Privacy Policy

1. Introduction

Marchi Technologies Limited ("we", "us", or "our"), a company registered in England and Wales under company number 17111359, with registered office at 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE, operates Marchi, a global architecture discovery application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our App or visit marchi.io.

Marchi Technologies Limited is the data controller for the personal data processed through the App.

By using the App, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

We are registered in the United Kingdom and comply with applicable global privacy laws including the UK GDPR, EU GDPR, the California Consumer Privacy Act (CCPA), and other applicable regional laws. Where local laws provide additional rights, those rights apply to users in those regions.

2. Information We Collect

2.1 Information You Provide

We may collect information you provide when you:

• Create an account (name, email address, username, profile picture, bio, optional social handles)
• Organise and share architectural content (lists of projects, marking projects as visited or saved, liking lists, following other users)
• Contact us for support or feedback

2.2 Information Collected Automatically

When you use the App, we automatically collect:

• Operating system (iOS or Android) and push notification token, so we can deliver notifications to your device
• Server logs: IP address and timestamps when your device makes requests to our API, retained for security and rate limiting
• Location data: approximate location (only if you grant permission) to show nearby architecture — see Section 5 for how this is processed
• Crash reports and stability data via Firebase Crashlytics to help us fix bugs

We do not currently use any analytics SDK that tracks features used, time spent, or individual actions within the App.

2.3 Information from Third Parties

If you sign in using a third-party account (such as Google or Apple), we may receive basic profile information (email address and name) from that service as permitted by their privacy policies.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the App and its features
• Personalise your experience and show relevant architectural content
• Enable location-based features such as discovering nearby buildings
• Send service-related notifications and updates
• Respond to enquiries and provide customer support
• Monitor and analyse usage trends to enhance performance
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations in applicable jurisdictions

4. Legal Basis for Processing

4.1 UK and EU Users (UK GDPR / EU GDPR)

We process your personal data under the following legal bases:

• Contract: to deliver the App's services as agreed when you create an account
• Legitimate interests: to improve our services, prevent fraud, and ensure security
• Consent: for optional features such as location access or marketing communications
• Legal obligation: where required by applicable law

4.2 California Users (CCPA)

If you are a California resident, we collect the categories of personal information described in Section 2. We use this information for the business purposes described in Section 3. We do not sell your personal information. Your CCPA rights are described in Section 9.

4.3 Other Jurisdictions

Where other regional privacy laws apply, we process your data in accordance with those laws. If you are unsure which laws apply to you, please contact us.

5. Location Data

The App may request access to your approximate device location to show architecture near you. Location access is entirely optional and can be enabled or disabled at any time through your device settings. Before your coordinates are sent to our servers, they are rounded to a grid of approximately 3 kilometres to further reduce precision. These approximate coordinates are used for the real-time request only and are not stored against your Marchi account.

6. User-Generated Content

When you contribute content to Marchi — such as photographs, reviews, ratings, or descriptions of buildings — that content may be publicly visible to other users worldwide. Please do not include personal information about yourself or others in publicly shared content. You retain ownership of content you create, but grant us a licence to display and use it within the App as described in our Terms & Conditions.

7. Sharing Your Information

We do not sell your personal information. We share limited data with the following service providers, each bound by a data processing agreement:

• Supabase (authentication and core database) — stores your account email and profile data
• Firebase by Google (Cloud Messaging for push notifications, Crashlytics for crash reports) — receives your device push token and crash diagnostics
• Mapbox (map tiles and rendering) — receives map tile requests when you use the map; telemetry is disabled
• Cloudflare R2 (image storage and delivery) — hosts project and profile images
• Google Sign-In and Sign in with Apple (optional authentication) — if you choose these sign-in methods

We may also disclose your data to:

• Legal authorities: if required by applicable law, court order, or to protect our legal rights
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity under equivalent protections

All third-party processors are required to handle your data in compliance with applicable privacy laws.

8. International Data Transfers

As a global app, your data may be transferred to and processed in countries outside your country of residence, including the United Kingdom and countries where our service providers operate. These countries may have different data protection laws than your own.

Where we transfer personal data from the UK or EEA to other countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission
• Adequacy decisions recognising equivalent data protection standards
• Other legally approved transfer mechanisms

By using the App, you acknowledge that your information may be transferred internationally as described in this policy.

9. Your Privacy Rights

9.1 UK and EU Users

Under UK GDPR and EU GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate or incomplete data
• Erasure: request deletion of your personal data ("right to be forgotten")
• Restriction: ask us to limit how we process your data
• Portability: receive your data in a structured, machine-readable format
• Object: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, withdraw it at any time

UK users may lodge a complaint with the Information Commissioner's Office (ico.org.uk). EU users may contact their local supervisory authority.

9.2 California Users (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used and shared
• Delete personal information we have collected about you
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your CCPA rights

To exercise your California rights, please contact us using the details in Section 15. We will respond within 45 days.

9.3 Other Regions

Users in other jurisdictions may have additional rights under local law. Please contact us to learn more about rights applicable in your region.

To exercise any of your rights, please contact us at team@marchi.io. You can also visit our Data Deletion page for account deletion instructions. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the App. You can delete your account in the app or follow the instructions on our Data Deletion page. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law. Specific retention periods may vary by jurisdiction.

11. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews. No method of internet transmission is 100% secure and we cannot guarantee absolute security.

12. Children

The App is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

13. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by posting a notice in the App or sending an email. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For any questions, concerns, or privacy rights requests, please contact us at team@marchi.io. We aim to respond to all enquiries within 30 days.

Marchi Technologies Limited
Company no. 17111359 (England and Wales)
82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE