MARINI

Privacy Policy

Last updated: June 19, 2026

In the event of any discrepancy between the French version and this translation, the French version shall prevail.

1. Purpose and scope

This Privacy Policy explains how MARINI collects, uses, retains, protects and, where applicable, shares personal data processed in connection with its website, contact forms, quotation requests, customer area, administration area, messaging tools, file upload tools, sketching tools, conversion, preview and CAD/STEP or AI assistance tools.

The website is mainly intended for professionals. MARINI therefore mainly processes data relating to professional contacts: managers, employees, business managers, buyers, engineers, technicians, project managers and representatives of client or prospect companies.

Some technical files submitted to MARINI may not contain personal data but may include confidential industrial information. Such files are covered by the specific confidentiality commitments described below. The website is not intended for minors. Users acting on behalf of a company or organization must be authorized to communicate the data and files submitted to MARINI.

2. Data controller

MARINI

French simplified joint-stock company with share capital of EUR 600,000

Registered office: 25 boulevard Robert Schuman, 93190 Livry-Gargan, France

SIREN: 318 054 202 — RCS Bobigny

General email: [email protected]

GDPR email: [email protected]

Personal data contact / DPO: Alain Chemaly, director of MARINI.

3. Categories of data processed

3.1 Identification and contact data

first name and last name;
professional email address;
telephone number;
position, department or role, where applicable;
company or organization represented.

3.2 Company data

company name, SIRET or SIREN number;
company address, official address, delivery address;
company verification status;
public or official data obtained from the recherche-entreprises.api.gouv.fr API.

3.3 Contact form data

subject and content of the message, date and time of submission;
technical anti-spam data (honeypot, Cloudflare Turnstile).

3.4 Quotation request data

project type, sector, part or assembly type;
intended process, material, thickness, finish, tolerances or constraints indicated;
quantity, desired lead time, urgency, possible recurrence;
requester contact details, company, SIRET, delivery address;
request statuses, pricing information, estimates, prices excluding tax, commercial validation exchanges.

3.5 Technical and industrial files

MARINI may process files submitted by the user (PDF, DXF, DWG, STEP, STP, SLDPRT, images, photos, sketches, ZIP files, generated or converted files) and their metadata: original filename, extension, MIME type, size, SHA-256 hash, antivirus scan status, upload date, association with a request.

The user is invited not to submit unnecessary personal data in technical files.

3.6 Customer area data

When a user submits a quotation request, MARINI may automatically create a customer area associated with the email address provided. Access is mainly provided through a secure login link sent by email and may also rely on a WebAuthn/passkey or login through an external identity provider where those options are enabled.

In that context, MARINI may process profile information, language and notification preferences, company roles, invitations, company memberships, passkey metadata, OAuth account identifiers and, where necessary for authentication, technical tokens provided by Google or Microsoft.

3.7 Drafts, autosaves and uploads before login

Certain information entered in forms may be temporarily retained as a draft, either server-side or in the user's browser, to avoid loss of input or allow a language change without interruption. Files uploaded before login may then be associated with the quotation request and the customer area.

3.8 Messages, attachments and internal notes

MARINI may process messages exchanged, message attachments, internal notes added by MARINI teams, and commercial or technical follow-up data. Internal notes are not necessarily visible to the user but may contain personal data and are therefore covered by this Privacy Policy.

3.9 Authentication, log and security data

magic link login tokens, reset tokens;
session tokens, marini_token authentication cookie, email verification date;
IP addresses, audit events, rate-limiting data, traces of access attempts or abusive uploads.

3.10 CAD, conversion and AI tool data

MARINI may process prompts or descriptions provided by the user, sketch data, technical parameters, generated files and conversion results. These processes are technical aids and do not replace MARINI's human and commercial validation.

4. Sources of data

Data processed by MARINI may come directly from the user, forms completed on the website, uploaded files, messages sent, the customer area, interactions with MARINI, public or official information relating to a company, or technical tools necessary for website operation, security and traceability.

4 bis. Mandatory or optional nature of data

Fields identified as mandatory in forms are required to handle the relevant request, create or secure the customer area, reply to the user, verify a company, prepare a quotation or comply with a legal obligation. If those details are not provided, MARINI may be unable to process the request, send a login link, analyze a file, produce a quotation or continue the commercial relationship.

