MARSYS

Privacy Policy

Last Updated: November 25, 2025

1. Introduction

MARSYS ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

As a company based in Switzerland, we comply with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union's General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for processing your personal data is:

MARSYS

Switzerland

Email: privacy@marsys.ai

For any questions regarding data protection or to exercise your rights, please contact us at the email address above.

3. Personal Data We Collect

When you use our contact form or interact with our website, we may collect the following categories of personal data:

3.1 Contact Form Data

  • Required Information: First name, last name, work email address, company name, and your message/use case description
  • Optional Information: Phone number, job title, company size, and industry

3.2 Automatically Collected Data

  • Technical Data: IP address, browser type, device information, and operating system
  • Usage Data: Pages visited, time spent on pages, referral source, and UTM parameters (for marketing attribution)
  • Timestamp: Date and time of form submission and website interactions

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and legal bases:

4.1 Responding to Your Inquiries

Purpose: To respond to your contact form submissions, schedule calls, and provide information about our services.

Legal Basis (GDPR): Legitimate interest (Article 6(1)(f) GDPR) and, where applicable, performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).

4.2 Service Improvement

Purpose: To improve our website, services, and user experience.

Legal Basis (GDPR): Legitimate interest (Article 6(1)(f) GDPR).

4.3 Marketing Attribution

Purpose: To understand how users find our website and measure the effectiveness of our marketing campaigns through UTM parameters.

Legal Basis (GDPR): Legitimate interest (Article 6(1)(f) GDPR).

4.4 Legal Compliance

Purpose: To comply with legal obligations, prevent fraud, and ensure security.

Legal Basis (GDPR): Legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR).

5. Data Recipients and Third-Party Services

We may share your personal data with the following categories of recipients:

5.1 Service Providers

  • Form Backend Services: We currently use Basin (usebasin.com) as a temporary solution to process contact form submissions and send email notifications. Basin acts as a data processor on our behalf.
  • Hosting Providers: Our website is hosted on Vercel, which may process technical data for hosting purposes.
  • Email Services: Email notifications are sent through Basin's email infrastructure.

5.2 Future Services

We plan to migrate to our own infrastructure, which may include:

  • Database providers (e.g., Supabase for PostgreSQL hosting)
  • Email delivery services (e.g., Resend for transactional emails)
  • Workflow orchestration services (e.g., Inngest)

All service providers are carefully selected and contractually bound to process data only according to our instructions and to maintain appropriate security measures.

6. International Data Transfers

Some of our service providers may be located outside Switzerland and the European Economic Area (EEA), particularly in the United States.

When we transfer personal data to countries without an adequacy decision from the EU Commission or the Swiss Federal Data Protection and Information Commissioner (FDPIC), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions for specific countries
  • Service providers' participation in recognized certification mechanisms

You have the right to request information about the safeguards we have in place for international data transfers by contacting us at privacy@marsys.ai.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact Form Data: We retain contact form submissions for up to 2 years from the date of submission, or until you request deletion, whichever comes first.
  • Communication Records: If we establish a business relationship, we may retain correspondence for the duration of the relationship plus any legally required retention period.
  • Technical/Usage Data: Automatically collected technical data is typically retained for up to 12 months for analytics purposes.

After the retention period expires, we will securely delete or anonymize your personal data unless we are required by law to retain it longer.

8. Your Rights

Under Swiss FADP and EU GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about the processing.

8.2 Right to Rectification

You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

8.4 Right to Restriction of Processing

You have the right to request restriction of processing your personal data in certain situations, such as when you contest the accuracy of the data.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@marsys.ai

We will respond to your request within one month (30 days). In complex cases, we may extend this period by an additional two months and will inform you of the extension.

9. Right to Lodge a Complaint

If you believe we have not processed your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority:

For Switzerland:

Federal Data Protection and Information Commissioner (FDPIC)

Website: www.edoeb.admin.ch

For EU/EEA:

Your local data protection authority in your EU member state

Find your authority: EDPB Members

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest where applicable
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Contractual obligations with service providers to maintain appropriate security

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

Our website currently uses minimal tracking technologies:

  • Essential Cookies: Necessary for the website to function properly (e.g., session management).
  • Analytics (if enabled): We may use analytics tools to understand how visitors interact with our website. If implemented, you will be able to opt-out of analytics tracking.

We do not currently use advertising or marketing cookies. If this changes, we will update this policy and implement appropriate consent mechanisms in accordance with Swiss and EU law.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@marsys.ai, and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Providing notice on our website homepage
  • Sending an email notification (if you have provided us with your email address)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

MARSYS - Data Protection

Email: privacy@marsys.ai

General Contact: hello@marsys.ai

Switzerland

Appendix: Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Data Controller

The entity that determines the purposes and means of processing personal data.

Data Processor

An entity that processes personal data on behalf of the data controller.

FADP

Swiss Federal Act on Data Protection (effective September 1, 2023).

GDPR

European Union General Data Protection Regulation (Regulation (EU) 2016/679).