Privacy Policy

This Privacy Policy explains how Marketing Bar LLC (“Marketing Bar”, “we”, “our”, “us”) collects, uses, and shares personal information when you visit level.marketing-bar.com (the “Site”), read our blog or docs, or contact us through the form. It does not cover use of the Level product itself once you sign up — that will be addressed in a separate policy presented inside the application.

1. Who we are

Marketing Bar LLC is a boutique performance marketing agency based in Los Angeles, California. We build and operate Level, a cross-channel marketing reporting platform. The Site you are reading is the marketing-facing front door for that product.

For any privacy question, access request, deletion request, or California Privacy Rights request, contact us at roman@marketing-bar.com. We aim to respond within 30 days (45 days for California requests under the CCPA, with a possible 45-day extension if reasonably necessary).

2. Information we collect

The information we collect on this Site falls into three buckets.

2.1. Information you provide directly

When you submit our contact form we receive your name, email address, optional company name, the intent you selected (book a demo / start a trial / talk to sales / support / other), and any message text you include. That submission is delivered to our team inbox by Resend, and a confirmation email is sent back to your address.

2.2. Information collected automatically

When you visit the Site, certain information is collected automatically by us or by analytics providers we use:

• IP address and approximate location (country / region level)
• Device type, browser type and version, operating system
• Pages you visit, time spent, scroll depth, clicks on calls-to-action
• Referring URL (search engine, ad click, direct link)
• Ad-click identifiers (fbclid, gclid, li_fat_id) when you arrive via a paid ad

This information is collected through cookies, pixels, and similar technologies. The full vendor list is in Section 5; the cookies we set are listed in Section 6.

2.3. Information from third-party platforms

If you interact with our content on third-party platforms (LinkedIn, Instagram, Facebook, X) or click one of our ads, those platforms may share limited information with us in line with their own terms — typically aggregate engagement metrics, not individual identifiers.

3. How we use information

We process the information described above to:

• respond to your contact form submission and follow up by email;
• understand which pages, articles, and CTAs work for visitors and improve them;
• measure paid advertising performance in Google Ads, Meta (Facebook / Instagram), and LinkedIn;
• show conversion-based and limited behavioral retargeting ads to visitors who have not opted out (see Section 9);
• detect abuse — bots, form spam, attempts to bypass our rate limits;
• comply with legal and regulatory obligations.

We do not sell your personal information. We do not use it to enrich third-party data products or build resold profiles. We do not use it for automated decision-making that produces legal or similarly significant effects.

4. How we share information

We rely on a small set of vetted service providers. Each receives only the data it needs for a specific function and is bound by its own published privacy policy.

Beyond the providers above, we share information only when required by law (court order, lawful subpoena), to enforce our Website Terms , or to protect the rights, safety, or property of Marketing Bar LLC, our users, or the public. None of our service providers are permitted to use your information for their own independent marketing.

5. Cookies and tracking

Our cookie banner shows two groups: Strictly necessary (required for the Site to function — always set) and Marketing & analytics (optional). Until you accept the optional group, no marketing or analytics cookies are placed. You can change your choice at any time by clicking the cookie icon in the bottom-left corner of the Site, or by visiting Your Privacy Choices .

Cookies we set ourselves:

• cookie_control_consent, cookie_control_enabled_cookies — remember your cookie preference so the banner does not reappear on every page.
• __vercel_live_token — short-lived session continuity from Vercel.
• _lvl_attr — first-party attribution cookie (90-day expiry, set only after you accept optional cookies). Stores ad-click IDs (fbclid, gclid, li_fat_id) so we can attribute conversions back to the campaign that brought you here.

Third-party cookies (_ga, _fbp, _clck, li_fat_id at the LinkedIn level, and others) are set by the vendors listed in Section 4 and are governed by their own policies. None of these cookies are placed before you accept the optional group.

We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we automatically treat that as a request to opt out of optional cookies and to opt out of sharing for cross-context behavioral advertising — no banner interaction required.

6. Where data is processed

Marketing Bar LLC operates from California, USA. Your contact-form submission and Site analytics are processed in the United States by Vercel, Resend, and Upstash. Google, Meta, LinkedIn, and Microsoft process data in their own facilities, which may be in the US, the EU, or other regions. Where transfers cross jurisdictions, our providers rely on Standard Contractual Clauses or equivalent safeguards as documented in their respective policies.

7. Data retention

• Contact-form submissions: kept in our team inbox for as long as needed to follow up, plus up to 24 months for sales / support context.
• Cookie-free RUM (Vercel): aggregate counters with daily-rotating identifiers; nothing about individual visitors persists beyond 24 hours.
• Cookie-based analytics: each vendor follows its own retention schedule. GA4, Google Ads, Meta, LinkedIn, and Clarity defaults are between 14 and 26 months.

When data is no longer needed for the purpose it was collected for, we take reasonable steps to delete or anonymize it.

8. Security

We use reasonable technical and organizational measures to protect the information you share with us — encryption in transit (HTTPS), access controls on the team inbox, rate limiting on the contact endpoint, and a published vulnerability disclosure process (see Security ). No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights regarding the personal information we hold about you. This section is your CCPA / CPRA notice.

Categories of personal information we collect

• Identifiers — name, email, IP address, online identifiers, cookie IDs
• Internet or other electronic network activity — pages visited, click behavior, referrers, ad-click IDs
• Geolocation data — approximate (country / region) only, derived from IP
• Inferences — aggregate audience segments derived by analytics and ad platforms
• Commercial information — if you submit our contact form, the intent and message context you supplied

We do not collect sensitive personal information as defined by CPRA (no SSN, no driver’s license, no financial-account credentials, no precise geolocation, no health or biometric data).

Sources, purposes, and disclosure

The sources for each category are described in Section 2; the purposes are in Section 3; the recipients are in Section 4. We retain each category for the windows in Section 7.

Sale and sharing

We do not sell personal information for monetary consideration.

We do share personal information for cross-context behavioral advertising as that term is defined by CPRA. Specifically, when you accept optional cookies, the Meta Pixel, Google Ads, and LinkedIn Insight Tag receive identifiers and activity signals that those platforms use to optimize and measure ads shown to you elsewhere on the internet. Under CPRA this is treated as “sharing” and is subject to your right to opt out.

Your CCPA / CPRA rights

You have the right to:

• Know what personal information we collect, the sources, the purposes, and the recipients.
• Access a portable copy of the personal information we hold about you.
• Delete personal information we have collected from you, subject to legal retention obligations.
• Correct inaccurate personal information we hold.
• Opt out of sharing personal information for cross-context behavioral advertising.
• Limit the use of sensitive personal information — not applicable to us, since we do not collect that category.
• Non-discrimination — we will not deny you the Site, charge you a different price, or provide a different level of quality because you exercised any right above.

How to exercise your rights

You can exercise these rights in two ways:

• Visit Your Privacy Choices and toggle off optional cookies (this immediately stops sharing for behavioral advertising).
• Email roman@marketing-bar.com with the right you want to exercise. We may need to verify your identity (typically by confirming the email address tied to the request matches the one on file). We will not require you to create an account in order to make a request.

You may use an authorized agent to make a request on your behalf; we will require written proof of authorization. If we deny a request, you may appeal by replying to our denial email; we will respond within 45 days of the appeal.

We honor the Global Privacy Control signal as a valid opt-out of sharing under CPRA §7025. If your browser sends GPC, you do not need to take any further action.

10. EU / UK / EEA visitors

If you visit the Site from the European Union, the United Kingdom, or the European Economic Area, the GDPR / UK GDPR may apply. Our legal bases for processing are:

• Consent — for optional cookies and contact-form submissions you choose to send.
• Legitimate interests — for measuring Site performance, preventing abuse, and securing our infrastructure.
• Performance of a contract — when you ask us to send you something specific (a demo, a proposal, a reply).
• Legal obligation — where we must retain or disclose information to comply with the law.

You have the right to access, rectify, erase, restrict, and port your personal data, to object to processing based on legitimate interests, and to withdraw consent at any time. To exercise any of these, email roman@marketing-bar.com. You also have the right to lodge a complaint with your local supervisory authority.

We do not currently appoint an EU representative under Article 27 GDPR; our processing of EU residents’ data is incidental to a US-targeted Site and falls below the threshold that would require one. If that changes, this section will be updated.

11. Children

The Site and the Level product are aimed at marketing professionals. We do not knowingly collect data from anyone under 16. If you believe a minor has submitted information to us, contact roman@marketing-bar.com and we will delete the record.

12. Third-party links

The Site links to third-party websites (our parent agency at marketing-bar.com, scheduling tools like Calendly, the Level application at app.marketing-bar.com, and others referenced in our blog or docs). We do not control those sites and are not responsible for their content, terms, or privacy practices. Review the privacy policy of any external site you visit.

13. Changes to this Policy

We may update this Policy from time to time. The effective version is always the one published on this page; the “Effective” date at the top reflects the last update. For material changes, we will surface a banner above the cookie consent prompt for a reasonable transition period. Continued use of the Site after the effective date constitutes acceptance of the updated Policy.

14. Contact

Privacy questions, access or deletion requests, California Privacy Rights requests, GDPR / UK GDPR requests, or anything else related to this Policy: roman@marketing-bar.com.