Privacy Policy

At Marloo, we take privacy and data security seriously.

1. Introduction

Marloo Limited (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and share personal information through Marloo, ensuring your data is handled responsibly and securely. By using Marloo, you agree to the terms of this policy.

2. Scope & Legal Compliance

This policy is governed by and designed to comply with:

  • New Zealand Privacy Act 2020

  • Australian Privacy Principles (APPs)

  • General Data Protection Regulation (GDPR)

  • California Consumer Privacy Act (CCPA) and other US privacy laws

We may update this policy as legal requirements evolve, so we encourage you to review it periodically.

3. Information We Collect

We collect various types of personal and client-related information to provide Marloo’s services, which may include but are not limited to:

  • Personal Identifiers: Name, contact details, and organisation affiliation.

  • Client Financial & Professional Information: Information related to professional activities, financial circumstances, personal situations, and other content shared during recorded meetings.

  • Technical Data: Device information, browser details, and other online identifiers necessary for functionality and security.

Given the nature of Marloo as a meeting recording tool, any information discussed in a meeting, including sensitive client data, may be collected and processed.

4. How We Use Your Information

We use the information we collect for:

  • Service Delivery: To provide and maintain Marloo’s core functions, including transcription of meetings, generation of summaries, and compliance support.

  • Communications: To support customer queries, provide updates on Marloo features, and deliver legal notices.

We do not use adviser-client-specific information for product improvement, development, or any other purpose that falls outside the scope of providing Marloo’s core services.

5. Data Ownership & Control

You retain full ownership of all personal and client data shared with Marloo. We only process your data in accordance with your instructions and legal obligations. You have the right to access, update, or request deletion of your data at any time by contacting compliance@gomarloo.com.

6. Data Sharing & Third-Party Processors

Your data may be shared with third-party processors to support Marloo’s services. These include cloud service providers, AI tools for transcription, and other technology partners. All third parties comply with relevant privacy regulations and are vetted to meet Marloo Limited’s data security standards.

Marloo Limited ensures that all cross-border data transfers, including processing in jurisdictions like the US and EU, are compliant with privacy regulations such as GDPR, CCPA, the New Zealand Privacy Act 2020, and the Australian Privacy Principles (APPs).

7. Data Retention & Right to be Forgotten

We retain your personal data only as long as necessary to provide services or as required by law. If you request deletion, we will:

  • Securely Delete Data: Data will be removed from our active systems, and any backups will be destroyed within 30 days (subject to the capabilities of third-party providers).

  • Right to Access & Correct: You have the right to access your personal information and correct any inaccuracies.

To make a request regarding your data, please contact compliance@gomarloo.com.

8. Data Security Measures

Marloo Limited takes the security of your data seriously. We implement technical and organisational measures to protect against unauthorised access, disclosure, and loss of data, including:

  • Encryption: All data at rest is encrypted using AES-256 encryption. Data in transit is protected by TLS 1.2/1.3 protocols.

  • Access Controls: We enforce Multi-Factor Authentication (MFA) for system access and maintain a role-based access structure with super-admin and master privileges as required.

  • Audit Trails & Monitoring: Access logs are retained for a minimum of one year and regularly reviewed for compliance and security monitoring.

9. Use of AI & Data Ethics

Marloo utilises third-party AI tools for transcription, summarisation, and other features. We ensure that:

  • No AI Training with Client Data: Your data will not be used to train AI models.

  • Accuracy Assurance: While our AI aims for high accuracy, users are responsible for validating AI-generated outputs before use.

  • Ethics & Bias Mitigation: AI bias and ethical reviews are conducted on artificially generated data only, ensuring fairness and reliability without using real client data.

10. Data Breach & Incident Response

In the event of a security incident or data breach:

  • Breach Notification: Marloo Limited will notify affected users within 72 hours of detection, in line with GDPR requirements.

  • Incident Management: We have procedures in place to identify, contain, and remediate security issues. For any concerns regarding data security, please contact compliance@gomarloo.com.

11. Cookies & Tracking Technologies

Marloo may use cookies and similar tracking technologies to enhance user experience, provide security, and improve our services. You may manage or disable cookies through your browser settings. A detailed cookie policy will be provided where applicable.

12. Updates to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or other factors. We will notify users of significant updates through email or via Marloo.

Document Information

  • Date: 26 September 2024

  • Version: 1.0

  • Author: Shakeel Lala, Compliance Manager, Marloo Limited

  • Contact: compliance@gomarloo.com