Privacy Policy
How MachenTagar Research Institute LLC collects, uses, and protects your information
Introduction
This Privacy Policy describes how MachenTagar Research Institute LLC (operating as "MARKSMAN," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use the MARKSMAN platform accessible at getmarksman.ca (the "Platform").
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein. If you do not agree, you must discontinue use of the Platform immediately.
Canadian clients are additionally invited to review our PIPEDA Compliance Statement, which sets out how we comply with Canada's Personal Information Protection and Electronic Documents Act.
Who We Are
Data Controller: MachenTagar Research Institute LLC, a Wyoming limited liability company, is the data controller for personal information collected through the Platform.
IP Licensor: The Platform's underlying intellectual property is owned by MachenTagar IP Inc., a Canadian federal corporation. MachenTagar IP Inc. does not independently collect or process your personal information for its own purposes.
Contact: All privacy-related inquiries should be directed to [email protected].
Information We Collect
We collect the following categories of information:
| Category | Examples | Source |
|---|---|---|
| Account Information | Name, email address, business name, phone number, mailing address, billing address, account credentials | Provided directly by you at signup |
| Billing and Payment Metadata | Subscription tier, payment history, invoice records, Revenue Share reconciliation data | Generated through Platform use and Stripe |
| Platform Usage Data | Feature usage patterns, login timestamps, session duration, dashboard interactions, API call metadata | Automatically collected through Platform infrastructure |
| Technical Data | IP address, browser type and version, operating system, device identifiers, referral URL | Automatically collected by Cloudflare and server infrastructure |
| Communications | Support emails, chat messages, feedback, dispute correspondence | Provided directly by you |
| Stripe Payment Data | Stripe Connect account identifiers, transaction metadata, payout records | Provided by Stripe pursuant to the Stripe Connect integration |
| Encrypted Client Content | Documents, invoices, financial records, client records, receipts, appointment data — stored in AES-256-GCM encrypted form | Submitted by you through Platform features |
3.1 Client's Customer Data. In the course of using the Platform, you may submit personal information about your own customers (such as names, contact details, and payment information) to the Platform's CRM and invoicing features. This data is stored in encrypted form as Client Content. You are the data controller for your customers' personal information; we process it only on your behalf and at your direction as a data processor.
3.2 No Sale of Personal Information. We do not sell, rent, or trade your personal information or your customers' personal information to third parties for their own marketing purposes.
How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Platform: To activate your account, authenticate users, process payments, calculate Revenue Share, manage domains, and deliver all Platform features included in your Subscription.
- Billing and Collections: To issue Subscription invoices, collect Revenue Share fees, manage reconciliation, process refund requests, and pursue collection of overdue amounts.
- Communications: To send transactional emails (account confirmations, password resets, invoices, reconciliation statements, policy update notices), respond to support inquiries, and deliver service-related announcements.
- Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, fraudulent transactions, Revenue Share underreporting, and abuse of the Platform.
- Platform Improvement: To analyze anonymized usage patterns, improve features, develop new tools, prioritize development resources, and conduct internal research.
- Legal Compliance: To comply with applicable laws, regulations, court orders, legal process, and law enforcement requests.
- Enforcement: To investigate breaches of our Terms of Service, pursue legal remedies, and protect the rights and interests of the Company, MachenTagar IP Inc., and other users.
- Aggregated Analytics and AI Development: To use anonymized and de-identified data to train and improve machine learning models, AI features, and statistical benchmarking tools embedded in the Platform, as described in Section 8.
