Privacy Policy

1. Who We Are

MARATTO is a TTO-as-a-Service platform operated by Dazzle Africa. We map African universities and help institutions establish technology transfer infrastructure. Our website is maratto.africa.

For privacy enquiries, contact us at privacy@maratto.africa.

2. What Data We Collect

Data you provide directly

• Name, job title, institution name, country, and email address, collected via the Register Interest form
• The category you select when registering (University / Investor / Partner / Co-founder)

Data collected automatically

• IP address and browser information, via Vercel hosting infrastructure
• Page views and performance metrics, via Vercel Analytics (cookieless; no personal data stored)
• User behaviour, clicks, scroll depth, and session recordings, via PostHog only with your consent

Data we do not collect

• Payment information (we have no payment processing at this stage)
• Sensitive personal data as defined under GDPR or POPIA

3. How We Use Your Data

• To respond to Register Interest submissions
• To contact you about MARATTO services and updates you have opted into
• To improve the platform using aggregated analytics

We do not sell your data. We do not share your data with third parties except as described in section 4 below.

4. Third-Party Services

We use the following third-party services to operate the site:

• Supabase: database and authentication. Privacy policy ↗
• Vercel: hosting and deployment. Privacy policy ↗
• Vercel Analytics: cookieless performance metrics. Privacy policy ↗
• PostHog: product analytics and session tracking (consent required). Privacy policy ↗
• Google Fonts: typography. Privacy policy ↗

5. Legal Basis for Processing

Under GDPR and UK GDPR:

• Register Interest form: legitimate interest (responding to your enquiry) and consent (where we contact you about our services).
• Vercel Analytics: legitimate interest; cookieless and does not constitute personal data processing requiring consent.
• PostHog: consent; loaded only after you opt in via the cookie banner.

6. Your Rights

Under GDPR, UK GDPR, and South Africa's POPIA (Protection of Personal Information Act), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent at any time
• Object to processing based on legitimate interest
• Lodge a complaint with a supervisory authority (ICO in the UK; the Information Regulator in South Africa)

To exercise any of these rights, contact us at privacy@maratto.africa.

7. Data Retention

Register Interest submissions are retained until you request deletion or MARATTO ceases operations. Analytics data is subject to PostHog's and Vercel's respective retention policies.

8. International Transfers

MARATTO operates globally. Data may be processed in the United States (Supabase, Vercel, PostHog) and Europe. Where personal data is transferred outside the UK or EEA, we rely on standard contractual clauses or other lawful transfer mechanisms where applicable.

9. Children

MARATTO is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We will update this page when our practices change. The “Last updated” date at the top will reflect the most recent version. Continued use of the site after changes are posted constitutes acceptance of the updated policy.