Privacy Policy

Mara is a software product owned and operated by Vantage Thinking(ABN 92 745 878 359), referred to in this policy as "we", "us" or "our". We provide AI-assisted marketing content and workflow automation for Australian law firms. We are bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

• Account information you provide, name, firm name, email address, role, and authentication data via Clerk.
• Content you give us, your firm's existing website copy, LinkedIn posts, writing samples, practice-area preferences, and voice profile.
• Content we generate for you, drafts, edits, feedback, memory notes, scheduled publications.
• Third-party integration credentials, encrypted at rest (AES-GCM 256-bit) and used only to publish drafts you approve.
• Payment information, processed by Stripe. We do not see or store your card details.
• Usage telemetry, which features you use, errors, rate-limit counters, so we can keep the product working.

• To run the service, watch sources, draft content, publish when you approve.
• To tune drafts to your voice over time.
• To bill you and manage your subscription.
• To email you transactional notices (drafts ready, alerts, monthly report).
• To comply with legal obligations.

We do notuse your firm's content to train foundation models. Generated content runs through Anthropic's Claude API, which operates under a zero data retention configuration where available.

• Anthropic, the Claude API receives the excerpts, prompts, and prior-turn history needed to generate drafts.
• Clerk, authentication and organisation management.
• Stripe, payment processing, billing and subscription management.
• Resend, transactional email delivery.
• Vercel, hosting, logs, and cron execution.
• Publish targets you connect, WordPress, Webflow, Wix, Slack, Telegram, Twilio (WhatsApp), only when you publish or enable that integration.
• Proxycurl, LinkedIn profile enrichment during onboarding, only if you provide a LinkedIn URL.

We do not sell personal information. We do not share your data with advertisers.

Data is stored in managed Postgres and on Vercel's infrastructure. Primary processing currently occurs in the United States and the European Union. Some sub-processors (notably Anthropic and Clerk) may process data in the United States. By using Mara you consent to cross-border handling on the terms in this policy.

• Account and billing records, while your subscription is active and for 7 years after cancellation to meet tax and record-keeping obligations.
• Drafts, cases, chat history, memory, while your account is active. On cancellation you can request deletion; we will remove the records within 30 days unless retention is required by law.
• Backups, retained for up to 30 days and overwritten on rotation.

Under the Privacy Act you can request access to, correction of, or deletion of your personal information. Email privacy@mara.legal. We respond within 30 days.

If you're unhappy with our response you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Credentials for publish targets and chat integrations are encrypted at rest. Transit uses TLS 1.3. Authentication is handled by Clerk. We follow least-privilege access internally. No system is perfect - if you spot a vulnerability, email security@mara.legal.

If we materially change this policy we will email the admin on your firm's account at least 14 days before it takes effect.

Vantage Thinking (ABN 92 745 878 359), hello@mara.legal.