The fine print,
in plain English.
Three documents — Privacy, Terms, and Security — written so a human can read them. We've kept the legal weight where it's needed and stripped it everywhere it isn't.
Privacy.
We collect the minimum we need to make Maria useful. We don't sell your data. We don't train shared models on your private workspace. Ever.
What we collect
Account data: email, name, organisation. Used to identify you and contact you about your account.
Workspace content: voice memos, transcripts, ideas, pillars, drafts, posts. Stored encrypted at rest and used solely to deliver the product to your account.
Usage telemetry: page views, feature interactions, performance. De-identified at the time of collection. Used to improve the product.
What we never collect
- The contents of your social accounts beyond what you explicitly share with Maria.
- Your contacts, address book, or browser history.
- Location data beyond country-level (for compliance only).
Who we share data with
A short list of subprocessors who power infrastructure — listed at /subprocessors. They're contractually bound to the same standards. We don't share with advertisers, brokers, or marketers, full stop.
Your rights
Export, delete, or transfer everything we hold on you, any time, from your account settings. We honour these requests in 7 days or less, regardless of where you live.
Terms of service.
You bring the ideas. We bring the strategist. You own everything you make. We won't post for you, train on you, or surprise you with new fees.
Your account
One human per account. You're responsible for keeping your credentials safe and for what happens inside your workspace.
Your content
You own everything you create inside Maria. We hold a narrow licence to store and process it solely to deliver the product. The moment you cancel, that licence ends.
Acceptable use
Maria is for building a personal brand around real experience. Don't use it to:
- Impersonate real people who haven't consented.
- Fabricate testimonials, case studies, or outcomes.
- Generate harassment, hate speech, or illegal content.
We will close accounts that do, and we'll do it without a refund.
What we promise
- We won't auto-publish content for you. Ever. A human hits publish.
- We won't train shared models on your workspace. Your sessions stay yours.
- We won't raise prices on existing plans without 60 days' notice.
Billing & cancellation
Month-to-month or annual. Cancel any time from your account; no calls, no retention emails. Annual plans are prorated on cancellation.
Liability
We provide Maria "as is." Our total liability is capped at the fees you paid us in the prior 12 months. Local consumer law overrides this where applicable.
Security.
SOC 2 Type II. AES-256 at rest, TLS 1.3 in transit. SSO and 2FA. Annual third-party penetration tests. Bug bounty open to anyone.
How your data is stored
- At rest: AES-256 encryption, per-workspace key material.
- In transit: TLS 1.3 only. Older versions refused.
- Backups: encrypted, geo-redundant, retained 30 days then destroyed.
Who can see your workspace
Inside Maria, only humans you explicitly invite. Inside our team, access is role-based, audited, and granted only when an engineer is debugging a ticket you filed — and only for as long as that takes.
Authentication
- SSO via Google, Microsoft, and OIDC providers.
- 2FA available on every plan; required on Studio.
- Hardware key support (WebAuthn / FIDO2).
Compliance & audits
SOC 2 Type II (audited annually). GDPR & UK GDPR compliant. Annual third-party penetration test by an independent firm; summary report available under NDA.
Responsible disclosure
Found a vulnerability? Email security@mariadoesmarketing.app. We commit to a first reply within 24 hours and pay bounties up to $10,000 for high-severity issues.
AI & training
Maria uses third-party foundation models to power voice transcription, ideation, and rewrite suggestions. Your content is sent for inference only — never for training — and our agreements with model providers prohibit them from training on it. Documented in /subprocessors.