Privacy Policy
Privacy Policy for Mara
This Privacy Policy explains how Compiler Inc. ("Compiler," "we," "our," "us") collects, uses, and protects information when you use Mara, our voice-first service that helps you manage email, calendar events, and related tasks hands-free.
What Data Mara Collects
We collect only what we need to deliver and improve the service. Most fields are optional.
| Category | Examples | Why We Need It |
|---|---|---|
| Account Basics | Email address (required); Apple ID if you sign in with Apple | Authenticate you and send essential notices |
| Profile Details | LinkedIn URL you provide & public profile data | Build a private profile so Mara understands your role and priorities |
| Email Content | Headers, body text, labels, metadata (never stored — processed transiently only) | Triage missed messages, summarise threads, draft replies, delete unwanted mail |
| Contacts | Names, email addresses, phone numbers | Ensure commands like "Email Bill" reach the right person |
| Calendar Events | Titles, times, attendees, descriptions | Create, modify, and summarise meetings on request |
| Slack Data | Workspace and channel IDs you connect; messages you forward | Post summaries or drafts into Slack as instructed |
| Voice Audio | Microphone input while you speak to Mara | Convert speech to text, understand commands (audio deleted after transcription ≤ 30 days) |
| Device & Usage | App version, device UUID, crash logs, timestamps | Maintain reliability, debug problems, improve performance |
Email Data Processing
We never store your email data. When you make a request through Mara, we call the Gmail and Google Calendar APIs to retrieve the necessary information, which is then transmitted directly to OpenAI for AI processing on a pass-through basis. This AI processing enables Mara to provide personalized email management services including triaging messages, summarizing email threads, drafting replies, and organizing your inbox based on your specific needs and preferences.
Your email content flows through our system transiently and is never persisted or stored in our databases. We have no mechanism to retain email data — it exists only during the brief moment of processing your request. All AI processing of your Gmail data is performed solely to deliver personalized email management services to you as the individual user.
Google APIs Limited Use Compliance
Mara's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Limited Use Restrictions: We strictly comply with Google's Limited Use requirements, which means:
- We do not use, transfer, or sell user data received from Google Workspace APIs to create, train, or improve any foundational machine learning or AI models
- This prohibition applies to both raw user data and any aggregated, anonymized, or derived data from Google API scopes
- All Gmail and Google Calendar data accessed through Google APIs is used exclusively to provide personalized email management services to you as the individual user
- Your Google data is processed only for the specific purpose of delivering Mara's email assistant functionality and is never used to benefit other users or improve general AI capabilities
We access your Gmail data through Google's official APIs solely to enable Mara's core functionality: helping you manage your inbox through voice commands, email summarization, draft composition, and intelligent organization — all tailored specifically to your individual needs and preferences.
How We Protect Your Data
All traffic is encrypted in transit with HTTPS/TLS. Data at rest is encrypted in a Supabase Postgres database located in the United States. Production access is limited to authorised personnel under strict least-privilege rules. We conduct regular security reviews and penetration tests.
What Mara Does Not Do
- We never sell or rent your personal data.
- We do not use your data for third-party advertising or marketing.
- We do not use your Gmail or Google Calendar data to train, create, or improve machine learning or AI models — your data serves only your individual email management needs.
- We share data only with subprocessors essential to deliver the service (see below).
Service Providers We Rely On
Each provider below is bound by strong privacy and security obligations:
- Apple — Sign-in with Apple (policy)
- Google — Email & calendar APIs (policy)
- Slack — Message delivery (policy)
- OpenAI — Natural-language processing (policy) — data deleted ≤ 30 days, not used to train public models
- Supabase — Encrypted database & storage (policy)
- Cloudflare — Edge infrastructure & DDoS protection (policy)
- Amplitude — Product analytics (policy)
Your Rights and Control
You may access, correct, export, or delete your personal data at any time in the app settings or by contacting us at support@getmara.app. Verified deletion requests are fulfilled within 30 days except where retention is required by law. Under GDPR, CCPA, and similar laws, you may also object to processing or lodge a complaint with a supervisory authority.
Children's Privacy
Mara is not directed to children under 16, and we do not knowingly collect their data. If you believe we have done so, contact us for deletion.
International Users and Data Transfers
Mara operates from the United States. By using the app from outside the U.S., you consent to the transfer of your information to the U.S. or other jurisdictions whose data-protection laws may differ.
Changes to This Policy
We will notify you in-app or via email before making material changes to how we use your data.
- June 02 2025: Initial version for Mara.
Contact Us
For privacy questions or concerns, email support@getmara.app.