Privacy Policy of Marbazzar

We prioritize your privacy and are committed to protecting it. This policy details the way we handle any personal data you share through our website (marbazzar.com) and the Marbazzar app. We, Marbazzar, Inc. [address] are the data controller of your personal data. We encourage you to review this policy carefully to fully understand our privacy practices.

Legal Basis for Processing Your Personal Data

Where the applicable law requires a legal basis for personal data processing, we rely on the following legal bases:

  • Execution of a contract with you. If you create a user account on Marbazzar, you enter into a contract with us. To provide you with our services, we need to process your data such as name, email address, facial features, and body measurements. Otherwise, providing you with our products and services would be impossible.
  • Consent. Where applicable and where the data protection laws require so, we process your data based on explicit users’ consent, such as when we use remarketing cookies with our EU users.
  • Legitimate interests. Sometimes we may rely on our business interests to process data, such as when we want to prevent fraud. When we rely on legitimate business interests, we ensure that your privacy rights and expectations do not override our interests.
  • Compliance with the laws, where necessary.

Our legal basis for processing specific categories of data depends on our processing purposes and the categories of data processed.

Why We Process Personal Data

We process various categories of personal data for the following purposes:

  • To perform a contract with you, such as when we provide you with a user account or a 3D avatar in the process of providing our products and services
  • Analyze users’ behavior on our website and app
  • Improve the user experience on our website and app
  • Serve you with relevant ads
  • Communicate with you and provide you with customer support
  • To train our AI model

Although you may be asked about your payment details when using our website and app, we do not process payment information. Your payment details will be processed by third parties such as Stripe, according to the strict international standards for payment processing. When you pay for anything on Marbazzar, we and the buyer do not get access to your payment details. Only the payment processor gets access to it.

The Categories of Personal Information We Collect

We process the following categories of personal data:

  • Name
  • Email address
  • Home address
  • IP address
  • Age and gender
  • Facial features
  • Body measurements
  • Browser information
  • Device information
  • Latitude and longitude
  • Browsing behavior
  • Usage data
  • Session statistics

We use each of these data categories for one or more specific processing purposes at a time.

How We Collect and Process Personal Data

We gather data in two ways:

1. Information you give us directly.

2. Information from third-party tools.

When you create a user account or when you reach out for technical support, you share some information with us. That's the data you directly provide. 

Besides this, we use tools from other companies to help run our website. These tools use cookies and similar trackers and collect data.

Processing Your Personal Data for AI Model Training

We provide buyers on our platform with the choice to build a 3D avatar for virtual try-ons. The avatar is created by our own AI model based on the photos and videos you voluntarily provide, as well as your body measurements and facial features.

The data is used to further refine the AI model by embedding the personal data into the model. It means that the body measurements and the facial features are melted into the AI model (embedded into it) and cannot be extracted back to identify a person or to be removed from the AI model.

Where the applicable laws, such as the consumer data privacy laws of the US states, require allowing users to opt out from the personal information processing, opt-out from the processing of the data embedded in the AI model may not be possible.

Where the applicable law, such as the EU GDPR and other similar laws, requires consent for such data processing, we process such data only upon users’ explicit consent.

With Whom We Share Personal Data

We use third-party service providers for some of the processing activities. These service providers are our contractors (in the GDPR called data processors).

Please note that our service providers only have access to your personal information to perform the tasks we have assigned to them, and they are obligated not to disclose or use it for any other purpose.

We vet all our service providers carefully and ensure that they are committed to Data Privacy Frameworks, where applicable.

