Return Home

Privacy Policy

Last updated: 27 February 2026

Notice: This policy is subject to change. Please check back periodically for updates. The "Last updated" date above indicates when changes were last made.

About Us

MEM Digital Ltd is the legal entity, trading as Marbl Codes and Kindred Carnations. The company is owned and operated by Richard Bland, who also serves as the Data Protection Officer.

Company Registration: 13753194 (England & Wales)

VAT Number: 400325657

Registered Address: 3-4 Brittens Court, Clifton Reynes, Olney, United Kingdom, MK46 5LG

Trading Address: C/O 24-25 High Street, Wellingborough, Northamptonshire, NN8 4JZ

Data Protection Officer: Richard Bland

Contact: [email protected]

We may collect the following types of personal information:

  • Contact information: Name, email address, phone number when you contact us or use our services
  • Account information: Information you provide when engaging our services
  • Usage data: How you interact with our websites and services
  • Conversation data: When using Nura (our AI assistant), conversation summaries may be collected with your explicit consent
  • Technical data: IP address, browser type, device information for security and analytics

We use your information to:

  • Provide and improve our services
  • Respond to enquiries and support requests
  • Communicate about projects and services
  • Follow up on conversations (only with your consent)
  • Send relevant updates about our services (where you have opted in)
  • Ensure security and prevent fraud
  • Comply with legal obligations

Legal basis: We process your data based on:

  • Consent - where you have given clear consent (e.g., for marketing or Nura summaries)
  • Contract - where processing is necessary to fulfil a contract with you
  • Legitimate interests - where we have a legitimate business interest that does not override your rights
  • Legal obligation - where we are required to process data by law

Nura is our AI voice assistant available at nura.marbl.codes. When you use Nura, we collect and process data as follows:

Data collected:

  • Name: Your first name (required) and last name (optional) to personalise your conversation
  • Email address: Required to enable follow-up communication if you consent to receiving a conversation summary
  • Phone number: Only if you voluntarily provide it during the conversation for callback purposes
  • Conversation transcript: A record of what was discussed, used only for sending summaries to our team when you give explicit consent

How we use this data:

  • To greet you by name and provide a personalised experience
  • To send conversation summaries to Richard and his team (only with your explicit consent)
  • To follow up on enquiries via email or phone (only when you have consented)

Returning visitor functionality:

If you opt-in by checking "Remember me for future visits", your name and email are stored locally in your browser (not on our servers) for up to 14 days. This allows Nura to recognise you on return visits and pre-fill your details. You can clear this data at any time through the Nura interface or your browser settings.

Third-party data sharing:

When you use Nura, your data is shared with the following third-party services. By using Nura, your data becomes subject to these providers' own privacy policies and terms of service:

  • ElevenLabs: Nura is powered by ElevenLabs conversational AI. Your voice recordings and conversation transcripts are transmitted to ElevenLabs for processing. Voice recordings and transcripts are stored by ElevenLabs for up to 30 days for quality assurance, analytics, and service improvement purposes, after which they are automatically deleted. Only the account owner (Marbl Codes) has direct access to these recordings, which are used solely for training, analytics, and communication purposes. See the ElevenLabs Privacy Policy for full details.
  • AI Language Models: Conversation data may be processed by third-party AI platforms such as Google (Gemini), OpenAI, or Anthropic to generate responses. Data shared with these platforms is subject to their respective privacy policies: Google Privacy Policy, OpenAI Privacy Policy, Anthropic Privacy Policy.

We only share the minimum data necessary to provide the service. We encourage you to review the privacy policies of these third-party providers to understand how your data may be processed.

Legal basis: Consent (Article 6(1)(a) UK GDPR). You provide explicit consent before starting a conversation and before any summary is sent.

Luma is our daily intelligence feed available at luma.marbl.codes. You can subscribe to receive daily digest emails covering AI, Quantum Computing, and Web Development news.

Data collected when subscribing:

  • Email address: Required to send you the daily digest
  • Category preferences: Which topics you want to receive (AI, Quantum, Web)
  • Verification token: A unique token to verify your email address
  • Unsubscribe token: A unique token allowing you to unsubscribe at any time

How we use this data:

  • To send you daily digest emails based on your category preferences
  • To verify your email address before sending digests
  • To allow you to unsubscribe at any time

Data storage:

Your subscription data is stored securely in our database. We do not share your email address with third parties for marketing purposes.

Unsubscribing:

Every digest email includes an unsubscribe link. You can also unsubscribe by contacting us at [email protected]. Upon unsubscribing, your email address will be removed from our mailing list.

Legal basis: Consent (Article 6(1)(a) UK GDPR). You provide explicit consent by subscribing and verifying your email address.

We publish content from Luma and other Marbl Codes products to social media platforms to share AI, technology, and web development news with a wider audience. We use the following platforms:

Platforms used:

  • Instagram (Meta): We publish images, videos, and Reels to our business Instagram account via the Meta Graph API. We use the instagram_content_publish and instagram_manage_comments permissions to post content and manage comments on our own posts.
  • X (Twitter): We publish articles and videos via the Twitter API to our own account.
  • LinkedIn: We publish articles and videos to our own personal and company LinkedIn profiles via the LinkedIn API.
  • YouTube: We upload short-form video content (Shorts) to our own YouTube channel via the YouTube Data API.