Other information, comments, additional files, preferences, project notes or optional technical details are provided at the user's initiative. MARINI recommends limiting this information to what is useful for the technical, commercial or contractual review of the project.

5. Purposes and legal bases

Purpose	Examples of processing	Main legal basis
Responding to contact requests	Receiving, qualifying and handling messages sent via the contact form.	Legitimate interest and pre-contractual steps.
Reviewing quotation requests	Analyzing needs, checking feasibility, preparing pricing.	Pre-contractual steps and B2B legitimate interest.
Creating and managing the customer area	Automatically creating an area linked to the email, allowing tracking and exchanges.	Pre-contractual or contractual steps, legitimate interest.
Managing technical files	Upload, storage, analysis, conversion, preview, pricing, possible manufacturing.	Pre-contractual steps, contract performance or legitimate interest.
Managing messaging and transactional emails	Magic links, acknowledgements, messages, statuses, requests for additional information.	Pre-contractual steps, contract performance or legitimate interest.
Verifying companies and SIRET	Verification or enrichment of public company information.	Legitimate interest in reliable commercial information.
Using conversion, preview and AI tools	Assisting analysis, producing working files, generating or converting certain formats.	Pre-contractual steps, contract performance or legitimate interest.
Securing the website and preventing abuse	Combating spam, attacks, unauthorized access, malicious uploads.	Legitimate interest in security.
Complying with legal and evidentiary obligations	Accounting, invoicing, evidence, dispute management.	Legal obligation and legitimate interest.

MARINI may use audience measurement, advertising, retargeting, lookalike audience or social media tools, including Google, Meta and LinkedIn. These processing operations are described in the cookies section and are subject, where required, to an appropriate information, objection or consent mechanism.

6. Technical files, industrial confidentiality and NDA

Files submitted by the user may contain sensitive or confidential information: drawings, dimensions, manufacturing methods, prototypes, specifications, customer references, design data, part photos, CAD files or trade secret information.

MARINI uses these files only to analyze the request, check feasibility, prepare a quotation, manufacture parts if the quotation is accepted, and ensure support, follow-up and legitimate archiving. MARINI does not sell these files and does not voluntarily publish them.

The operational confidentiality applied to submitted files does not constitute a formal confidentiality agreement or NDA. For particularly sensitive projects, the user may contact MARINI before transmission in order to agree, if MARINI accepts, on a suitable channel or arrangements. MARINI does not guarantee that any given channel is suitable for every level of sensitivity or secrecy.

7. Use of AI and automated tools

Where generation, conversion, extraction, preview or CAD/STEP assistance features are used, certain data may be processed automatically.

Depending on the feature concerned, information such as prompts, descriptions, sketches, technical parameters, rendered images, extracted text, geometry data or file extracts may be transmitted to OpenAI, only to enable the requested generation, conversion or analysis.

MARINI recommends not including unnecessary personal data, sensitive data, unnecessary industrial secrets or information subject to special restrictions in prompts or files.

AI-generated, converted or preview results are technical aids. They may contain errors and must be checked by MARINI before any manufacturing or contractual commitment. MARINI does not make decisions producing legal effects for the user solely on the basis of fully automated processing without human validation.

8. Recipients and processors

Data may be accessed, within the limits of authorization and need-to-know, by sales teams, engineering offices, technical teams, production teams, website administrators, management, technical service providers, hosting provider, transactional email provider, anti-spam or anti-bot provider, conversion or AI provider where applicable, IT maintenance providers, advisors, accountants, lawyers, insurers and competent authorities where required.

