Data Processing Addendum

DPA, in plain English.

If your procurement team requires a signed DPA, we can do that. The commitments below form the basis — a countersigned version is available on request.

Effective April 23, 2026 · Last updated April 23, 2026

Roles

When you use Marqeting, you are the data controller for personal data in your workspace (your users' emails, writing samples that may reference individuals, etc.). We are the data processor, acting on your documented instructions.

Scope of processing

  • Subject matter — Provision of the Marqeting service.
  • Duration — For the term of your subscription plus a 30-day export/deletion window.
  • Nature — Storage, retrieval, transmission, generation, and analysis of text content you submit.
  • Purpose — Delivering brand-voice training, content generation, and related features you've subscribed to.
  • Data categories — Email addresses, writing samples, generated content, product usage events.
  • Data subjects — Your workspace members, and any individuals referenced in the content you submit.

Our obligations as processor

  • Process personal data only on your documented instructions.
  • Ensure persons authorized to process data are subject to confidentiality.
  • Implement appropriate technical and organizational security measures (see Security).
  • Assist you in responding to data-subject requests (access, rectification, erasure, portability).
  • Notify you of any personal data breach within 72 hours of our awareness.
  • On termination, delete or return personal data at your choice.

Sub-processors

We use the sub-processors listed on the Security page. We provide notice before adding or replacing a sub-processor; you may object, and if we can't accommodate the objection, you may terminate the affected parts of the service with a pro-rated refund.

International transfers

Marqeting's infrastructure is primarily hosted in the United States. For EU/UK-originated personal data, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as appropriate, executed between us and each sub-processor.

Data-subject requests

If a data subject contacts us directly about content in your workspace, we'll forward the request to you and cooperate with your response. You remain responsible for the substance of the response.

Audit rights

On reasonable notice (at least 30 days), once per year, you may request relevant evidence of our compliance (sub-processor list, SOC 2 reports once we obtain them, security controls summary). For on-site audits during an active incident investigation, we'll accommodate on commercially reasonable terms.

Getting a signed DPA

Email privacy@marqeting.io with your entity name and we'll send a countersigned copy within 5 business days.