Meta Platform Data:

When using Meta APIs (Instagram), we receive limited Platform Data from Meta, including:

  • Our Instagram Business account user ID
  • Media container IDs and post IDs for content we publish
  • API access tokens for authentication

We do not collect, store, or process personal data of Instagram users, followers, or commenters beyond what is necessary to manage our own published content. We do not access other users' profiles, messages, or personal information.

How we use social media APIs:

  • To publish AI-curated news articles and digest summaries to our own accounts
  • To upload generated video content (news digests) to our own accounts
  • To add comments with links on our own posts for discoverability
  • To manage and moderate comments on our own published content

What we do NOT do:

  • We do not post content on behalf of other users
  • We do not access other users' accounts, messages, or personal data
  • We do not sell or share Meta Platform Data with third parties
  • We do not use Meta Platform Data for advertising, profiling, or tracking

Data retention:

API access tokens are stored securely and refreshed automatically. Post and media IDs are retained in our database to prevent duplicate posting. No personal data from social media users is collected or retained.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) - publishing our own content to promote our business and share relevant industry news.

We may share data with trusted third parties who assist in delivering our services:

  • Hosting providers: Cloudflare (Pages, Workers, R2 storage, D1 database) and Krystal (web hosting) - to host our websites and services securely
  • Payment processors: Stripe - to process payments for our services securely
  • Analytics tools: Fathom Analytics (privacy-focused, no cookies) - to understand how our services are used
  • Email service providers: Google Workspace (Gmail API) - to send communications you have requested
  • AI service providers: OpenAI (image generation via DALL-E), ElevenLabs (voice synthesis), Anthropic (content generation) - as detailed in the Nura and Luma sections above
  • Social media platforms: Meta (Instagram), X (Twitter), LinkedIn, YouTube (Google) - to publish our own content as detailed in the Social Media section above
  • Image optimisation: Tinify - to compress and convert images for web delivery
  • Policy generation: Termageddon - to generate and maintain legal policy documents
  • Website tools: WordPress and Elementor - used for some client websites

Data controller: MEM Digital Ltd is the data controller responsible for all personal data and Platform Data processed through our services.

We do not sell your personal data. We do not share personal data or Meta Platform Data with third parties for their own marketing, advertising, or profiling purposes.

We may also disclose data where required by law or to protect our legal rights.

We retain personal data only as long as necessary for the purposes outlined above, or as required by law. We run automated data cleanup processes to enforce these retention periods:

  • Contact and enquiry data: Retained for as long as necessary to respond to your enquiry, then deleted unless you become a client
  • Client data: Retained for 6 years after the end of our business relationship for legal and accounting purposes
  • Nura conversation data: Conversation summaries are retained for business purposes; ElevenLabs retains voice recordings for up to 30 days
  • Local storage data: Automatically expires after 14 days if you opted in to "Remember me"
  • Luma subscriber data: Verified subscribers are retained until they unsubscribe. Unverified email addresses (pending verification) are automatically deleted after 7 days
  • Email engagement data: Records of emails sent to subscribers are retained for 90 days, then automatically deleted
  • Error and system logs: Technical error logs are retained for 30 days. Audit logs (records of administrative actions on personal data) are retained for 1 year for compliance purposes
  • Content data: Published digests and articles are retained for 60 days; source material is retained for 3 days

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at [email protected]. We will acknowledge your request within 5 working days and respond fully within 30 days, as required by UK GDPR.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

We take appropriate technical and organisational measures to protect your personal data, including:

  • Secure HTTPS connections on all our websites
  • Regular security updates and monitoring
  • Access controls limiting who can access personal data
  • Secure hosting with reputable providers

While we take all reasonable precautions, no data transmission over the internet can be guaranteed to be 100% secure.

Some of our third-party service providers may process data outside the UK. When this occurs, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK government
  • Transfers to countries with adequacy decisions
  • Binding corporate rules where applicable

For Nura specifically, data may be processed in the United States by ElevenLabs, Google, OpenAI, and Anthropic under their respective data protection frameworks.

You have the right to request deletion of any personal data we hold about you. This includes data collected through our websites, Nura AI assistant, Luma subscriptions, and any data obtained through social media platform APIs.

How to request data deletion:

  • Email us at [email protected] with the subject line "Data Deletion Request"
  • Include your name and the email address associated with your data
  • Specify which data you would like deleted (or request full deletion)

What happens when you request deletion:

  • We will acknowledge your request within 5 working days
  • Your data will be deleted within 30 days of the request
  • We will confirm deletion once complete
  • Some data may be retained where required by law (e.g., financial records for tax purposes)

Meta Platform Data:

If you wish to have any Meta Platform Data associated with your interactions with our Instagram content deleted, please contact us using the method above. We will delete the relevant data and confirm completion.

Luma subscribers:

You can unsubscribe at any time using the link in any digest email. To request full deletion of your subscriber data, email us at [email protected].

If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:

Email: [email protected]

Address: Marbl Codes (MEM Digital Ltd), C/O 24-25 High Street, Wellingborough, Northamptonshire, NN8 4JZ

Data Protection Officer: Richard Bland