Legal
Privacy Policy
Last updated: July 4, 2026
This policy explains what Marji Inc. (“Marji,” “we”) collects, why, and the choices you have. It covers marji.co and the Marji application. It is written to be read, not to hide behind. If anything is unclear, email privacy@marji.co.
What we collect
- Account data — your name, email, and password hash when you sign up.
- Restaurant data — the menus, recipes, supplier invoices, and prices you upload so Marji can calculate margins. This is yours; we never sell it or share it with other restaurants or your vendors.
- Billing data — handled by Stripe. We store your Stripe customer and subscription IDs, never your full card number.
- Marketing data — if you use our free tools (like the margin calculator) we store the email you give us and the numbers you entered, so we can send you the result and relevant follow-ups.
- Usage & device data — basic, privacy-respecting analytics (via Vercel) plus, only with your consent, advertising/analytics cookies from Meta and Google. We capture referral parameters (UTM tags) to understand which marketing brought you here.
Cookies & consent
Strictly necessary cookies — your sign-in session and your cookie choice itself — are always on; the product doesn't work without them. Optional advertising and analytics cookies (Meta Pixel, Google Analytics) load only after you click “Allow” on our cookie banner. You can change your mind anytime via the “Cookie settings” link in the footer. If you decline, nothing from those vendors loads.
How we use it
- To provide the product: parse invoices, cost recipes, track margins.
- To send transactional email (verification, alerts, receipts).
- To send marketing email you can unsubscribe from in one click, via the link in every message.
- To measure and improve our marketing, when you've consented.
- To keep the service secure and prevent abuse.
Who we share it with
Only the processors that run the service, each under contract: Neon (database), Vercel (hosting, file storage, cookieless analytics), Stripe (billing), Anthropic and AWS (invoice/menu parsing), Resend (email), and — only with your consent — Meta and Google (advertising measurement). We do not sell personal data.
AI processing
Marji uses AI models (Anthropic Claude, AWS Textract) to read invoices and menus and to draft recommendations. Your data is sent to these providers to perform that processing and is not used by us to train models.
Retention
We keep account and restaurant data for as long as your account is active. Delete your account and the associated data is removed (some records may persist briefly in backups and where law requires). Lead emails are kept until you unsubscribe or ask us to delete them.
Your rights
Depending on where you live (including under GDPR and CCPA), you can request access to, correction of, or deletion of your personal data, and object to certain processing. Email privacy@marji.coand we'll respond within 30 days.
Security
Data is encrypted in transit. Access is scoped per restaurant and gated by authentication. See our public security posture in the repo's SECURITY.md. Report a vulnerability to security@marji.co.
Changes
If we make material changes we'll update the date above and, for significant changes, notify account holders by email.
This document is a plain-language template and not legal advice. Have counsel review it before you rely on it in production.
