marca
Start free trial →

marca.dev/legal

Reviewer Notice

Version
Sample snippets
Effective
For Subscribers deploying Marca

1. Privacy policy snippet (short)

Drop into a Subscriber's existing privacy policy, typically under a "Third-party services" or "Analytics and feedback" heading.

Feedback and bug-reporting tools. This site uses Marca (operated by CAIO LLC, https://marca.dev), a visual feedback tool that lets our team capture pinned comments, screenshots, and page context when a feedback action is initiated. The Marca Script does not record your session continuously; it captures only when a feedback note is explicitly created. Captured information may include the page URL, your browser type, viewport dimensions, console output, the visual content of the page at the moment of capture, and an annotation note. Sensitive credential fields (passwords, payment fields) are excluded by default. For details on how Marca processes this information, see Marca's privacy policy: https://marca.dev/privacy.

2. Privacy policy snippet (long, GDPR-style)

Use where GDPR, UK GDPR, or similar disclosure obligations apply.

Marca (visual feedback tool).

  • Controller: [Subscriber name] is the controller of personal data collected through the Marca tool on this site.
  • Processor: CAIO LLC, operating the Marca platform (https://marca.dev), is our processor.
  • What is collected: When you or another visitor creates a feedback pin on this site, Marca captures the page URL and route, a screenshot of the visible viewport, a DOM snapshot of the page (with password fields and other credential-bearing inputs excluded), the annotation text, browser and device information (user agent, viewport size, OS), and a truncated IP address. Marca also captures recent console output to help us diagnose technical issues.
  • When it is collected: Only at the moment a feedback pin is created or explicitly initiated. Marca does not record your session continuously and does not log keystrokes, mouse movement, or background DOM changes.
  • Why we collect it: To collect, manage, and respond to feedback on this site, and to improve site quality. This is our legitimate interest under Article 6(1)(f) GDPR; for any processing requiring consent, we rely on Article 6(1)(a).
  • Where it is stored: In our Marca workspace, hosted by CAIO LLC in the United States.
  • How long: As long as our Marca subscription is active and the feedback record exists in our workspace.
  • Sharing: CAIO LLC processes this data on our behalf under a Data Processing Addendum (https://marca.dev/legal/dpa). CAIO LLC's current sub-processors (hosting, billing, transactional email, error monitoring) are listed at https://marca.dev/sub-processors.
  • Your rights: You may exercise GDPR rights of access, rectification, erasure, restriction, portability, and objection by contacting us at [Subscriber privacy email]. You may also lodge a complaint with your local supervisory authority.
  • International transfers: Personal data is transferred to and processed in the United States. We rely on the EU Standard Contractual Clauses pre-incorporated into our agreement with CAIO LLC for these transfers.

3. In-page reviewer notice (banner / modal)

Use as a one-time banner or modal when a Reviewer first interacts with a Marca-instrumented site, if your jurisdiction or risk appetite calls for explicit Reviewer-facing notice.

Heads-up: feedback tool active on this page. We use a visual feedback tool (Marca) that lets us capture page screenshots and context when you leave a pinned comment. We don't record your session — capture happens only when you explicitly create a pin. Sensitive fields like passwords are excluded automatically. Learn more: [link to Subscriber privacy policy] · Marca privacy: https://marca.dev/privacy

[ Got it ]

4. Cookie / consent banner addition

If you use a Cookie Consent Management Platform (OneTrust, Cookiebot, Iubenda, etc.), classify the Marca Script under "Functional" or "Strictly Necessary" if it is part of your feedback workflow, or "Analytics" if you treat it as observability. Sample category description:

Functional — Feedback tool (Marca). Enables our team to receive structured feedback you provide. The tool stores a short identifier locally to avoid duplicate captures within a session. Capture occurs only when you explicitly leave a feedback note.

5. Internal-only deployment notice (employee staging)

Use when the Marca Script is only deployed on internal-facing or employee-only staging environments. Suitable for an HR or IT acceptable-use document.

Our staging environments include Marca, a tool that captures structured feedback (a screenshot, a snapshot of the page, and your annotation) when you click "Mark this." Marca is provided by CAIO LLC. The tool does not record your session continuously and excludes credential fields by default. By using our staging environments, you acknowledge that feedback you submit through Marca, including the visual content of pages you submit feedback on, will be stored in our Marca workspace and visible to team members with access. Do not use Marca to capture data you would not otherwise share with the team.

How to choose

SituationUse snippet(s)
Public production site, US-only audience1 + 4
Public production site, EU/UK audience2 + 3 + 4
Staging site, customer testers (NDA in place)1 + 3
Internal-only employee staging5
Marketing/preview site for prospects1 + 3

Disclaimer

These snippets are provided as samples for convenience. They do not constitute legal advice. Marca's obligations as a processor and Subscribers' obligations as controllers are governed by the Marca Data Processing Addendum, Privacy Policy, and Terms of Service, together with applicable law. Subscribers should have these notices reviewed by their own privacy counsel before publishing them.