Service / Provider	Role	Data concerned
OVH SAS / Kimsufi / OVHcloud	Hosting of the website, databases, files, application services and hosting-provider backups.	Website data, accounts, files, logs, backups.
Brevo / SMTP	Sending transactional emails.	Email, possible name, quotation reference, access links.
Cloudflare Turnstile	Anti-spam and anti-bot protection.	Technical browsing data, IP, anti-abuse signals.
recherche-entreprises.api.gouv.fr API	SIRET verification or enrichment.	SIRET, public company data.
Google / Microsoft OAuth	Login or account linking through an identity provider.	Email, account identity, technical authentication tokens.
OpenAI	AI assistance, CAD or STEP generation.	Prompts, parameters, rendered images, extracted text, possible necessary technical extracts.
Local ClamAV	Antivirus scanning operated in the server infrastructure.	Uploaded files and technical metadata.
Self-hosted Strapi	Public content management.	CMS content and associated technical data.
PostgreSQL / Redis / server services	Database, sessions, cache and technical operation.	Application and technical data.
Google, Meta and LinkedIn	Audience measurement, advertising, retargeting, campaign tracking, audiences and social media integrations where these tools are activated.	Browsing data, technical identifiers, page view or conversion events, consent preferences.

9. Transfers outside the European Union

Data is, as far as possible, processed and hosted in the European Union or the European Economic Area.

However, certain providers, including Cloudflare, Brevo, OpenAI, Google, Meta, LinkedIn or the Google / Microsoft identity providers, depending on their contractual and technical configuration, may involve processing or transfers from countries located outside the European Union.

Where such transfers exist, MARINI ensures that they are governed by appropriate safeguards, including an adequacy decision of the European Commission where available, standard contractual clauses, UK standard contractual clauses or appropriate additional measures.

10. Retention periods

Category	Indicative retention period
Contact requests	3 years from the last incoming or outgoing contact.
B2B prospect data	3 years from the last active exchange.
Quotation requests not followed by an order	3 years from the last exchange, then limited archiving if necessary for evidence.
Quotations, commercial exchanges and evidentiary items	Up to 5 years from the last relevant act, unless a longer legal period or dispute applies.
Orders, invoices and accounting records	10 years from the end of the relevant financial year.
Technical files related to a simple unsuccessful request	3 years from the last exchange, unless earlier deletion is possible and no legitimate retention is required.
Technical files related to an accepted quotation, manufacturing or dispute	Period necessary for follow-up, evidence, support, quality or accounting obligations.
Customer account	Duration of the active relationship, then up to 3 years of inactivity, unless anonymization or legitimate retention applies.
Part library	Duration of the active relationship, then up to 3 years of inactivity, except files linked to a quotation or evidentiary obligation.
Drafts and autosaves	90 days from the last update, unless submitted, deleted or attached earlier.
Messages and attachments	Same period as the request or project to which they relate.
Internal notes	Same period as the relevant customer or quotation file, unless anonymized.
Magic link or reset tokens	30 minutes for magic links; short period strictly necessary for other security tokens.
marini_token authentication cookie	Up to 7 days, unless logout or early expiry.
Technical and security logs	In principle up to 12 months, unless incident, investigation or longer retention obligation applies.
Technical backups	30 days for application backups, subject to hosting-provider backups and OVH Backup Agent retention.
Cookie consent or preference data	6 months.

Deleting or anonymizing a customer account does not necessarily mean immediate deletion of all data linked to quotations, files, messages or commercial archives if legitimate retention is necessary.

11. Security

MARINI implements technical and organizational measures intended to protect data and files, including restricted access based on authorizations, authentication of the customer and admin areas, login by secure link sent by email, passkeys where available, HttpOnly authentication cookie, HTTPS, secure server, firewall, application filtering, request limiting, abuse protections, antivirus scanning of uploaded files, server-side encryption of files at rest after processing where configured, signed or time-limited download links where applicable, security event logging and backup measures.

Files may be stored in clear text on the server during a technical window necessary for antivirus scanning, preview generation and encryption at rest. This measure is not end-to-end encryption.

For user experience reasons during public uploads, certain previews of uploaded files or certain generated STEP files may be accessible through a non-public and not easily guessable technical identifier, without full authentication. The user must not share these links and should avoid using this channel for files requiring enhanced confidentiality without prior agreement with MARINI.

Certain transactional emails may contain quotation references, access links or technical attachments where necessary for request follow-up. For the most sensitive files, the user should request a specific channel or agreement before transmission.

As no security measure is absolute, MARINI invites users to submit only the information strictly necessary for the review of their project.

12. Cookies, trackers and local storage

MARINI uses or may use strictly necessary, functional, security, audience measurement, advertising, retargeting or social media trackers. Trackers that are not strictly necessary for the service are subject, where required, to prior consent or an appropriate objection mechanism.

