Privacy Policy

1. Data Controller

The controller of your personal data is Martia, the entity operating the Martia application at martia.ai. For data protection inquiries, please contact us at hello@martia.ai.

2. What data we collect and why

Account data

During registration, we collect your email address and, optionally, your first name. This data is used for user identification and communication regarding your account.

Transaction data

After you connect a bank account, we retrieve your transaction history and account balance via the GoCardless API. This data is stored on our servers solely for the purpose of providing the service — displaying spending history, generating reports, and budget planning.

Technical data

We automatically collect technical logs (IP address, browser type, request timestamps) for security and diagnostic purposes. This data is not linked to your financial data.

3. Legal basis for processing

We process data on the following legal bases (Art. 6 GDPR):

• Art. 6(1)(b) — performance of a contract for the provision of services (account and transaction data necessary for the Application to function)
• Art. 6(1)(f) — legitimate interest of the controller (security logs)
• Art. 6(1)(a) — consent (e.g., newsletter, where applicable)

4. Data sharing

We do not sell your personal or financial data. We do not share it with advertisers. Your data may only be disclosed to the following parties:

• GoCardless — open banking infrastructure provider, acting as a data processor on our behalf under a data processing agreement.
• Auth0 (Okta) — authentication service provider.
• Neon — database provider (cloud-hosted PostgreSQL).
• Google Cloud Platform — server infrastructure.

All of the above partners provide an adequate level of data protection in compliance with the GDPR.

5. How long we retain data

We retain account data for the duration of your use of the Application and for 30 days after account deletion (in case of accidental deletion). Transaction data is retained for the duration of your active account.

Technical logs are automatically deleted after 90 days.

6. Your rights (GDPR)

You have the following rights regarding the protection of your personal data:

• Right of access — you may request a copy of the data we process about you.
• Right to rectification — you may request correction of inaccurate data.
• Right to erasure — you may request deletion of your data (right to be forgotten).
• Right to data portability — you may receive your data in a machine-readable format.
• Right to restriction of processing — you may request that processing be restricted in certain circumstances.
• Right to object — you may object to processing based on legitimate interest.

To exercise your rights, please contact us at hello@martia.ai. We respond within 24 hours.

You also have the right to lodge a complaint with your national data protection authority.

7. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or destruction. All data is transmitted exclusively over encrypted HTTPS connections.

The bank connection via GoCardless operates in read-only mode — we never have access to your banking password or the ability to perform transactions on your account.

8. Cookies

The Application uses only essential technical cookies required for session management and authentication. We do not use marketing or tracking cookies.

9. Changes to this Privacy Policy

In the event of material changes to this Privacy Policy, we will notify you by email at least 14 days in advance. Continued use of the Application after the changes take effect constitutes acceptance of the updated policy.