Skip to content

// Your data. Your business.

PRIVACY POLICY

We built Marapone around the principle that your data belongs to you. This policy explains what we collect when you visit this website or engage us as a client, and — importantly — what we do not collect and why.

Effective date: January 1, 2026  ·  Last updated: June 2026  ·  Marapone Contracting Inc. (Canada)

The core of our privacy model: the AI systems we build for clients run entirely on your own hardware. The documents you hand us for a client build — blueprints, trade documents, freight invoices, daily logs — are processed locally on our build hardware, never passed through external AI APIs, and deleted on delivery. Private AI means private AI.

One exception to be transparent about: the optional tools on this website — the live demo and the file-upload field on our contact form — do process the file you choose to send through cloud infrastructure (for hosting, malware scanning, and short-term quarantine) so we can run the demonstration or safely receive your attachment. These website tools are entirely optional, and exactly what happens to those files is described in sections 03 and 04 below.

01 — Controller

WHO IS RESPONSIBLE FOR YOUR DATA

The data controller for personal information collected through this website and our services is:

Marapone Contracting Inc.

Canada & Italy  ·  Operating globally

general@marapone.com

info@marapone.com

support@marapone.com

invoices@marapone.com

If you are located in the European Union or the United Kingdom, your data is handled in accordance with GDPR and UK GDPR respectively. If you are located in Canada, your data is handled in accordance with PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable provincial privacy legislation.

02 — Website Data

WHAT WE COLLECT WHEN YOU VISIT THIS SITE

When you browse this website, we collect minimal technical data to keep the site functioning:

  • Server logs: IP address, browser type, pages visited, and timestamps. These are standard logs kept by web servers. They are not tied to your identity and are retained for up to 30 days for security purposes only.
  • Cookies: We use a minimal number of functional cookies required for the site to operate correctly, plus Google Analytics cookies for aggregate traffic measurement. No advertising or behavioural tracking cookies are used. See our Cookie Policy for full details.
  • Bot & spam protection: Our demo and forms are protected by Cloudflare Turnstile, a privacy-focused alternative to CAPTCHA. To tell humans from bots, Cloudflare receives your IP address and basic browser signals. Turnstile does not use tracking cookies and is not used to profile or advertise to you.
  • Hosting & analytics: This site is hosted on Vercel, which also provides privacy-friendly, cookieless aggregate traffic analytics (Vercel Analytics). Standard hosting logs apply as described above.

We use Google Analytics (GA4) to measure aggregate site traffic — page views and visitor counts. Google Analytics cookies do not identify you personally and are not used for advertising or behavioural profiling. We do not use Facebook Pixel or any other advertising or surveillance tools. We do not build advertising profiles. We do not sell or share visitor data with any third party.

03 — Contact & Enquiry Data

WHEN YOU CONTACT US OR SUBMIT AN ASSESSMENT REQUEST

When you submit a contact form, assessment request, or email us directly, we collect the information you provide, which typically includes:

  • Your name and business name
  • Your email address and phone number (if provided)
  • Your message, project description, or document(s) submitted for assessment
  • Your industry and location (if you choose to share these)

Purpose: This information is used solely to respond to your enquiry, conduct the requested assessment, and, if you engage us, to manage your project. We do not add you to marketing lists without your explicit consent.

Retention: Enquiry data from contacts who do not become clients is retained for up to 12 months and then securely deleted. Project-related communications with clients are retained for up to 3 years for contractual and legal compliance purposes.

If you attach a file to the contact form: So we can receive your attachment safely, the file is handled by a small number of processors before it reaches us:

  • Malware scanning (VirusTotal): The file is scanned for malware via VirusTotal before we open it. Be aware that files submitted to VirusTotal may be retained and shared within VirusTotal's security community — so please do not attach highly confidential documents through the website form. For sensitive material, we will arrange a private, locally-handled channel instead.
  • Short-term quarantine (Supabase): The file is stored in an access-controlled quarantine bucket (Supabase Storage) and made available to us via a private link that expires automatically after 7 days, after which it is removed from quarantine.
  • Spam filtering (Akismet): Discovery and enquiry submissions are checked for spam using Akismet, which receives the submitted text, email, and IP address for that check only.

Note: this website file handling is separate from how we treat documents during a paid client build. Client build materials are processed locally and are never sent to VirusTotal, Supabase, or any cloud AI service — see section 05.

