Privacy Policy

Last updated: 17 June 2026

Maram Solutions Ltd (Maram, Maram Live, we, us, our) values the privacy of every person who uses the Maram Live platform at maram.live and the related services we provide (the Services). This Privacy Policy explains what data we collect, how we use it, who we share it with, and what choices you have. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and with the EU GDPR where it applies to users in the European Economic Area. By creating an account or using the Services, you agree to the practices described in this policy. The Services are also governed by our Terms of Service.

1. Who We Are

Maram Live is operated by Maram Solutions Ltd, a company registered in England and Wales (company number 17256943), with its registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. We are the data controller for personal data collected through maram.live.

We are registered as a data controller with the UK Information Commissioner's Office (ICO) under registration reference ZC170092.

For privacy related questions or requests, contact us at support@maram.solutions.

2. Information We Collect

Account and profile information. When you sign up, we collect your first name, last name, email address, and phone number. If you sign up using Google or another third party account, we receive your name and email address from that service, and may receive a profile photo. AI Practitioners additionally provide a profile bio, photo, location, and professional background.

Biometric data. To verify that AI Practitioner profile photos show a real, single, identifiable face, our profile photo uploader runs in browser face detection (via Google MediaPipe) on the photo you upload. Face landmark data is processed temporarily in your browser; we do not store the underlying face geometry on our servers. The uploaded photo itself is stored as your profile image. Where this processing involves biometric data used to uniquely identify a person, it is treated as special category data under Article 9 of the UK GDPR and is carried out on the basis of your explicit consent, given when you upload a photo.

Application and onboarding information. If you apply to become an AI Practitioner, we collect your professional history, AI expertise, teaching experience, proposed session topics, and any documents or media you upload to support your application.

Purchase information. When you make a purchase, your payment card details are collected directly by Stripe on our behalf. We retain a record of the transaction (amount, date, product purchased) but we do not store your card number or bank account details.

Communications. If you contact us directly, we receive your name, email address, the contents of your message, and any attachments you send. If you subscribe to our newsletter, we collect your email address.

Ratings, reviews, and feedback. If you choose to rate a workshop, program, or AI Practitioner, or to leave feedback, we receive any information and content you choose to provide.

Practitioner financial information. AI Practitioners provide bank account details and identification documents to Stripe Connect during onboarding so they can receive payouts. Maram does not see or store this information directly; Stripe handles it under their own privacy policy and our Connect agreement.

Video and audio recordings. Live workshops and programs delivered on Maram Live may be recorded. Where a session is recorded, attendees are notified before the session begins. Recordings are made available to enrolled attendees through the platform and may also be retained by the AI Practitioner for their own archive.

Attendance and session data. We record whether you attended a live session, when you joined and left, and how long you stayed. This is used to confirm session delivery, generate practitioner payout records, and surface attendance information to you and the AI Practitioner.

In-person attendance information. Where you purchase an in-person session, we share your name and the attendance details the AI Practitioner needs to admit you and run the session at the venue. In-person sessions are not held on Zoom and are not recorded unless the listing says otherwise.

Usage information. We automatically receive information about how you interact with the platform: pages viewed, searches conducted, AI Practitioners you follow, purchases you make, and the dates and times of your visits.

Device information. We receive information about the device and software you use to access the Services: IP address, web browser type, operating system, device identifiers, and push notification tokens.

Location information. We collect your approximate location from your IP address. This is used to surface local time zones, comply with tax obligations, and understand our global audience. We use ipapi.co for IP based geolocation.

Information from third parties. If you sign up using a third party provider, we receive the information you have authorised that provider to share with us. Stripe shares limited transaction information with us so we can confirm a purchase and grant access. Where you consent to non essential cookies, our analytics partners share aggregated behavioural data with us.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Services
  • Personalise your experience, including tailored workshop and program recommendations
  • Communicate with you, including order confirmations, session reminders, account notices, and responses to your questions
  • Send marketing communications about upcoming workshops, programs, and offers, where you have given your consent
  • Process payments and pay out AI Practitioners
  • Generate attendance reports, payout records, and post session reports for AI Practitioners
  • Detect and prevent fraud, abuse, and other safety issues
  • Comply with our legal, accounting, and tax obligations, including those under UK law and the Stripe Services Agreement
  • Enforce our Terms of Service and other agreements
  • Generate anonymised, aggregate data that we may use to publish reports, none of which identifies you personally

4. Legal Basis for Processing

We only process your personal data when we have a valid lawful basis under the UK GDPR (and the EU GDPR where it applies to you):

  • Contract: processing necessary to deliver the Services you have purchased or applied for
  • Consent: where you have agreed to a specific use, such as marketing communications, non essential cookies, and the biometric face check on practitioner photos; you may withdraw consent at any time
  • Legal obligation: where we are required to process your data to comply with applicable law, including tax and accounting record retention, fraud prevention, and responses to lawful requests from authorities
  • Legitimate interests: where we or a third party have a legitimate interest in processing your data, including platform security, fraud prevention, and improving the Services; we only rely on legitimate interests where they are not overridden by your rights and interests

Where we process special category data (the biometric face check described above), we do so on the basis of your explicit consent under Article 9(2)(a) of the UK GDPR.

5. Cookies

Maram uses cookies and similar technologies to operate the platform and improve your experience. Our use of cookies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR. We group cookies into categories.

Strictly necessary cookies are required for the platform to function (login sessions, authentication, security). These are always active and do not require consent under PECR.

