Privacy Policy
This Privacy Policy describes how AllHeart Web Inc. ("MarketXY," "we," "our," or "us") collects, uses, stores, shares, and protects personal information when you use our website, platform, API, and related services (collectively, the "Services"). By accessing or using MarketXY, you agree to the collection and use of information in accordance with this Policy.
Information We Collect
1.1 Information You Provide
- Account registration: name, email address, company name, job title, billing address
- Payment information: billing details (processed securely via third-party payment processors — we do not store raw card numbers)
- Communications: messages, support tickets, feedback, and feature requests you send us
- User-submitted content: scam reports, domain flags, and community votes submitted through the platform
1.2 Information Collected Automatically
- Usage data: pages visited, features used, API calls made, export history, session duration, and clickstream data
- Device & technical data: IP address, browser type, operating system, device identifiers, and referrer URL
- Cookies and tracking technologies: as described in our Cookie Policy
- API usage logs: endpoint accessed, request volume, response codes, and timestamps — used for billing, monitoring, and abuse prevention
1.3 Data from Third Parties
We may receive information about you from third-party sources including payment processors, identity verification services, fraud detection providers, and analytics partners. This information is used to improve service quality and security.
How We Use Your Information
- ✓Provide, operate, and maintain the MarketXY Services
- ✓Process payments, manage subscriptions, and issue invoices
- ✓Send account notifications, billing alerts, and service updates
- ✓Monitor platform usage, detect abuse, and enforce our Terms of Use
- ✓Respond to support requests, disputes, and legal enquiries
- ✓Improve our data products, algorithms, and platform features
- ✓Send marketing communications (with your consent, where required by law)
- ✓Comply with legal obligations including GDPR, PIPEDA, and applicable tax laws
- ✓Conduct internal analytics and aggregate reporting
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) or UK, we process your personal data under the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Providing the Services under your subscription | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing billing | Performance of a contract (Art. 6(1)(b)) |
| Complying with legal obligations (tax, GDPR) | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention and platform security | Legitimate interests (Art. 6(1)(f)) |
| Improving and developing the platform | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) or Legitimate interests |
Sharing Your Information
We do not sell, rent, or trade your personal data. We may share information only in the following circumstances:
- Service providers: payment processors, cloud hosting providers, email delivery services, and analytics tools — bound by data processing agreements
- Legal requirements: when required by law, court order, or regulatory authority
- Business transfers: in connection with a merger, acquisition, or sale of assets — you will be notified
- Protection of rights: to protect the rights, property, or safety of MarketXY, our users, or the public
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Services. Specifically:
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- ✓Access: request a copy of the personal data we hold about you
- ✓Rectification: request correction of inaccurate or incomplete data
- ✓Erasure: request deletion of your personal data ('right to be forgotten'), subject to legal retention obligations
- ✓Restriction: request that we restrict processing of your data in certain circumstances
- ✓Portability: receive your data in a structured, machine-readable format (GDPR)
- ✓Objection: object to processing based on legitimate interests
- ✓Withdrawal of consent: withdraw consent at any time where processing is consent-based
- ✓Lodge a complaint: file a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France)
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
International Data Transfers
MarketXY is operated by AllHeart Web Inc. and may transfer your personal data to countries outside your jurisdiction, including the United States and Canada. Where required by law (e.g., GDPR), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.
Security
We implement industry-standard technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, access controls, regular security audits, and staff training. However, no system is entirely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by law.
Children's Privacy
MarketXY is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, contact [email protected].
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email and a notice on our website at least 14 days before taking effect. The "Effective Date" at the top of this page always reflects the most recent version. Continued use of the Services after the effective date constitutes acceptance.