We use the following service providers:

  • Mailchimp, for sending you emails. Mailchimp has access to your name and email address.
  • Google, for analyzing the usage of our website and app. It processes your IP address and information about your browser and device.
  • Amplitude Analytics, for analyzing the usage of our app. It has access to your device information and usage data.
  • Hotjar, for analyzing the usage of our website and app. It processes usage data.
  • Algolia, for analyzing the usage of our app. It processes usage data, device data, and user demographic data.
  • Firebase Analytics, for analyzing the usage of our website and app. It processes usage data, device data, and demographic data.
  • Appsflyer, for analyzing the usage of our app. It processes usage data, device data, and demographic data.
  • Meta, for serving you with relevant ads. We share with them your use of our website and app so that they can serve you with relevant ads.
  • Bytedance, for serving you with relevant ads. We share with them your use of our website and app so that they can serve you with relevant ads.
  • Amazon Web Services and Google Firebase, where we store our website and our app.

We do not share users’ facial features and body measurements with any third party. They are part of our proprietary AI model stored on Amazon Web Services and Google Firebase encrypted servers.

Data Retention

The data retention period for each data category depends on the purpose of the processing of the data and varies.

We make decisions on data retention as follows:

  • We store the user account data until account deletion
  • 3D avatar data is stored until modification or deletion of the user account
  • We store website or app visitor data for 90 days
  • User actions data are stored for one year

User Privacy Rights

If you are an EU user, or user from another region, country, or state with a comprehensive data protection law that grants data subject rights, you may have the following data subject rights:

  • The right to access your data
  • The right to update or correct your data
  • The right to object to the use of your data
  • The right to restrict the use of your data
  • The right to transfer your data to another data controller
  • The right to the erasure of your data
  • The right to withdraw consent
  • The right to lodge a complaint to the relevant data protection authority

How can you exercise your rights as the owner of personal information

If you would like to exercise your rights under the GDPR or another data protection law, you may submit your requests to us through the following channels:

[channels]

Keep in mind, that we might ask you to confirm who you are before we answer your request. This is to keep your personal information safe. 

Remember, you can also raise concerns with a Data Protection Authority about how we handle your data. To learn more, reach out to your local data protection agency.

Location and Transfer of Your Personal Information

We store the personal data on our servers in the United States.

We also use third-party service providers, such as Mailchimp, Google, Meta, and others. These providers transfer the personal data to the United States for processing purposes.

However, both Marbazzar and its US service providers are certified under the EU-US Privacy Framework to ensure safe international data transfers of EU users’ data.

Our Data Privacy Frameworks Commitment

Marbazzar is committed to complying with the EU-US Data Privacy Framework, the UK-US Data Privacy Framework, and the Swiss-US Data Privacy Framework. 

Please note that we, as a US company, are required by law to disclose your personal information in response to a lawful request by public authorities. In case we disclose such data to authorities and you are not satisfied with our actions, you have the right to a free dispute resolution through the EU Data Protection Review Court, the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC). You can submit the complaint through your national data protection authority.

You can also submit a complaint directly to us, by [email/web form]. We are obliged to respond to your complaint within 45 days from the day of submission.

If your case is not resolved through the available redress mechanisms, we are committed to a binding arbitration upon your request.

The US Federal Trade Commission is competent for the enforcement of the DPF Principles.

Security of Your Personal Data

We implement technical and organizational measures sufficient to ensure that your personal information is secure. We also ensure that our service providers implement appropriate measures to keep the data safe.

Your user account data, including facial features and body measurements, are kept safe on our servers with AES256 encryption. However, you also have to ensure that you keep the data safe by implementing a strong and unique password that you keep confidential and not use on shared devices.

Children’s Data

Marbazzar is not intended for persons below the age of 18. We do not collect children’s data knowingly.

If you become aware that we have collected your child’s data without knowing, please contact us and we will delete it as soon as possible.

Changes to the Privacy Policy

Occasionally, we might make changes to this Privacy Policy. When we do, we'll refresh the "last updated" date at the beginning of the policy. If there are significant changes, we'll let you know—whether it's on our website, through a blog post, an email, or any other way we see fit. 

Contact Us

For any inquiries regarding privacy, contact us at [email protected].

Like Ama’z son but real.
© marbazzar 2024