Data Processing

Last Updated: June 4, 2026

Marqueeteer is an omni-channel marketing and AI operational automation service operated from Spain (European Union). We are registered and regulated under the General Data Protection Regulation (GDPR) and Spain’s Ley Orgánica 3/2018 (LOPDGDD).

When you engage us to optimize your local presence, run social campaigns, or deploy AI lead receptionists, we process your business and customer data as your Data Processor, strictly according to your instructions and within the framework of a formal Data Processing Agreement (DPA).

Our Role: Data Processor

Marqueeteer acts as a data processor under GDPR Article 28. You (the business owner or authorized brand representative) are the Data Controller. You own your customer lead lists, social channels, maps configurations, and database communication histories. You authorize us to access and manage these systems on your behalf.

We process your data only for the specific purposes of:

  • Deploying and managing your AI Operational Suite (including 24/7 AI Lead Receptionists, automated text messaging, and database reactivation tools).
  • Managing, auditing, and grading incoming communication trails and call logs to optimize lead capture.
  • Updating, syncing, and optimizing your local maps profiles, search engine visibility nodes, and directory health across 50+ network platforms.
  • Curation, scheduling, publishing, and interaction monitoring across your connected social media channels (e.g., Meta, Instagram, LinkedIn).
  • Monitoring, auditing, and generating localized search visibility metrics and conversion performance dashboards.

We do NOT:

  • Use your proprietary business or customer lists for our own marketing or advertising initiatives.
  • Sell, lease, or distribute your data or your leads’ opt-in phone/email records to third-party brokers.
  • Feed or recycle your data, conversational transcripts, or call audio files into external public models to train global artificial intelligence architectures.
  • Make autonomous, unguided, or independent decisions regarding how your data is manipulated outside your explicit scope of work.

Data Processing Agreement (DPA)

All Marqueeteer clients must enter into a Data Processing Agreement before service begins. The DPA is a formal contract that defines:

  • Your role as controller; our role as processor.
  • What data we process and for what purpose.
  • How long we retain data elements.
  • Technical and administrative security measures we implement.
  • Your rights to audit, inspect, and verify security protocols.
  • Our specific obligations regarding sub-processor management.
  • Breach notification procedures and timeline guarantees.

A template DPA is provided automatically during onboarding. If you require specific cross-border modifications (such as complex enterprise multi-entity or multi-jurisdiction requirements), contact us at privacy@marqueeteer.com.

Data We Process

When you activate our local visibility systems or AI suite, we access and process:

Local Directory & Search Profile Data

  • Business name, physical address, localized phone routing numbers, primary websites, operational hours, and category labels.
  • Media assets (photos, videos), promotional updates, public offers, local maps metadata, and historical profile analytics.

Lead & Conversational Automation Data

  • Incoming chat logs, SMS text strings, customer inquiries, and audio streams routing through the AI Receptionist nodes.
  • Customer reviews, ratings, user-generated comments, and automated feedback scores.
  • Customer names, mobile phone numbers, email addresses, and timestamps captured via landing pages or passed via your existing customer database for Database Reactivation workflows.

Account & Agency Service Data

  • Your corporate point of contact data, billing email, corporate address, and secure platform access configurations.
  • Payment parameters (securely handled by PCI-DSS compliant third-party processing nodes; we do not store full raw payment card credentials internally).
  • Communication history, service activity trackers, log files, and support ticket records.

We do NOT access or process:

  • Raw medical patient charts, diagnosis records, or protected healthcare data (specifically vital for our Emerging Health & Longevity clients; our AI interfaces are built for acquisition, appointment booking, and lead qualification, not medical documentation storage).
  • Your raw administrative infrastructure passwords (we prioritize OAuth validation and secure agency partner delegation access paths wherever possible).

How We Process Your Data

Access & Permissions

You grant Marqueeteer management permissions through explicit secure protocols:

  • OAuth Direct Authorization: Passwordless authentication directly linking map environments or social channels securely.
  • Partner Portal Access: Delegating administrative manager roles to our agency ID within platforms like Meta Business Manager or Google Workspace.
  • Encrypted Credential Locker: Where direct integration is unavailable, shared variables are kept heavily isolated using enterprise encryption at rest.

Data Security

  • All data transmissions route over secure layers utilizing TLS 1.2 or higher protocols.
  • Access to operational pipelines is strictly limited to assigned agency personnel on a need-to-know basis.
  • We mandate multi-factor authentication (MFA) across all internal company software suites and communication bridges.
  • We comply fully with Article 32 GDPR guidelines ensuring a level of security appropriate to processing risk profile variables.

Data Retention

  • Active Term: We retain data assets as long as required to successfully maintain your local channels, update campaign workflows, and manage active conversational AI suites.
  • Post-Cancellation Deletion: Once your 30-day cancellation period concludes, we terminate active platform sync connections within five (5) business days. We delete historical localized data files from our storage servers inside thirty (30) days, except where record retention is mandated by law.

Sub-processors

To efficiently execute campaigns and scale automation nodes, we contract with specialized third-party services. Each sub-processor is thoroughly vetted to guarantee equal contractual confidentiality, technical safeguards, and compliance standards:

  • Core infrastructure providers (Secure EU-based cloud datacenters via AWS / Google Cloud).
  • Payment collection applications (Stripe / PayPal).
  • Communication engines and programmatic telephony interfaces (Twilio, SendGrid, OpenAI API enterprise nodes).

Legal Basis & Global Compliance

1. European Union & Spain (GDPR / LOPDGDD)

Marqueeteer operates out of Spain under the oversight of the Agencia Española de Protección de Datos (AEPD).

  • Your Rights: As Data Controller, you hold rights to instruct our processing methods, request right-of-access copies, make rectifications, enforce erasure (“right to be forgotten”), and request data portability.
  • Our Obligations: We are bound to act only on your documented parameters, report any verified infrastructure data breaches within 72 hours under Article 33 guidelines, maintain strict staff non-disclosure layers, and support your end-user data subject requests.

2. United States (TCPA, CCPA & State Laws)

  • TCPA & Outbound Outreach: When executing database reactivations or text drops via our AI Operational Suite, the Client guarantees that all uploaded contacts gave explicit, legally valid opt-in consent to be contacted.
  • State Frameworks: We comply with applicable consumer privacy protocols (including CCPA/CPRA, VCDPA, CPA) ensuring we act strictly as a service provider that does not monetize or trade consumer profiling assets.

3. Canada (PIPEDA)

We align operations with the Personal Information Protection and Electronic Documents Act (PIPEDA). Clients operating within Canada maintain full responsibility for securing meaningful consent from consumers prior to provisioning data arrays into our automated marketing tracks.

4. Australia (Privacy Act 1988)

We maintain processing protocols matching the Australian Privacy Principles (APPs) and the Spam Act 2003. Any programmatic outreach deployed via our agency must be pre-cleared by the Client to ensure recipients have not opted out of receiving electronic commercial messaging.

5. Singapore (PDPA)

In adherence to the Personal Data Protection Act (PDPA), data processed through Marqueeteer is strictly limited to the operational functions specified by the Client. The Client warrants that data lists targeting Singapore numbers have been cleared against national Do Not Call (DNC) Registry registries.

6. International Cross-Border Data Transfers

For instances where clients or target operations are positioned outside the European Economic Area (EEA), Marqueeteer protects cross-border pipelines using the European Commission’s Standard Contractual Clauses (SCCs) (Module 4: Processor-to-Controller for incoming pipelines, and Module 3: Processor-to-Processor for infrastructure integrations).

Contact Us

For questions about our architectural setup, data processing structures, or to finalize your DPA documentation, contact us directly: