marcado
Book a demo

Privacy Policy

Last updated · 10 May 2026

This Policy describes how Marcado collects, uses and protects your personal data. It complies with the General Data Protection Regulation (GDPR) and Portuguese Law 58/2019.

1. Who we are

Marcado, based in Porto, Portugal, is the controller of your personal data.

For privacy questions, contact us at [email protected].

2. What data we collect

When you subscribe: name, email, business phone number and billing details.

When you use the service: settings, sessions, client contacts you add, and records of messages exchanged via WhatsApp.

Technical data: IP address, device type and usage logs.

3. How we use the data

To provide the service — manage bookings, send reminders on your behalf, process payments.

To communicate with you about your account, support and changes to the service.

To improve the product, always based on anonymised or aggregated data.

4. Legal basis

We process your data on the basis of contract performance (Article 6(1)(b) GDPR), compliance with legal obligations (invoicing, tax) and the legitimate interest of maintaining and improving the service.

5. Sub-processors and sharing

We share data only with sub-processors essential to the service: Stripe (payments), Meta/WhatsApp (messaging), Google (calendar, if you connect it) and EU-based cloud infrastructure providers.

We do not sell your personal data or your clients' personal data to third parties. Anonymized data — from which neither you nor your clients can be re-identified — may be shared or sold for analytics, research or industry benchmarks.

6. Retention

We keep your data while your account is active. After cancellation we delete everything within 30 days, except where law requires retention (invoicing: 10 years).

7. Your rights

You have the rights of access, rectification, erasure, restriction, portability and objection. You can also withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, write to [email protected]. You also have the right to lodge a complaint with the Portuguese Data Protection Authority (cnpd.pt).

8. International transfers

Your data is processed within the European Economic Area. When sub-processors (such as Stripe or Meta) handle data outside the EU, we require adequate safeguards — notably the European Commission's Standard Contractual Clauses.

9. Security

We apply appropriate technical and organisational measures: encryption in transit and at rest, access controls and audit logs. In the event of a breach affecting your rights, we will notify you within the legal deadline.

10. Changes

We may update this Policy. We will notify you at least 30 days in advance by email.

For any questions about this document, write to us at [email protected].

Book a demo

We're still in closed beta. Leave us your email or phone and we'll get in touch the moment the next demo opens up.

We only use this contact to let you know when the demo is available. Data controller: Marcado, Porto. You can request access, correction or erasure any time at [email protected].

For details on how we handle your data, see our Privacy Policy.