Last updated: 6 March 2026
Account data: Email address and hashed password via Supabase Auth. Google profile data if you sign in with Google OAuth.
Application data: Events, tasks, calendars, notes, files, and board objects you create within the app.
Usage analytics: Feature usage events to improve the service. No personal content is included in analytics.
Payment data: Processed by Stripe. We store your Stripe customer ID but never see your card details.
Your data is used solely to provide the MARV service: displaying your calendar, generating AI suggestions, syncing with CalDAV providers, and processing payments.
Supabase: Database hosting and authentication (EU region).
Stripe: Payment processing.
Anthropic: AI processing. Your queries are sent to Anthropic's API and are not used to train their models.
OpenAI: Optional voice transcription via Whisper API.
Vercel: Application hosting.
Your data is retained as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Anonymised analytics may be retained.
Export: Download all your data as JSON via your account settings.
Delete: Permanently delete your account and all associated data via your account settings.
Access: View all data MARV holds about you through the application interface.
MARV uses a single session cookie managed by Supabase Auth to keep you signed in. We do not use tracking cookies or third-party advertising cookies.
All data is encrypted in transit (TLS) and at rest. Credentials are encrypted with AES-256-GCM. We follow industry best practices for data security.
For privacy enquiries, contact privacy@marv.so.
Data controller: Applied Research Division Ltd, registered in England and Wales.