Data Storage, Permissions & Compliance

This article answers common questions about how GoMarble AI handles data, what permissions are required, and where we stand on compliance and certifications.

Written By GoMarble

Last updated 6 months ago


Is my data stored?

No. Your performance data is not stored on GoMarble servers. Your data is transiently processed to generate reports and insights, and then discarded. GoMarble only retains limited items needed to operate the product (e.g., configured account identifiers/metadata, read‑only OAuth tokens, and any chats/reports you explicitly save). Delete a chat/report and its fetched contents are removed with it.

What permission level does your agent require to work?

Permission needs vary by platform. We request the minimum necessary to function while respecting security.

  • Meta (Facebook & Instagram Ads): Read access only.

  • Google (Ads & Analytics): Due to Google API constraints, we require full scope access. However we restrict our agent with Read-Only Access is used solely to read and analyze your data to generate reports.

  • Shopify: Read access for customers, orders and products scope. We use this data for aggregating revenue metrics.

  • Snowflake (direct connections): We recommend creating a dedicated user with READ permissions limited to the specific schemas/tables you want analyzed.

Note: Regardless of platform, GoMarble operates in a read‑only mode and does not edit campaigns, budgets, creatives, or store full account exports.

Do you train your AI on my data?

No. Your data remains yours. We do not use your business or performance data to train generalized AI models or our.

We use these third‑party LLMs strictly as processors for inference. Our configuration is set to no training / no data retention for model improvement. Inputs and outputs are processed only to deliver the requested feature (e.g., a report or analysis). If a future feature ever required provider‑side retention or training, we would seek your explicit, prior consent.

How do I delete my data?

Because we don’t store your performance data, the primary items to consider are your account information, stored artifacts (chats and reports) and connections.

  • To remove everything tied to your user, go to Settings → Account → Delete Account. This deletes your GoMarble AI account and all associated connection information.

  • You can also delete individual chats and reports at any time; the fetched contents contained within those artifacts are deleted permanently along with them.

Are you GDPR Compliant?

We are actively working toward full GDPR compliance as part of our commitment to privacy and data protection, and it is a key priority on our roadmap. In the meantime, our operational practices already follow core GDPR principles (data minimization, purpose limitation, and user‑controlled deletion of artifacts).

Do you have Enterprise‑level data certifications?

We are in the process of obtaining key enterprise data security certifications to validate our controls formally. Until then, we maintain industry‑standard safeguards (encryption in transit/at rest for stored items, secret management for OAuth tokens, least‑privilege access, audit logs) and can complete security questionnaires upon request.

Still have questions?

Contact us at support@gomarble.ai or via in‑app support. We’re happy to provide a security summary, respond to due‑diligence questionnaires, or execute a DPA where needed.