Skip to main content
MartinMartin
Privacy PolicyTerms of ServiceCookie Policy

Privacy Policy

Last updated: 2026-02-04

1. Introduction

Welcome to Martin ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ESG/sustainability report analysis service.

By using Martin, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Data Controller

The data controller responsible for your personal data is:

Compass Technologies LTD
Company number: 16573761
Registered address: 45 Lavender Sweep, London, SW11 1DY, United Kingdom

Martin is a product of Compass Technologies LTD. For any questions about this privacy policy or our data practices, please contact us at:

Email: support@martin.report

3. Data We Collect

We collect several types of information from and about users of our service:

Personal Information You Provide

  • Account Information: Email address, name (optional), and password when you create an account
  • Payment Information: Payment card details and billing address (processed securely by Stripe)
  • Uploaded Documents: ESG/sustainability reports you upload for analysis

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs

4. How We Collect Data

  • Direct Collection: Information you provide when registering, making payments, or uploading documents
  • Automated Collection: Cookies and similar technologies (see our Cookie Policy)
  • Third-Party Services: Authentication providers (Google OAuth), payment processors (Stripe)

5. Purpose of Processing

We process your personal data for the following purposes:

  • Service Delivery: To analyze your uploaded reports and provide ESG gap analysis
  • Account Management: To create and manage your user account
  • Payment Processing: To process transactions and send payment confirmations
  • Communications: To send service-related emails (verification, password reset, report delivery)
  • Analytics: To understand how users interact with our service (with consent)
  • Legal Compliance: To comply with applicable laws and regulations

7. Third-Party Services

We share data with the following service providers who assist in operating our service:

ServicePurposeData SharedLocation
SupabaseDatabase, Authentication, StorageAccount data, uploaded reportsEU (Frankfurt)
StripePayment ProcessingPayment info, emailUS (PCI-DSS compliant)
VercelHostingRequest logsGlobal CDN
Anthropic (Claude AI)Report AnalysisReport text (transient, not stored)US
BeehiivNewsletter DeliveryEmail address, subscription preferencesUS

When analytics services are enabled with your consent, we also use Google Analytics 4 (for traffic analysis and conversion tracking) and Microsoft Clarity (for session recordings and heatmaps).

8. Newsletter ("The Sustainability Signal")

If you subscribe to our newsletter, we collect your email address and process it as follows:

  • Email Service Provider: We use Beehiiv to manage our newsletter mailing list and deliver emails. Your email address is synced to Beehiiv when you subscribe.
  • Double Opt-In: We use a double opt-in process to confirm your subscription. You will receive a confirmation email after subscribing.
  • Data Stored: Email address, subscription source (e.g., footer, article, newsletter page), subscription date, and status.
  • Analytics: Beehiiv tracks email open rates and click-through rates to help us improve content. This data is aggregated and not used for individual profiling.
  • Unsubscribe: You can unsubscribe at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly.
  • Data Retention: Newsletter subscription data is retained until you unsubscribe. After unsubscribing, we retain your email on a suppression list to ensure we don't re-subscribe you.

Legal basis for processing: Your consent (Article 6(1)(a) GDPR), which you provide when subscribing.

9. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account
  • Uploaded Reports: 30 days after analysis completion, or until you delete them
  • Generated Reports: Until you delete your account
  • Payment Records: 7 years (legal requirement for tax/accounting)
  • Analytics Data: Anonymized after 12 months

10. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise these rights, please contact us at support@martin.report or use the account settings in your dashboard.

11. Cookies

We use cookies and similar tracking technologies to collect and track information about your activity on our service. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

12. International Data Transfers

Your data is primarily hosted in the European Union (Supabase EU region). When data is transferred outside the EU (e.g., to Stripe or Anthropic in the US), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Vendor certifications (e.g., Stripe's PCI-DSS compliance)
  • Data processing agreements with all service providers

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Secure authentication with hashed passwords
  • Row-level security in our database
  • Regular security audits and updates

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to registered users.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@martin.report

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.