Platform Privacy Policy

1. Introduction

This Privacy Policy describes how MarStack (the “Platform”), operated by PawSites, LLC (“MarStack,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you use our website, public marketing tools, and registered account features at marstack.com and related subdomains.

MarStack provides on-demand marketing attribution diagnostics, including Site Audit scans, Stack Editor, Attribution Map (Google Analytics integration), and optional business workspace features for organizations that subscribe to the Platform.

By using the Platform, you agree to this Policy. If you do not agree, do not use the Platform.

2. Information We Collect

2.1 Account and profile information

If you register or sign in, we may collect:

• Name, email address, and password (stored using industry-standard hashing)
• Business or organization name and workspace settings
• Authentication and security data (for example, MFA configuration, session identifiers, and trusted-device tokens)
• Billing and subscription information processed by our payment provider (we do not store full payment card numbers)

2.2 Site Audit and diagnostic inputs

When you run a Site Audit (including limited guest audits), we process the URL or domain you submit, optional cookies or parameters you provide for authenticated scans, and technical results from our analysis (for example, tag detection, campaign parameters, form and phone findings, and related metadata). Do not submit URLs for sites you are not authorized to test.

2.3 Google Analytics and Attribution Map

If you connect a Google account, we receive and store OAuth tokens and the Google Analytics property you select so we can display reporting in Attribution Map. We request only the scopes needed for that integration. Google’s use of information is also governed by Google’s Privacy Policy.

2.4 Stack Editor

Stack Editor data you build in the browser may be stored locally on your device (for example, in browser storage) unless you export it or save it through a logged-in workspace feature. We do not receive that local data unless you explicitly submit or sync it to our servers.

2.5 Contact and support

When you use our contact form or email us, we collect the information you provide (such as name, email, topic, message, and optional context about the tool you were using).

2.6 Workspace and client data (business accounts)

Organizations that use workspace features may store operational data in the Platform (for example, team members, documents, calendars, or industry-specific records). In those cases:

• The organization is generally the controller of data about its staff and end clients.
• MarStack processes that data on the organization’s instructions to provide the service.
• Where applicable law requires additional safeguards (including HIPAA for protected health information), we implement contractual and technical measures described in our agreements with those clients.

2.7 Technical and usage information

• IP address, browser type, device identifiers, and operating system
• Pages viewed, features used, timestamps, and referral sources
• Server and application logs used for security, debugging, and abuse prevention
• Cookies and similar technologies (see Section 8)

3. How We Use Information

We use information to:

• Provide, operate, and improve Site Audit, Stack Editor, Attribution Map, and account features
• Authenticate users, enforce access controls, and protect against fraud and abuse
• Process subscriptions and communicate about your account
• Respond to support requests and product feedback
• Comply with law and enforce our Terms of Service
• Generate aggregated or de-identified analytics to understand product usage

4. Legal Bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (providing the Platform); legitimate interests (security, product improvement, and communications that are not marketing); consent (where required, for example certain cookies or optional integrations); and legal obligation.

5. How We Share Information

We do not sell your personal information. We may share information with:

• Service providers that host infrastructure, send email, process payments, or support analytics—under contracts that limit use to providing services to us
• Google when you connect Google Analytics or sign in with Google
• Professional advisors (lawyers, accountants) under confidentiality obligations
• Authorities when required by law or to protect rights, safety, and security
• Business transfers in connection with a merger, acquisition, or asset sale, with notice where required by law

Workspace administrators may access data within their organization according to role permissions you or they configure.

6. Data Security

We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the data, including encryption in transit (TLS), encryption of selected fields at rest, access controls, audit logging for sensitive workflows, and multi-factor authentication options for workforce accounts when enabled. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as needed to provide the Platform, meet legal obligations, resolve disputes, and enforce agreements. Guest audit records and diagnostic history may be retained for a limited period to enforce usage limits and improve the service. You may request deletion of account data subject to applicable law and backup cycles.

8. Cookies and Similar Technologies

We use cookies and local storage for session management, preferences, security, and product functionality. You can control cookies through your browser settings; some features may not work if essential cookies are disabled.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. You may withdraw consent where processing is consent-based. To exercise rights, contact us at info@marstack.com. We may verify your identity before responding.

California residents may have additional rights under the CCPA/CPRA. We do not sell personal information as defined by California law.

If your data is held in a business workspace, contact your organization’s administrator first; we will assist them as required by our agreement and applicable law.

10. International Transfers

We are based in the United States. If you access the Platform from other regions, your information may be processed in the U.S. or other countries where we or our providers operate, with appropriate safeguards where required.

11. Children

The Platform is not directed to children under 16, and we do not knowingly collect personal information from them. Contact us if you believe we have collected such information so we can delete it.

12. HIPAA and Protected Health Information

MarStack’s primary public tools focus on marketing attribution diagnostics. Some workspace customers may use optional modules involving protected health information (PHI). Where we process PHI on behalf of a covered entity or business associate, we do so only under applicable Business Associate Agreements and HIPAA Security and Privacy Rules. Clients are responsible for determining whether their use involves PHI and for obtaining necessary consents and notices to their patients or clients.

13. Changes to This Policy

We may update this Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate.

14. Contact Us

Questions about this Policy or our privacy practices:

• Email: info@marstack.com
• Operator: PawSites, LLC (MarStack)