Legal Basis for Processing
For clients located in jurisdictions with formal legal basis requirements (including Canada under PIPEDA and the EU under GDPR), we process personal information on the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract; consent |
| Payment processing, billing, Revenue Share collection | Performance of contract; legitimate interests (financial administration) |
| Platform service delivery | Performance of contract |
| Transactional communications | Performance of contract; legitimate interests |
| Security and fraud prevention | Legitimate interests; legal obligation |
| Legal compliance and enforcement | Legal obligation; legitimate interests |
| Platform improvement and analytics | Legitimate interests (anonymized/de-identified data) |
| Marketing communications (if opted in) | Consent |
Third-Party Sharing
We share personal information only in the following circumstances:
6.1 Service Providers. We share information with third-party vendors who provide services on our behalf, including:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing, Stripe Connect infrastructure | Account identifiers, billing data, transaction metadata |
| Cloudflare, Inc. | CDN, DNS, DDoS protection, domain registration, security | IP addresses, domain registration details, traffic metadata |
| Cloud Infrastructure Providers | Hosting, data storage, encrypted backup infrastructure | Encrypted data (ciphertext only — providers cannot read content) |
| Email / Communications Providers | Transactional email delivery (invoices, alerts, confirmations) | Name, email address, message content |
All service providers operate under contractual data processing agreements that restrict their use of personal information to the purpose for which it is disclosed.
6.2 Legal Process and Law Enforcement. We will disclose personal information if required to do so by applicable law, court order, subpoena, or lawful demand of a government authority. Where legally permitted, we will attempt to notify the affected user prior to disclosure.
6.3 Business Transfers. If the Company undergoes a merger, acquisition, asset sale, restructuring, or insolvency proceeding, personal information may be transferred as part of that transaction. We will notify users of any such transfer that materially affects how their information is handled.
6.4 Protection of Rights. We may share information where necessary to enforce our Terms of Service, investigate fraud or Revenue Share underreporting, protect the safety or rights of users or third parties, or prevent illegal activity.
6.5 No Advertising Networks. We do not share personal information with advertising networks, data brokers, or social media platforms for targeted advertising purposes.
Zero-Knowledge Encryption Architecture
7.1 How Encryption Works. Your encryption keys are derived from your account credentials and are never transmitted to or stored by the Company. Your Client Content is encrypted on your device (or at the Platform edge) before it is written to storage. The Company receives and stores only ciphertext.
7.2 What We CAN See. We can see and process metadata associated with your account: your account information (name, email, billing address), usage activity logs, transaction metadata from Stripe, and the existence of encrypted file objects (but not their contents).
7.3 Irrecoverability. If you lose your account credentials, the Company has no mechanism to recover access to encrypted Client Content. This is not a policy — it is a technical property of the encryption architecture. This disclaimer is a material term of the Agreement.
7.4 Implications for Legal Process. Because the Company cannot access encrypted Client Content, we are unable to produce its contents in response to subpoenas or court orders directed to the Company. We will produce account metadata and encrypted ciphertext if required by law, but we cannot decrypt it.
Aggregated Analytics and AI Model Training
8.1 Anonymized Use. We use information derived from Platform usage — in anonymized and de-identified form — to improve the Platform, develop new features, train machine learning models, conduct research, and produce aggregate statistical analyses. This aggregated data cannot reasonably be used to identify you or your business.
8.2 Irrevocable License. As set out in Section 8.3 of the Terms of Service, you grant us an irrevocable, perpetual license to use anonymized and de-identified data for these purposes, including after the termination of your Subscription. No personal information is included in this aggregated data set.
8.3 No Individual Identification. We implement technical and organizational safeguards to ensure that aggregated analytics cannot be reverse-engineered to identify individual clients, businesses, or customers. We will not publish reports or analyses that could reasonably identify you.
Data Retention
9.1 Active Accounts. We retain personal information for the duration of your Subscription plus any required legal retention period.
9.2 After Termination. Following cancellation or termination of your Subscription:
- Account information and billing records: Retained for a minimum of seven (7) years for tax, audit, and legal compliance purposes.
- Encrypted Client Content: Retained for thirty (30) calendar days following termination (the "Data Export Window"), after which it is permanently deleted from our systems.
- Usage logs and metadata: Retained for up to two (2) years for security, fraud prevention, and dispute resolution purposes, then deleted or fully anonymized.
- Support communications: Retained for three (3) years from last contact.
9.3 Legal Hold. Retention periods may be extended where data is subject to a legal hold, investigation, dispute, or regulatory inquiry.
International Data Transfers
10.1 Cross-Border Operations. MachenTagar Research Institute LLC is incorporated in Wyoming, USA. Information you submit through the Platform may be stored or processed on infrastructure located in the United States and, where applicable, Canada. By using the Platform, you consent to this transfer.
10.2 Canadian Clients. Canadian clients whose personal information is transferred to the United States should be aware that such information may be subject to access by US law enforcement and regulatory authorities under applicable US law. We comply with PIPEDA requirements applicable to cross-border transfers. See our PIPEDA Compliance Statement for full details.
10.3 Safeguards. Where personal information is transferred to third-party service providers across borders, we require contractual data protection obligations consistent with applicable privacy law.
Cookies and Tracking Technologies
11.1 Cookies We Use. The Platform uses the following categories of cookies and similar technologies:
| Category | Purpose | Required? |
|---|---|---|
| Strictly Necessary | Session authentication, security tokens, CSRF protection, login state management | Yes — Platform cannot function without these |
| Functional | User preferences, dashboard layout settings, language preferences | Optional — affects user experience |
| Analytics | Anonymous usage statistics — page load times, feature usage rates, error tracking (aggregated only) | Optional — can be declined |
| Cloudflare | Security and DDoS protection (Cloudflare's _cflb, _cfruid cookies) | Yes — required for security layer |
11.2 No Advertising Cookies. We do not use advertising, retargeting, or behavioural tracking cookies. We do not embed third-party advertising pixels.
11.3 Managing Cookies. You can configure your browser to refuse or delete non-essential cookies. Blocking strictly necessary cookies will impair your ability to log in and use the Platform. Instructions for managing cookies in common browsers are available from your browser provider.
Your Privacy Rights
12.1 Rights Available to You. Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: The right to request a copy of the personal information we hold about you.
- Correction: The right to request that inaccurate or incomplete personal information be corrected.
- Deletion: The right to request deletion of your personal information, subject to legal retention requirements.
- Portability: The right to receive personal information you provided to us in a structured, machine-readable format.
- Withdrawal of Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting lawfulness of prior processing.
- Opt-Out of Marketing: The right to opt out of marketing communications at any time via the unsubscribe link in any email or by contacting us.
12.2 Limitations on Deletion. We cannot delete personal information that we are legally required to retain (such as billing records for tax purposes). We cannot recover or delete encrypted Client Content once the Data Export Window has passed following termination, because we no longer have the ciphertext.
12.3 How to Exercise Rights. Submit privacy rights requests to [email protected]. We will respond within thirty (30) calendar days (or such shorter period as required by applicable law). Identity verification may be required before acting on any request.
12.4 Canadian Clients — PIPEDA Rights. Canadian clients have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if they believe their PIPEDA rights have been violated. See our PIPEDA Compliance Statement.
Children's Privacy
The Platform is intended solely for use by businesses and individuals who are at least 18 years of age. We do not knowingly collect personal information from persons under 18 years of age. If we become aware that we have collected personal information from a minor, we will delete it promptly. If you believe we may have inadvertently collected information from a minor, contact us at [email protected].
Security Practices
14.1 Technical Measures. We implement industry-standard security measures to protect personal information, including:
- AES-256-GCM encryption for all Client Content (zero-knowledge architecture);
- TLS/HTTPS for all data in transit;
- Per-user credential and data isolation — no cross-contamination between client accounts;
- Access controls limiting internal access to personal information to authorized personnel on a need-to-know basis;
- Cloudflare-layer DDoS protection and Web Application Firewall (WAF);
- Periodic security assessments and penetration testing.
14.2 No Absolute Security. No security system is impenetrable. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable legal requirements.
14.3 Account Security. You are responsible for maintaining the confidentiality of your login credentials. We strongly recommend using a strong, unique password and enabling multi-factor authentication where available. You are responsible for all activity occurring under your account credentials.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated by email to your registered address at least thirty (30) days before the change takes effect. We encourage you to review this Policy periodically.
Continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms.
Contact Us
For privacy-related inquiries, access requests, corrections, complaints, or any other privacy matter, contact our privacy team:
MachenTagar Research Institute LLC
Privacy Officer
Email: [email protected]
Platform: getmarksman.ca
Canadian clients with unresolved concerns may also contact the Office of the Privacy Commissioner of Canada:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca