/Global): Fully PCI-DSS compliant credit card and local alternative payment processing gateway. ā¢ Google Cloud Platform / Vertex AI (USA/EU): Core artificial intelligence execution, multi-lingual language generation, and image outpainting/inpainting computing. ā¢ Google Analytics: Anonymized behavioral analysis and traffic statistics tracking.
5. International Data Transfers (Outside the EEA)
Some of our sub-processors listed above are headquartered or operate servers in the United States. To guarantee that your data receives an equivalent level of protection to that within the European Economic Area (EEA), we ensure that all non-EU data transfers are protected under Standard Contractual Clauses (SCCs) approved by the European Commission, alongside the rigorous corporate data security frameworks of our infrastructure providers.
6. Data Retention Policy
We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy: Account Data: Retained for the duration of your active account lifecycle plus 12 months following account closure or prolonged inactivity, allowing for recovery or disputes. Transaction Records: Retained for 5 fiscal years following the date of the transaction to comply with mandatory statutory tax audits and legal accounting requirements. Anonymized Analytics Data: Retained indefinitely in a fully aggregated, non-identifiable layout to improve platform performance.
7. Your Statutory GDPR Rights
As a resident of the European Union or United Kingdom, you possess the following comprehensive legal rights regarding your personal data: ā¢ Right of Access: The right to request copies of your personal data held by us. ā¢ Right to Rectification: The right to demand that we correct inaccurate or incomplete data. ā¢ Right to Erasure ("Right to be Forgotten"): The right to request that we erase your personal data under certain conditions (subject to tax/billing legal holddowns). ā¢ Right to Restrict Processing & Object: The right to limit or object to how we process your technical or analytics data. ā¢ Right to Data Portability: The right to request that we transfer your collected data to another organization. To execute any of these rights, please email us directly at hello@marginia.org. We are legally bound to verify your identity and fulfill your request within 30 days free of charge.
8. Cookies and Tracking Mechanisms
Marginia uses two classifications of cookies to improve user experience: Essential Cookies: Strictly necessary for managing your login state, security tokens, and maintaining your Stripe checkout flow. Disabling these cookies inside your browser will break the core mechanics of the platform. Analytical Cookies: Used via Google Analytics to aggregate anonymous traffic trends. You can opt-out of these cookies at any time via your browser's privacy settings or our explicit cookie consent banner.
9. Data Security Operations
We implement industry-standard technical measures, including SSL/TLS network encryption, hashed database passwords, and restricted API access, to prevent unauthorized interception, alteration, or deletion of your data. While we strive to maintain maximum defense protocols, no transmission method over the Internet is 100% secure, and we cannot guarantee absolute immunity from malicious third-party attacks.
10. Regulatory Complaints
If you believe that Marginia has processed your personal data in violation of the GDPR framework, you have the absolute right to lodge an official complaint with a competent supervisory data protection authority within your EU Member State of residence.