Marissa's Home

Marissa's HomeMarissa's HomeMarissa's Home

Marissa's Home

Marissa's HomeMarissa's HomeMarissa's Home
  • Home
  • Terms of Service
  • SOLD
  • Blank

Privacy Policy

Privacy Statement

Effective date:5/10/2026

Entity: Marissa's Home ("we," "us," "our")

Address: N/A

Contact: info@marissashome.com


This Privacy Statement explains how we collect, use, share, and protect personal information when you interact with us. It covers our two activities:


CRM Software ("Service") — our hosted customer relationship management application.

Reseller Activities — the sale, provisioning, and support of third-party software, hosting, domains, licenses, or related services that we resell to our customers.

If you have questions, contact us at info@marissashome.com or, where applicable, our Data Protection Officer / EU Representative / UK Representative at info@marissashome.com.


1. Our Role: Controller vs. Processor

Our role depends on the data and context:


Context Our role What it means

Personal data that our CRM customers load into the Service (their contacts, leads, accounts, notes, etc.) Processor / Service Provider We process it on the customer's instructions under our Data Processing Addendum (DPA). The customer is the controller.

Account, billing, and primary contact details of the organization that subscribes to the CRM Controller We decide how we use this data to deliver the Service, bill, and support you.

Personal data we collect from website visitors, prospects, event attendees, and marketing recipients Controller We decide how and why we use it.

Personal data we collect when reselling third-party products (e.g., a license you buy through us from Vendor X) Controller for our resale, billing, support, and provisioning; we share the data with the upstream vendor, who is an independent controller for their service.

Telemetry, logs, and security data generated by use of our Service Controller for security, abuse prevention, billing, and aggregate analytics; Processor to the extent it forms part of Customer Data.

2. Information We Collect

2.1 Information you provide directly

Account information: name, work email, phone, company, role, billing address, payment details (handled by our payment processor; we do not store full card numbers).

Contact information when you submit forms, request a demo, contact support, attend an event, or subscribe to communications.

Reseller order information: the products/services purchased, license keys, end-user contact for provisioning (e.g., admin email for a third-party tenant), and any details required by the upstream vendor.

Content you submit to the Service: data, files, and configurations you and your users upload — this is Customer Data and we process it as a processor on your behalf.

Support communications including the contents of messages, screenshots, and call recordings (where notice is given).

2.2 Information collected automatically

Usage and device data: IP address, browser type, OS, device identifiers, referring URLs, pages viewed, features used, timestamps, crash and performance logs.

Cookies and similar technologies: see Section 9.

2.3 Information from third parties

Identity verification, anti-fraud, and credit-check providers (where applicable).

Upstream vendors whose products we resell (e.g., license status, renewal dates).

Single-sign-on providers (Google, Microsoft, Okta, etc.) — we receive the profile data you authorize.

Publicly available sources and business-data providers (e.g., enrichment for B2B prospects, where permitted by law).

We do not knowingly collect special categories of data (health, biometric, etc.). Do not load such data into the Service unless your plan expressly supports it.


3. How We Use Personal Information (and Legal Bases)

We use personal information for the purposes listed below. Where the GDPR/UK GDPR applies, the legal bases are noted in parentheses.


Provide, secure, and maintain the Service and resold products (contract; legitimate interests).

Bill, take payment, and prevent fraud (contract; legal obligation; legitimate interests).

Provision third-party products you order from us as a reseller, which requires sharing data with the upstream vendor (contract).

Provide customer support and respond to inquiries (contract; legitimate interests).

Improve and develop our products through analytics, debugging, and aggregated/de-identified usage data (legitimate interests).

Marketing communications about our products and resold offerings, including newsletters and events (consent where required; otherwise legitimate interests, with an easy unsubscribe).

Comply with law and enforce our terms (legal obligation; legitimate interests).

Protect the rights, safety, and property of us, our users, and the public (legitimate interests; legal obligation).

We do not sell personal information for money. Some jurisdictions (e.g., California) define "sale" or "sharing" broadly to include cross-context behavioral advertising — see Section 7.


We do not use Customer Data to train generally available AI models. Any AI features inside the Service operate within the customer's tenant and only on that customer's data, as described in our Documentation.


4. How We Share Personal Information

We share personal information only as needed and with appropriate safeguards.


Sub-processors of the Service (hosting, email delivery, telemetry, customer support, AI infrastructure, etc.). The current list is at [URL] and is governed by our DPA.

Upstream vendors of resold products. When you buy a third-party product through us, we share what is needed to provision and support that purchase (e.g., admin contact, domain, license quantity). The upstream vendor handles your data under its own privacy policy.

Service providers for billing, fraud prevention, identity verification, professional services, marketing automation, and analytics.

Authorities or legal counterparties where required by law, court order, or to defend our legal rights.

Corporate transactions: in a merger, acquisition, financing, or sale of assets, personal data may be transferred subject to standard confidentiality protections.

With your consent, or at your direction (e.g., integrations you enable).

We do not share Customer Data outside of the purposes set out in the customer's agreement and DPA.


5. International Transfers

We are headquartered in [Country] and may transfer personal data to other countries (including our sub-processors and resold vendors). Where transfers are made from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on:


Standard Contractual Clauses (SCCs) / UK IDTA / Swiss equivalent, plus

Transfer impact assessments and supplementary measures (encryption, pseudonymization, access controls) where appropriate.

A copy of the relevant transfer mechanism is available on request at info@marissashome.com.


6. Retention

We retain personal data only as long as needed for the purposes described, including legal, accounting, or reporting obligations.


Customer Data: for the term of the customer's subscription, plus the export window (typically 30 days), after which it is deleted in accordance with our retention policy.

Account and billing records: generally retained for [7] years after account closure to meet tax/audit requirements.

Marketing data: until you unsubscribe or [24] months of inactivity, whichever is earlier.

Support tickets and logs: typically [12–24] months.

Security and abuse logs: typically up to [13] months.

7. Your Rights

Depending on where you live, you may have rights to:


Access the personal data we hold about you;

Correct inaccurate data;

Delete your data ("right to be forgotten");

Restrict or object to certain processing;

Data portability in a structured, commonly used format;

Withdraw consent at any time (without affecting prior lawful processing);

Opt out of "sale" or "sharing" for cross-context behavioral advertising, and of certain profiling (California, Virginia, Colorado, Connecticut, Utah, Texas, and similar US state laws);

Lodge a complaint with a data protection authority (in the EU/UK, your local supervisory authority).

If you are an end user of a customer's CRM tenant, please raise your request with that customer (the controller). We will support them in responding.


To exercise rights with us as controller, contact [privacy@example.com]. We will respond within the timeframe required by applicable law (typically 30 days; up to 45 days for US state laws).


Do Not Track / Global Privacy Control (GPC): we honor recognized opt-out signals such as GPC for users in jurisdictions where required.


8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including:


Encryption in transit (TLS) and at rest;

Role-based access controls and least-privilege principles;

Logging, monitoring, and vulnerability management;

Background checks and confidentiality obligations for personnel;

Independent audits (e.g., SOC 2 Type II, ISO 27001 where applicable).

No system is perfectly secure. We will notify affected customers and, where required, regulators of a Security Incident without undue delay and within applicable legal timeframes (e.g., 72 hours under GDPR).


9. Cookies and Similar Technologies

We use:


Strictly necessary cookies for login, security, and core site functions;

Functional cookies to remember preferences;

Analytics cookies to understand usage (e.g., [Google Analytics, product analytics tool]);

Marketing cookies in limited cases for our own campaigns.

You can manage preferences via our cookie banner or browser settings. For details, see our Cookie Notice at www.marissashome.com/cookie.


10. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, children under 16 (or the relevant age threshold in your jurisdiction). If you believe a child has provided us personal information, contact info@marissashome.com and we will delete it.


11. California, Virginia, Colorado, and Other US State Privacy Notices

The categories of personal information we collect and disclose, the business purposes, and the sources are summarized in the table below. We do not sell personal information for monetary consideration. We may share limited identifiers (e.g., online identifiers, IP) with advertising partners — you may opt out via the "Your Privacy Choices" link in our footer or via GPC.


Category Examples Sources Purposes Disclosed to

Identifiers Name, email, IP, account ID You; cookies; SSO Provide Service; bill; support; security Sub-processors; resold vendors

Commercial info Orders, subscriptions You; payment processor Resale and billing Payment processor; upstream vendor

Internet activity Pages viewed, clicks Automatic Analytics; security Analytics provider

Professional info Company, job title You; enrichment Service delivery; B2B marketing Marketing tools

Inferences Engagement scores Derived Marketing; product improvement Marketing tools

We do not knowingly process the sensitive personal information of California residents beyond what is necessary to provide the Service.


You may designate an authorized agent to make a request on your behalf.


12. Marketing and Communications

You can unsubscribe from marketing emails using the link in the email, by adjusting preferences in your account, or by contacting us. We will still send transactional messages (e.g., billing, security, service updates) as long as your account is active.


13. Reseller-Specific Notice

When you purchase a third-party product through us:


We collect the information required by the upstream vendor to provision your purchase (e.g., admin email, domain, organization name, quantity).

We share that information with the upstream vendor, who becomes an independent controller of your data for that vendor's product. Their privacy policy applies to their processing.

We retain a record of your order, license, and renewal status for billing, support, audit, and renewal management.

We do not control the upstream vendor's security or processing. Choose vendors carefully and review their terms.


14. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing without human involvement.


15. Changes to This Statement

We may update this Privacy Statement from time to time. Material changes will be communicated through the Service, by email to account contacts, or by a prominent notice on our website at least [30] days before the effective date, where required by law. The "Effective date" above shows when it last changed.


16. How to Contact Us

Privacy questions / data subject requests: info@marissashome.com

Data Protection Officer (where applicable): info@marissashome.com

EU representative (GDPR Art. 27): N/A

UK representative: [N/A

Postal: N/A

If you are in the EEA or UK and we cannot resolve your concern, you may lodge a complaint with your local data protection authority.

Copyright © 2026 Marissa's Home - All Rights Reserved.

Powered by

  • Terms of Service
  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept