Mrble Intelligence, Inc. and Sharpana Privacy Policy
Last updated: 15 Aug 2025 | Effective: 15 Aug 2025
Mrble Intelligence, Inc. (“Mrble,” “we,” “our”) is a Delaware C‑Corporation. This notice applies to the Sharpana website, web application and mobile apps.Territorial Availability. Mrble does not offer the Services to individuals in the European Economic Area (EEA) or the United Kingdom and does not intentionally process their personal data. If we become aware that we have collected data from a user in those regions, we will refuse service and delete such data consistent with law.
1. What We Collect, Why, Who Gets It, and How Long We Keep It
| Category | Examples | Purpose(s) | Disclosed to (service providers) | Retention |
|---|---|---|---|---|
| Account Info (includes Sensitive PI: login + credential) | Name, email, hashed password | Create & secure your account; service notices | Auth providers (Google/Apple), email delivery | While account is active, then 90 days |
| Usage Data | Pages visited, AI prompts, summary outputs, user actions | Operate & personalize the service; maintain and improve service quality and safety; detect and prevent abuse. | Analytics (e.g., Google/GCP, Mixpanel) | While account is active; deleted within 30 days of verified deletion request; backups up to 90 days; de-identified aggregates may persist. |
| Uploaded Documents | PDFs, slides, text files you upload for summarization | Generate requested summaries/learning material | No routine disclosure. Files stay in Mrble’s encrypted Google Cloud storage and may be accessed only by a handful of Mrble engineers bound by NDA, and only for debugging, safety review, or when required by law. | While account is active; deleted within 30 days of verified deletion request; backups up to 90 days; de-identified aggregates may persist. |
| Device Data | IP address, OS, app version | Fraud prevention; diagnostics | Same analytics vendor | 18 mos |
| Payment Data | Tokenized IDs, transaction identifiers provided by payment processors | Process payments; bookkeeping | Stripe; Apple/Google; RevenueCat; CPA firm | 7 yrs (tax/audit) |
| Feedback | Ratings, crash logs, survey answers, feature requests | Customer support; service quality and product improvements | Supahub, Google Workspace, Sentry | 3 yrs |
All vendors above act under contracts that forbid use of Sharpana data for their own purposes.
2. Sensitive Personal Information (SPI)
We do not request SPI. If you choose to include SPI in an AI prompt (e.g., health data), we process it only to deliver your requested summary and for limited internal purposes (security & product/service quality). You may email [email protected] at any time to limit further processing or request deletion of SPI.
3. How We Protect Data
We encrypt data in transit (TLS 1.2+), store credentials hashed with bcrypt, restrict employee access on a least‑privilege basis, and commission independent security reviews and testing. Internal data‑access logs are reviewed quarterly.
4. Your Privacy Rights
| Right | How to exercise | Note |
|---|---|---|
| Know / Access | Email [email protected] | Copy of PI from past 12 mos |
| Delete | Same | We may retain minimal data for fraud prevention or legal duties |
| Correct | Same | — |
| Opt‑out of Sale / Share | N/A — we do not sell or share PI for cross‑context advertising. If this changes, we will post an opt‑out option at least 30 days in advance. | |
| Limit SPI | Email request | Further restrict or delete any SPI we hold |
| Non‑Discrimination | We will not deny features or change prices because you exercise a right |
Because Sharpana operates exclusively online, email is our designated, CPRA‑compliant method for all consumer‑privacy requests. You must verify ownership of the account email. We respond within 45 days (extendable to 90 days where allowed).
5. Cookies & Analytics
• Essential cookies for sign‑in, language, CSRF.
• Analytics cookies used only to measure feature usage and troubleshoot performance. They do not follow you across unaffiliated sites. Block them via browser settings or the in‑app Analytics Opt‑Out toggle.Global Privacy Control and browser “Do Not Track” signals are logged; they currently have no additional effect because we do not sell/share data.
6. Children
Sharpana is not directed to children under 13. We do not knowingly collect their data. If we discover such data, we delete it promptly.
7. Changes
We review this policy at least annually. If we make material changes, we will post them here and in‑app 15 days before they take effect and update the “Last updated” date.
8. Contact
Email: [email protected]