Privacy Policy

This Privacy Policy describes how Marcelo (the “Service”, operated by Maciej Stopa, sole proprietor, NIP <REPLACE_WITH_NIP>, registered in Poland) collects, uses, and shares information about you when you use the Marcelo mobile application or visit marcelo-app.com.

1. Information we collect

We collect the minimum needed to run the Service:

• Account data — your email address (used to sign in and receive transactional emails) and a Cognito user ID. Provided when you create an account.
• Profile data — your selected interests, topics, favourite creators, language, timezone, and digest delivery time. Provided when you complete onboarding.
• Reaction data — your “interesting” / “boring” reactions on individual items in your daily brief. Used to calibrate future briefs.
• Device data — when you opt in to push notifications, we store an Expo push token. We do not collect IP addresses, device identifiers for tracking (IDFA / GAID), or analytics events.
• Subscription data — we receive purchase events (purchase, renewal, cancellation, refund) from RevenueCat, Apple App Store, and Google Play. We do not see your payment method or card details.

2. Information we do not collect

• We do not show ads.
• We do not run analytics SDKs (Google Analytics, Mixpanel, Segment, Amplitude, Firebase Analytics, etc.).
• We do not sell, share, or rent your data to advertisers, data brokers, or AI training services.
• We do not read your contacts, location, camera, microphone, or files.

3. How we use your information

• Run your brief — your profile and reactions feed into the daily content generation pipeline, which runs on Amazon Web Services (eu-central-1, Frankfurt).
• AI processing — your profile attributes (interests, topics, language) and the titles + URLs of your reactions are passed to AWS Bedrock (Claude) and Tavily (web search) to generate your personalised brief. We do not send your email address or any other personal identifier to these services.
• Transactional emails — Amazon SES sends sign-in verification codes, password reset codes, and subscription receipts from noreply@marcelo-app.com.
• Subscription — RevenueCat verifies your purchase against Apple / Google and emits webhooks to our backend.

4. Data retention and deletion

You can delete your account at any time from Settings → Account → Delete account. Deletion is immediate and cascades through all our tables (account, digests, reactions, bookmarks). Backups containing your data are purged within 35 days.

5. Your rights under GDPR (if you are in the EU)

You have the right to access, correct, port, and delete your data. To exercise these rights, email privacy@marcelo-app.com. We respond within 30 days.

6. International data transfers

Marcelo runs in Frankfurt (eu-central-1). Three subprocessors operate outside the EU:

• RevenueCat, Inc. (USA) — subscription state. SCCs in place.
• Anthropic, PBC (USA, via AWS Bedrock) — AI summarisation. Data does not leave AWS infrastructure for AWS Bedrock.
• Tavily AI (USA) — web search. Only search queries (no personal data) are sent.

7. Children

Marcelo is not directed at children under 13. We do not knowingly collect data from anyone under 13.

8. Changes to this policy

We will post any changes here with an updated “Last updated” date. If changes are material, we will email you at the address associated with your account at least 30 days before the change takes effect.

9. Contact

Privacy questions: privacy@marcelo-app.com General contact: hello@marcelo-app.com Mailing address: <REPLACE_WITH_JDG_ADDRESS>