Name	Type	Purpose	Duration
marini_token	HttpOnly authentication cookie	Maintain the session of the user connected to the customer or admin area.	Up to 7 days.
auth-hint	Non-secret technical cookie	Indicate to the interface that a session may exist, without authenticating the user by itself.	Aligned with the session or deleted earlier.
auth-jwt	Former technical cookie	Former cookie cleaned during certain logout operations.	Residual duration / deletion.
marini_auth_init / marini_handoff_n / marini_oauth_tx / marini_link_csrf	Temporary security cookies	Secure login, OAuth, magic-link or account-linking flows.	Short duration linked to the relevant flow.
NEXT_LOCALE	Cookie or language preference	Remember the selected language.	According to technical configuration.
marini_cookie_consent	LocalStorage	Remember display or preference choice regarding the cookie banner.	6 months.
marini_session / marini_has_passkey / marini_passkey_prompted	LocalStorage or sessionStorage	Remember non-secret local indicators relating to the session or passkeys.	Until deletion by the user, logout or application cleanup.
marini_quote_session / marini_quote_workspace / marini_quote_step / marini_reuse_file	LocalStorage or sessionStorage	Temporarily retain quote-form progress, drafts and certain functional choices.	90 days for persistent drafts; session duration for certain one-off choices.
Cloudflare Turnstile	Anti-spam / anti-bot data	Verify that an action is not automated or abusive.	According to provider settings.
Google	Analytics, advertising or marketing tags	Audience measurement, campaign tracking, conversions, advertising or retargeting where the tools are activated.	According to provider settings and consent choices.
Meta	Pixel, advertising or social integrations	Campaign measurement, audiences, conversions, advertising or retargeting where the tools are activated.	According to provider settings and consent choices.
LinkedIn	Insight Tag, advertising or social integrations	B2B campaign measurement, audiences, conversions, advertising or retargeting where the tools are activated.	According to provider settings and consent choices.

Trackers necessary for website operation, authentication, security or remembering user preferences may be deposited without consent where permitted by law. Advertising, social media or non-essential analytics trackers are managed through the consent or objection mechanism available on the website.

13. Rights of individuals

In accordance with applicable regulations, data subjects have, as applicable, the following rights: right of access, right of rectification, right of erasure, right to restriction of processing, right to object, right to data portability, right to withdraw consent where processing is based on consent and right to define instructions regarding the fate of data after death.

These rights may be exercised by writing to: [email protected] or by mail to MARINI — Personal Data — 25 boulevard Robert Schuman, 93190 Livry-Gargan, France.

MARINI may request additional information where necessary to verify the requester's identity or identify the data concerned. MARINI will respond within one month from receipt of the complete request.

The customer area may provide an export or anonymization request feature. These tools facilitate the exercise of rights but do not necessarily replace a complete response to a GDPR request where data is also present in quotations, messages, files, audit logs, invitations, archives or backups.

14. Limits to objection, deletion or anonymization requests

Certain processing is necessary to handle a quotation request, follow the pre-contractual or contractual relationship, ensure website security, prevent abuse, comply with legal obligations, retain evidence, defend MARINI's rights or manage commercial and accounting archives.

In such cases, MARINI may refuse, limit or defer an objection, deletion or anonymization request, giving reasons where required by applicable regulations. MARINI does not promise absolute and immediate deletion where legitimate or legal grounds require retention.

Visible deletion of a library file or record does not always mean immediate deletion of all technical copies, logs, backups, preview files or attachments linked to a quotation, except where effective deletion is technically and legally possible.

15. Personal data breach

In the event of a personal data breach likely to result in a risk to the rights and freedoms of individuals, MARINI will document the incident, take appropriate corrective measures and, where required by applicable law, notify the CNIL within the applicable time limits and inform the individuals concerned.

16. Complaint to the CNIL

If the user considers that their rights have not been respected, they may lodge a complaint with the CNIL: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy — TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

17. Policy updates

MARINI may amend this policy to reflect changes to the website, its services, technical tools, processors or applicable law. The last update date is indicated at the beginning of the page.

In the event of any discrepancy between the French version and any translation, the French version shall prevail.