Back to Marik Agency
Privacy Policy
Legal

Privacy Policy

Last updated: April 2, 2025

At Marik Agency, we take your privacy seriously. This policy explains how we collect, use, store, and protect your personal data when you interact with our website, AI chatbots, voice agents, and automation services.

§Information We Collect

We collect information in the following ways:

Information You Provide Directly

  • Name, email address, phone number, and business name submitted via contact or booking forms
  • Messages and inputs you send to our AI chatbots or voice agents
  • CRM data you upload or connect to our platform for lead reactivation campaigns
  • Business documents, pricing sheets, or FAQs you share for AI knowledge-base training
  • Payment card information (processed by our payment provider — we do not store raw card data)

Information Collected Automatically

  • IP address, browser type, device type, and operating system
  • Pages visited, referring URLs, and time spent on pages
  • Session recordings and heatmap data (where applicable) to improve UX
  • Cookies and local storage identifiers (see §Cookies below)

Voice & Conversation Data

  • Voice call recordings where our Voice AI agent interacts with callers on behalf of your business (callers are notified at the start of each call)
  • Transcripts of AI chatbot conversations for quality assurance and model improvement
  • Sentiment scores and intent classifications derived from conversations

§How We Use Your Data

We process your personal data for the following lawful purposes:

  • Service Delivery: To set up, configure, and operate your AI chatbot, voice agent, and automation workflows.
  • Communication: To respond to inquiries, book strategy calls, and send service-related updates.
  • Lead Reactivation: To contact leads from your CRM on your behalf, pursuant to instructions you provide and applicable telemarketing laws. Your leads' data is processed solely to deliver your campaigns — we do not use it for our own marketing.
  • Quality & Safety: To review conversation logs for accuracy, bias detection, and to improve AI model responses.
  • Legal Compliance: To fulfil our obligations under GDPR, CCPA, and other applicable data protection laws.
  • Analytics: To understand how our website is used and improve our content and services.

We never sell your personal data to third parties for advertising purposes.

§AI & Automated Processing

Our services are powered by large language models (LLMs) and speech-to-text/text-to-speech systems provided by third-party AI providers (including but not limited to OpenAI and Twilio). When you or your customers interact with our AI agents, the following applies:

  • Conversations may be processed by our AI providers under their own data processing agreements (DPAs), which we maintain with each provider.
  • We minimise data sent to AI models — only the necessary context is passed per session.
  • We do not use customer conversation data to train our AI models without explicit written consent.
  • Automated decisions (e.g., lead qualification scores) are informational only. No legally significant automated decisions are made without human review.
  • You may request a human review of any AI-generated output or automated assessment at any time.

Voice AI Notice: All phone calls handled by our Voice AI are disclosed to callers at the outset. Call recordings are retained for a limited period (see §Data Retention) and are accessible only to authorised personnel.

§Third-Party Services & Integrations

We integrate with various third-party platforms to deliver our services. Each provider operates under its own privacy policy and, where applicable, a DPA with Marik Agency.

ProviderPurposeData Shared
OpenAILLM-powered chatbot responsesConversation context (no PII by default)
TwilioVoice AI telephony & SMSPhone numbers, call audio, transcripts
Cal.comStrategy call schedulingName, email, calendar slots
StripePayment processingPayment card data (tokenised)
HubSpot / SalesforceCRM integrationContact records you authorise
Zapier / MakeWorkflow automationData you configure in workflows
Google AnalyticsWebsite analyticsAnonymised usage data

We will notify you if we add new sub-processors that materially affect how your data is handled.

§Data Retention

We retain different categories of data for different periods:

Contact form submissions2 years from submission, unless an active client relationship exists
Client account dataDuration of the contract + 5 years for legal/financial record-keeping
AI chatbot transcripts90 days (rolling), unless extended by client agreement for audit purposes
Voice call recordings30 days (rolling). Transcripts may be retained for up to 90 days
CRM lead data (reactivation)Deleted within 30 days of campaign completion or contract termination
Website analytics14 months from collection (Google Analytics default)
Payment records7 years for financial compliance purposes

You may request early deletion of your data at any time (see §Your Rights).

§Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete information.

Right to Erasure

Request deletion of your data ("right to be forgotten").

Right to Restrict Processing

Limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on our legitimate interests.

Right to Opt-Out (CCPA)

California residents may opt out of the sale/sharing of personal information.

Right to Non-Discrimination

We will not penalise you for exercising your privacy rights.

To exercise any of these rights, email us at privacy@marikagency.com. We will respond within 30 days. We may need to verify your identity before processing your request.

§Cookies & Tracking

We use the following types of cookies:

Strictly Necessary

Required for the website to function (e.g., session management). Cannot be disabled.

Analytics

Help us understand how visitors use our site. Can be disabled via our cookie banner.

Functionality

Remember your preferences (e.g., language, calc state). Can be disabled.

Marketing

We do not use tracking cookies for advertising purposes.

You can manage or withdraw cookie consent at any time via your browser settings or our cookie preference centre.

§Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Access to production data is restricted to authorised personnel via role-based access control (RBAC)
  • We conduct regular security audits and penetration tests
  • API keys and secrets are managed via secure secret management services (never stored in source code)
  • All employees undergo data protection training annually

In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR, and promptly as required by applicable US state laws.

§Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@marikagency.com and we will promptly delete it.

§Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by email.

Your continued use of our services after the effective date of a revised policy constitutes your acceptance of the changes.

§Contact Us

For any privacy-related questions, requests, or complaints, please contact:

Marik Agency — Data Controller
Email: privacy@marikagency.com
We aim to respond to all privacy enquiries within 5 business days.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or a supervisory authority in your EU member state).
Back to HomepageView Terms of Service →