Cookie Policy
Last updated: 2026-04-22 · Effective: 2026-04-22
This policy explains what cookies are, how Marcomm AI uses them, and how you can manage your preferences.
You can change or withdraw your choices at any time via the page.
What are cookies?
Cookies are small text files stored on your device when you visit a website. They let the site remember things about your visit — like your sign-in state, language, and preferences — so you don't have to re-enter them on every page.
This policy uses "cookies" as a shorthand for cookies and similar technologies such as local storage, session storage, and pixel tags. All references to cookies include these equivalent technologies where applicable.
Legal basis for using cookies
Under GDPR, UK GDPR, and similar regulations, we use one of the following legal bases for each cookie category:
- Consent: Used for functional, analytics, and marketing cookies. You can withdraw consent any time.
- Performance of contract: Used for essential cookies necessary to deliver the service you signed up for.
- Legitimate interests: Used for security and fraud prevention cookies, balanced against your privacy rights.
- Legal obligation: Used where retaining certain information is required by applicable law.
Cookie categories
We classify cookies into four categories. Essential cookies are always active because the service cannot run without them. You can turn the others on or off at any time.
Essential
RequiredRequired for sign-in, security, and core service functionality. These cannot be disabled.
Legal basis: Performance of contract + legitimate interests
Functional
Remember your preferences (language, theme, display settings) to personalize your experience.
Legal basis: Consent
Analytics
Help us understand how visitors use Marcomm so we can improve the product. Fully anonymized.
Legal basis: Consent
Marketing
Used to measure the effectiveness of marketing campaigns and show relevant offers.
Legal basis: Consent
First-party cookies
These are cookies set directly by marcomm.work. They are used for authentication, security, and remembering your preferences.
| Purpose | Provider | Category | Duration |
|---|---|---|---|
| Authenticated session token | marcomm.work | Essential | 30 days |
| OAuth callback redirect state | marcomm.work | Essential | Session |
| CSRF token, protects against cross-site forgery | marcomm.work | Essential | Session |
| Stores your cookie preferences | marcomm.work | Essential | 12 months |
| Remembers your selected language | marcomm.work | Functional | 12 months |
Third-party cookies and processors
Some cookies are set by third parties we work with to deliver Marcomm. These processors are bound by data processing agreements and act on our instructions.
| Purpose | Provider | Category | Duration |
|---|---|---|---|
| Distinguishes legitimate users from bots (bot management) | Cloudflare | Essential | 30 minutes |
| Verifies your client passed a Cloudflare security check | Cloudflare | Essential | 30 days |
| Bot protection during sign-up, sign-in, and password reset | Cloudflare Turnstile | Essential | Session |
| Aggregate visit analytics | Google Analytics | Analytics | 2 years |
| Behavioral analytics for UX research | Microsoft Clarity | Analytics | 1 year |
| Aggregate visit analytics for Korean market | Naver Analytics | Analytics | Session |
| Meta ad attribution and retargeting | Meta | Marketing | 3 months |
| Google Ads conversion tracking and retargeting | Google Ads | Marketing | 13 months |
| Personalized retargeting advertising | Criteo | Marketing | 13 months |
| TikTok ad attribution and retargeting | TikTok (Bytedance) | Marketing | 13 months |
| B2B campaign attribution and retargeting | Marketing | 1 year |
Third-party processors
Below is the list of service providers we use, where they are located, and the legal basis for any international data transfers.
Infrastructure & operations
Vercel
Hosting and edge network
- Company
- Vercel Inc.
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses (SCCs)
Cloudflare
CDN, DDoS protection, bot management (Turnstile)
- Company
- Cloudflare, Inc.
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses (SCCs)
Google OAuth
Social sign-in
- Company
- Google LLC
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses + adequacy decision
Neon
Managed Postgres database
- Company
- Neon Inc.
- Country
- United States (ap-southeast-1 region available)
- Transfer basis
- EU Standard Contractual Clauses (SCCs)
Resend
Transactional email delivery (verification, password reset)
- Company
- Resend Inc.
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses (SCCs)
Sentry
Error tracking and performance monitoring
- Company
- Functional Software, Inc.
- Country
- United States
- Transfer basis
- SCCs
Payment
Polar
Payment processing / subscriptions
- Company
- Polar Software, Inc.
- Country
- United States
- Transfer basis
- SCCs
Analytics
Google Analytics
Traffic analytics & service improvement
- Company
- Google LLC
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses + adequacy decision
Microsoft Clarity
Session replay · heatmaps
- Company
- Microsoft Corporation
- Country
- United States
- Transfer basis
- SCCs + DPF
NAVER Analytics
Analytics for Korean market
- Company
- NAVER Corp.
- Country
- Republic of Korea
- Transfer basis
- Domestic processing
Advertising
Meta
Facebook & Instagram ads / Pixel
- Company
- Meta Platforms Ireland Ltd. / Meta Platforms, Inc.
- Country
- Ireland / United States
- Transfer basis
- SCCs + DPF
Google Ads
Search & display ads / conversion tracking
- Company
- Google LLC
- Country
- United States
- Transfer basis
- EU Standard Contractual Clauses + adequacy decision
Criteo
Retargeting advertising
- Company
- Criteo S.A.
- Country
- France
- Transfer basis
- Within EEA
TikTok (Bytedance)
TikTok ads / Pixel
- Company
- TikTok Technology Ltd. / TikTok Pte. Ltd.
- Country
- Ireland / Singapore
- Transfer basis
- SCCs
LinkedIn Insight Tag
B2B retargeting / conversion tracking
- Company
- LinkedIn Ireland Unlimited Company (Microsoft)
- Country
- Ireland
- Transfer basis
- SCCs + DPF
How to manage cookies
You have two ways to control cookies on Marcomm. You can open our to turn categories on or off at any time, or you can configure your allaboutcookies.org to block or delete cookies globally.
Manage cookies on Marcomm
Open the cookie management panel to adjust each category. Your choices are saved for 12 months.
Withdrawing your consent
Consent is not permanent. You can withdraw it at any time from the cookie management panel, and we will immediately stop using non-essential cookies on your next request. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
Your data subject rights
Depending on your jurisdiction, you have the following rights in relation to personal data collected through cookies:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request that we limit the processing of your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or direct marketing.
- Right to lodge a complaint: File a complaint with your local data protection supervisory authority.
Regional notices
The following regional regulations may grant additional rights depending on where you reside:
European Economic Area
GDPR / ePrivacy Directive
GDPR and the ePrivacy Directive require prior consent for non-essential cookies. You can contact your national Data Protection Authority to lodge complaints.
United Kingdom
UK GDPR / PECR
UK GDPR and PECR apply. The Information Commissioner's Office (ICO) is your supervisory authority.
California, USA
CCPA / CPRA
CCPA/CPRA give you the right to know, delete, correct, and opt out of the sale or sharing of personal information. Marcomm does not sell personal data.
Republic of Korea
PIPA
PIPA applies. You have rights to access, correct, delete, and suspend processing of your personal information. The Personal Information Protection Commission (PIPC) is the supervisory authority.
Japan
APPI
APPI applies. You may request disclosure, correction, and cessation of use of your personal data.
Singapore
PDPA
PDPA applies. You may withdraw consent and request access or correction of your personal data.
Children's privacy
Marcomm is not intended for individuals under 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us at privacy@marcomm.work.
Changes to this policy
We may update this Cookie Policy as our product evolves or as regulations change. Material changes will be communicated through the app or by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
Questions about this Cookie Policy or our cookie practices? Reach us at privacy@marcomm.work.
- Data controller
- Digitalog Technologies Inc.
- Privacy contact
- privacy@marcomm.work
- Address
- London, UK · Seoul, Korea