Who this policy covers
This policy applies to visitors and readers who use the Site, including people who browse anonymously and people who create an account or sign in with email.
Information we collect
We collect information in the following ways:
- Account and authentication. If you choose to sign in (for example via a magic link sent to your email), our authentication provider processes your email address and session tokens. A profile may be created or updated to match your account.
- Profile and lead information. If you submit a form (such as a diagnostic lead capture or profile fields), we collect the fields you provide—for example name, email, role, or custom answers—as permitted by the form and your consent at collection.
- Diagnostic and workbook inputs. Answers you submit in interactive flows (such as a diagnostic quiz or guided plan sections) may be stored so we can generate your readout or saved plan content and, when you are signed in, persist that output to your account.
- Generated outputs. Results such as Growth Leak results, summaries, or structured recommendations may be stored with your account when you use sign-in features designed to retain your work across devices.
- Support and “Talk to Marni” requests. If you submit an inquiry form, we collect the information you enter so we can respond. We may send a short confirmation email to the address you provide.
- Device storage (local). Some experiences save drafts or preferences in your browser (for example local storage) so you can continue on the same device before or without signing in. You can usually clear this data through your browser settings or in-site controls where offered.
- Technical and security data. Like most websites, hosting and infrastructure providers may automatically log technical data such as IP address, device type, browser type, and timestamps when you use the Site. Our primary application database and authentication processing are provided by Supabase (or a successor processor you configure for your deployment).
How we use information
We use information to:
- Provide, operate, and improve the Site and its interactive features;
- Authenticate you, maintain your session, and save content you choose to associate with your account;
- Generate and display personalized outputs (such as Growth Leak results or recommended next steps);
- Respond to inquiries and provide support;
- Protect the security and integrity of the Site, detect abuse, and comply with law;
- Measure product usage in a privacy-respecting way where enabled (for example aggregated or de-identified analytics, or development-only diagnostics—not a substitute for your own analytics disclosures if you add them).
Legal bases (where applicable)
Depending on where you live, privacy law may require a “legal basis” for processing. We rely on appropriate bases such as: your consent (where we ask for it), performance of a contract or pre-contract steps at your request, legitimate interests in operating and securing a reader companion (balanced against your rights), and compliance with legal obligations.
Sharing and processors
We do not sell your personal information as a standalone product. We share information with service providers (“processors”) who help us run the Site—for example cloud hosting, authentication, and database services. Those providers process data under instructions and contractual terms consistent with their role. If you deploy this codebase yourself, your organization is responsible for the processors you select and the agreements you sign with them.
Retention
We retain information for as long as needed to provide the Site, comply with law, resolve disputes, and enforce agreements. Account-linked records typically persist until you delete your account or ask us to delete eligible data, subject to legal exceptions. Local browser data persists until you clear it or it expires.
Security
We use reasonable administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Your choices and rights
Depending on your location, you may have rights to access, correct, delete, or export certain personal information, and to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the email below. We may need to verify your request.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended, may grant you additional rights (including the right to know, delete, and correct, and to opt out of certain “sharing” beyond traditional sales). We describe categories of information above; ask us if you need a California-specific notice tailored to your deployment.
Children
The Site is not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.
International users
If you access the Site from outside the country where servers are located, your information may be processed in that country or other countries where service providers operate. Those countries may have different data protection laws than your own.
Changes to this policy
We may update this policy from time to time. We will post the updated version on this page and adjust the effective date. If changes are material, we will provide additional notice as required by law.
Contact
Questions about this policy or your data: Contact