04 — Live Demo Tool

WHEN YOU USE THE LIVE DEMO

The website offers an optional live demo where you can upload a sample document (PDF, CSV, TXT, or JSON, up to 5 MB) and our document-intelligence engine analyses it in real time. Here is exactly what happens to your data:

  • Your file is processed in memory only. It is sent to our serverless function, analysed deterministically, and discarded when the request ends. It is not stored, logged, or retained, and it is never sent to any external or third-party AI service.
  • Email (optional): To unlock the full results, you may enter an email address. We use it to notify our team of your interest (a sales lead) and to follow up. The notification records your email, which demo tool you used, the file name, and the summary risk score — not the file's contents. We do not add you to marketing lists without consent.
  • IP address & bot check: Your IP address is used temporarily to enforce rate limits (to prevent abuse), and a Cloudflare Turnstile check is performed before processing.

Because the demo runs on cloud infrastructure (unlike a delivered client build), please use sample or non-sensitive documents in the demo. The first finding is shown in full; the rest of the results are redacted server-side until you engage us for a private build.

05 — Client Project Data

YOUR BUSINESS DOCUMENTS & PROJECT MATERIALS

Documents you share with us for model training or assessment are processed exclusively on Marapone's secure, locally-operated hardware. They are never uploaded to third-party cloud services, never passed through external AI APIs, and never stored beyond the duration of your project.

Specifically:

  • Your blueprints, RFI logs, daily reports, trade documents, and freight invoices are processed locally on our build hardware.
  • No document content is transmitted to OpenAI, Anthropic, Google, AWS, or any other cloud provider in the course of building your system.
  • Upon delivery of your project, all copies of your documents held by Marapone are permanently deleted from our systems.
  • The AI system we deliver to you runs on your own hardware. From that point forward, your data never touches Marapone's infrastructure.

If we engage an NDA prior to receiving your materials (which we recommend for sensitive projects), those obligations apply in addition to and independently of this Privacy Policy.

06 — Third Parties

WHO WE SHARE DATA WITH

We do not sell personal data. We do not share personal data with advertising networks, data brokers, or marketing platforms.

To operate this website and our services, we rely on a short list of reputable service providers (sub-processors), each handling only the data needed for its specific function:

Provider Purpose Data handled
VercelWebsite hosting & cookieless analyticsServer logs, IP, aggregate traffic
Google AnalyticsAggregate traffic measurementPseudonymous usage data, cookies
Cloudflare TurnstileBot/abuse protection on demo & formsIP, browser signals (no tracking cookies)
ResendTransactional & notification email deliveryName, email, message content
Supabase7-day quarantine of contact-form file uploadsUploaded file (temporary)
VirusTotalMalware scanning of uploaded filesUploaded file & its hash
AkismetSpam filtering of form submissionsSubmitted text, email, IP
Cal.comDiscovery-call scheduling (where offered)Name, email, booking details
Payment processorInvoice payment (clients only)Handled by your bank/card network; we don't store card data

We may also disclose information to legal or regulatory authorities if required by law or court order, and will notify you to the extent permitted by law if such a request is received. Client build documents are not shared with any of the sub-processors above — they are processed locally as described in section 05.

07 — Your Rights

YOUR DATA RIGHTS

Depending on your location, you may have the following rights regarding personal data we hold about you:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate data we hold about you.

Right to erasure

Request deletion of your personal data, subject to legal retention obligations.

Right to object

Object to processing of your data for marketing purposes (we don't market to you without consent anyway).

Right to portability

Receive your personal data in a structured, machine-readable format.

Right to withdraw consent

Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email general@marapone.com. We will respond within 30 days. We do not charge a fee for reasonable requests.

08 — Security

HOW WE PROTECT YOUR DATA

We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. Our development hardware is physically secured, access-controlled, and not exposed to public networks during client builds.

No method of transmission or storage is 100% secure. If a data breach occurs that is likely to result in risk to your rights, we will notify you and relevant supervisory authorities within the timeframes required by applicable law.

09 — International Operations

CROSS-BORDER DATA HANDLING

Marapone operates from Canada and Italy. If you are located in the European Economic Area (EEA) or the United Kingdom and we process your personal data, that data may be transferred to and processed in Canada. Canada is recognised by the European Commission as providing an adequate level of data protection for commercial organisations under PIPEDA.

We do not transfer client document data internationally. Project documents are processed on local hardware in whichever office is managing your build, and deleted upon project delivery.

10 — Changes

UPDATES TO THIS POLICY

We may update this Privacy Policy as our services evolve or legal requirements change. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated to active clients by email.

// Privacy questions or requests

CONTACT US

For any privacy-related questions, data requests, or concerns, contact us directly. You will reach the people who actually run the company — not an automated system or third-party privacy service.

general@marapone.com

Marapone Contracting Inc.  ·  Canada & Italy  ·  Operating globally