MarketConfigBack to Home

Privacy Policy

Last updated: April 17, 2026

Data Controller & Data Processor

MarketConfig LLC

548 Market St, PMB 920358, San Francisco, CA 94104

This Privacy Policy (the “Policy”) explains how MarketConfig LLC (the “Company,” “we,” “us,” or “our”) processes Personal Data. Depending on the context, the Company may act as either a Data Controller or a Data Processor.

The Services are not intended for individuals under the age of 18.

1

Definitions

“Controller”

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing Personal Data.

“Personal Data”

Any information relating to an identified or identifiable natural person (“data subject”), including identifiers such as a name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

“Service(s)”

A cloud-based SaaS platform for managing farmers markets and similar operations, including vendor management, communication tools (SMS, email, MMS), payment tracking, reporting, and administrative tools.

“Subscriber”

The natural or legal person who has subscribed to the Service(s) by agreeing to the Terms — the binding contract between the Company and Subscriber governing access and use.

“Data Controller”

The entity that determines the purposes and means of processing Personal Data.

“Data Processor”

The entity that processes Personal Data on behalf of the Data Controller.

2

Data Roles

The Company may act as both a Data Controller and a Data Processor depending on the context of the data being processed.

As Data Controller

The Company acts as a Data Controller with respect to Personal Data collected directly for its own business purposes, including:

  • Account registration
  • Billing and invoicing
  • Customer support

As Data Processor

The Company acts as a Data Processor with respect to Personal Data processed on behalf of its Customers through the Platform, including:

  • Vendor data
  • Customer-provided data
  • Communications (SMS, MMS, email)
  • Uploaded documents
  • Operational data

In its role as a Data Processor, the Company processes Personal Data solely on behalf of the Customer and in accordance with the Customer’s instructions and the applicable Data Processing Agreement. The Customer is responsible for determining the purposes and means of processing such Personal Data.

3

Data Collection

The Subscriber directly provides the Company with most of the data we collect. We collect Personal Data from the following sources:

Account & Organization Data

  • Registration Information — Name, email address, phone number, and organization details.
  • Billing & Payment Information — Payment records, transaction histories, and billing details processed through the Platform.
  • Onboarding & Training Data — Information submitted during onboarding, setup, or training processes.
  • Support Communications — Support requests, emails, feedback, and other communications with the Company.

Vendor & Participant Data

  • Contact Information — Names, phone numbers, and email addresses of vendors and participants.
  • Uploaded Documents — Permits, licenses, agreements, certifications, and other files uploaded to the Platform.
  • Platform Content — Content created, submitted, or managed within the Platform.
  • User Accounts — Account details for employees, contractors, or vendors.

Usage & Technical Data

  • Activity Logs — Login activity, timestamps, actions taken (edits, submissions, updates), and feature usage data.
  • System Logs — Audit trails, error logs, and performance diagnostics.
  • Device Information — IP address, browser type and version, device identifiers, operating system, access times, and session data.

Communication Data

  • Messages — SMS, MMS, and email messages sent through the Platform.
  • Message Metadata — Content, attachments, sender/recipient information, timestamps, delivery status, and communication logs.

Third-Party & Imported Data

  • Service Provider Data — Data received from third-party providers (messaging providers, payment processors, hosting services, analytics tools, and integrations).
  • Bulk Imports — CSV file uploads, bulk data imports, historical records, legacy data, and documents uploaded into the system.
4

Processing of Personal Data

(a) Purposes

We collect and process personal and operational data for the following purposes:

Provide, operate, and maintain the Platform and its features

Facilitate communication between Customers, vendors, and users through SMS, email, and MMS

Manage vendor operations and marketplace activities

Process transactions and maintain financial and operational records

Monitor usage and ensure system security and integrity

Comply with applicable legal, regulatory, and contractual obligations

We also process data to improve platform performance, provide customer support and training, and develop new features and enhancements.

(b) Legal Basis for Processing

We collect Personal Data from Subscribers only where we need to fulfill a contract, where processing is in our legitimate interests and not overridden by the Subscriber’s data protection rights, or where we have consent. In some cases, we may have a legal obligation to collect Personal Data.

(c) Withdrawal of Consent

If we process Personal Data with consent, the Subscriber may withdraw their consent at any time by contacting us at the email address provided below.

(d) Communications Disclaimer

The Company transmits communications (including SMS, MMS, and email) on behalf of Customers and does not control or determine the content, recipients, or legality of such communications.

5

Sharing of Personal Data

MarketConfig does not sell Personal Data to third parties.

We may share Personal Data in the following circumstances:

Service Delivery

To provide, operate, and maintain the Platform and deliver the requested services, including facilitating communications between Customers, vendors, and users through integrated messaging services (SMS, email, and MMS).

Group Companies & Third-Party Service Providers

We may share Personal Data with group companies and third-party service providers (such as hosting providers, messaging providers, payment processors, and analytics services) strictly as necessary to offer our Services and send information or updates about the Services.

Legal & Compliance

To comply with applicable laws, regulations, legal processes, subpoenas, or lawful requests from government authorities, and to enforce the Company’s terms, agreements, and policies.

Safety & Protection

To protect the rights, safety, security, and integrity of the Company, its users, and the public.

Fraud Prevention

When processing orders, we may share data with and use resulting information from credit reference agencies to prevent fraudulent purchases.

The Company is not responsible for the privacy practices of third-party service providers. Customers are encouraged to review the privacy policies of such providers independently.

6

Retention of Personal Data

The Company retains Personal Data for the duration necessary to provide its services and fulfill the purposes outlined in this Policy.

Upon termination of services, the Company may retain Personal Data for a limited period (typically 30–90 days) to allow for data retrieval and backup purposes.

Following this period, Personal Data may be deleted or anonymized, except where retention is required or permitted for legal, regulatory, audit, security, or legitimate business purposes, including maintaining financial records, system logs, and compliance-related data.

7

Security of Personal Data

The Company uses appropriate technical and organizational measures to protect Personal Data. These measures are designed to provide a high level of security appropriate to the risk of processing.

Encryption of data in transit (TLS/SSL) and at rest
Role-based access controls with multi-tier permission hierarchy
Regular security audits and vulnerability assessments
Secure authentication through identity management provider
Automated audit trails and activity logging
Row-level security policies for tenant data isolation

If you are a Subscriber and have any concerns about the security of your Personal Data, please contact us immediately.

8

Data Subject Rights

Depending on applicable laws, individuals may have rights regarding their Personal Data, including the right to:

Access

Request a copy of your data

Correct

Update inaccurate information

Update

Keep your data current

Delete

Request erasure of your data

Requests may be submitted using the contact information provided below.

9

Modifications to This Policy

The Company keeps this Policy under regular review and may update it at any time. This Policy may be amended, and the Subscriber shall be notified only if there are material changes to this Policy.

Contact Details

If you have any concerns about this Policy, please get in touch with us.

Company

MarketConfig LLC

Address

548 Market St, PMB 920358
San Francisco, CA 94104

Email

support@marketconfig.com

Website

www.marketconfig.com