Functional cookies help us recognise you when you return so we can personalise content and remember preferences.

Analytical or performance cookies help us understand how the platform is used. We use Google Analytics for traffic analysis. You can opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

We ask for your consent before any non essential cookies are set, and you can manage your cookie preferences at any time via the cookie settings on the platform.

We do not respond to Do Not Track signals.

See our Cookie Policy at maram.live/legal/cookie-policy for the full list.

6. Third Parties We Share Data With

We do not sell your personal data. We share your data with third party services only where necessary to operate the Services.

ServicePurposeData Shared
Stripe (incl. Stripe Connect)Payment processing and AI Practitioner payoutsName, email, transaction details, location, IP address
ZoomLive session hosting and recordingName, email, attendance data
ResendTransactional email deliveryName, email
Google AnalyticsWebsite traffic analysisAnonymised usage data
ipapi.coIP geolocationIP address
SupabaseDatabase, authentication, and storageAll account and platform data
Google (OAuth)Single sign onName, email, profile photo
Cloudflare TurnstileBot protection on public formsIP address, device characteristics

All third party services are bound by their own privacy policies, and we put data processing agreements in place with them as required by the UK GDPR.

We may also disclose your information if we believe doing so is required or appropriate to comply with law enforcement requests and legal process (court orders, subpoenas, lawful regulatory requests); to respond to your own requests; or to protect the rights, property, or safety of you, Maram, our users, or others.

In the event Maram is acquired by, merged with, or transfers assets to another company, your information may be transferred as part of that transaction. The use of your information following any such event will continue to be governed by this Privacy Policy or its successor.

7. International Data Transfers

Maram operates globally and our service providers operate globally. Your personal data may be transferred to, processed in, and stored in countries outside the United Kingdom, including the United States, the European Union, Singapore, and other locations where our service providers operate. Notably, Stripe processes payment and Connect data in the United States and other countries where Stripe operates; Supabase hosts our database in Singapore; Zoom processes session data in the United States and other regions; Resend processes email data in the United States; Google processes OAuth and analytics data globally.

Where we transfer personal data outside the United Kingdom, we rely on one of the transfer mechanisms permitted under Chapter V of the UK GDPR: a UK adequacy decision (UK adequacy regulations) for the destination country where one exists, or, where it does not, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any additional safeguards needed to protect your data. For users in the EEA, equivalent EU GDPR transfer mechanisms apply.

8. How Long We Keep Your Data

  • Active account data: retained for as long as your account is active
  • Deleted account data: personal data deleted within 30 days of a valid deletion request, except financial and transaction records, which are retained for 6 years to meet UK accounting and tax obligations
  • Inactive accounts: accounts with no activity for 3 years receive an email asking you to confirm you want to keep the account; if there is no response within 30 days, the account is deleted
  • Marketing consent records: retained for up to 5 years as proof of consent
  • Session recordings: learner access is available for the recording window stated for the product or purchase; platform retention of recording files is limited to what is needed to deliver access, operate the platform, resolve disputes, protect rights, and meet legal obligations

9. Your Rights

Under the UK GDPR (and the EU GDPR where it applies to you), you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request that we correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data, subject to legal retention requirements
  • Restriction: request that we restrict processing of your data in certain circumstances
  • Portability: request that we provide your data, or transmit it to another controller, in a structured, commonly used, machine readable format, where technically feasible
  • Objection: object to processing based on legitimate interests, and to direct marketing at any time
  • Withdraw consent: withdraw any consent you have given, at any time, without affecting processing already carried out

To exercise any of these rights, contact support@maram.solutions. We will respond within one month, as required by the UK GDPR. There is normally no charge.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include encrypted data storage via Supabase, secure HTTPS connections, unique session access tokens per user, multi factor authentication on administrative accounts, and access controls limiting who within Maram can access personal data.

Data breach notification. In line with Articles 33 and 34 of the UK GDPR, if we become aware of a personal data breach we will notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to your rights and freedoms. Where the breach is likely to result in a high risk to you, we will also notify you without undue delay.

No system is completely secure. If you believe your account has been compromised, contact support@maram.solutions immediately.

11. Minors

The Services are not intended for anyone under 18 years of age. Entering into the contract set out in our Terms of Service requires full legal capacity, which in the United Kingdom means being at least 18 years old. While the UK GDPR sets the age of consent for information society services at 13, we do not offer the Services to anyone under 18 and do not knowingly collect their personal data.

If you believe a person under 18 has created an account, contact support@maram.solutions and we will delete the account.

12. Copyright and Infringement Notices

If you believe that content on the Services infringes your copyright or other intellectual property rights, please send a notice to support@maram.solutions. Your notice should include:

  • A description of the work you claim has been infringed
  • A description of the material on the Services that you claim is infringing, and where it is located
  • Your name, address, telephone number, and email address
  • A statement that you have a good faith belief that the use of the material is not authorised by the copyright owner, its agent, or the law
  • A statement that the information in your notice is accurate and that you are the rights owner or are authorised to act on the rights owner's behalf

Notices raising infringement under the Copyright, Designs and Patents Act 1988 will be reviewed promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and a notice on the platform. The date at the top of this policy reflects when it was last updated. Continued use of the Services after an update constitutes acceptance of the revised policy.

14. Contact and Complaints

For any privacy related questions or to exercise your rights, contact us at support@maram.solutions.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. If you are in the EEA, you may also complain to your local data protection authority. We would, however, appreciate the chance to address your concerns before you approach the regulator.