Data Deletion

How to request the deletion of your personal data at Marai

Last updated: April 16, 2026

1. Introduction

This page explains how to request the deletion of personal data that Marai stores about you, in compliance with Article 17 of the General Data Protection Regulation (GDPR — right to erasure) and Meta's requirements for applications integrated with WhatsApp Cloud API.

2. Marai as data processor

Marai acts as a data processor under Article 28 GDPR. The data controller of your personal data is the business (hair salon, clinic, beauty centre, etc.) that you have interacted with through WhatsApp, email or the appointment system.

You can exercise your right to erasure by contacting:

Directly the business that provided the service (recommended option).
Or Marai, in which case we will forward the request to the controller and cooperate in its execution.

3. What data we store about you

These are the categories of data Marai may store about you, depending on your interaction with the business:

Identification data

Full name.
Phone number (used by the WhatsApp bot and reminders).
Email address (if you provided it).
Tax data (tax ID, address) only if the business issued an invoice in your name.

Conversation data (WhatsApp, email, web chat)

Messages exchanged with the business through Marai.
Files sent (images, documents, audio).
Delivery metadata (date, time, read status).
External message identifier on the origin platform.

Appointment and service data

Appointment history (dates, booked services, assigned professional).
Payments made to the business through Marai.
Loyalty points, reviews, active memberships.

Consents

Record of GDPR consents granted (marketing, data processing).

4. What we do NOT store

To avoid any doubt, Marai never collects or stores the following data:

Your WhatsApp account password.
Contacts from your phone address book.
GPS location (unless you explicitly share it in a message).
Conversations with other numbers unrelated to the business.
Content from other applications installed on your device.

5. How to request deletion

Send an email to privacidad@maraiagenda.com and include in the message:

Full name.
Phone number used with the business.
Business name (hair salon, clinic, etc.).
Subject: "Data deletion request (GDPR Art. 17)".

Optionally, attach a national ID or supporting document to speed up identity verification (Article 12.6 GDPR requirement).

6. Response time

We process your request within a maximum of 30 calendar days from receipt, pursuant to Article 12.3 GDPR. We usually complete deletion within 48-72 hours.

If the request is complex or we receive a high volume of requests, we may extend the deadline by two additional months, informing you of the reason.

7. What happens after deletion

Once your request is processed, these are the concrete effects:

Your personal data is removed from Marai's active systems.
WhatsApp conversations, emails and appointments linked to your identity are anonymised or deleted.
Backups are overwritten within a maximum of 30 days.
We only retain data required by legal obligations (invoicing — 6 years pursuant to Art. 30 of the Spanish Commercial Code; consent records — the time necessary to demonstrate compliance under Art. 7.1 GDPR).

8. Your additional rights

In addition to the right to erasure, the GDPR grants you the following rights:

Right of access (Art. 15).
Right to rectification (Art. 16).
Right to restriction of processing (Art. 18).
Right to data portability (Art. 20).
Right to object (Art. 21).

You may exercise them by writing to privacidad@maraiagenda.com.

9. Complaints

If you consider that your request has not been handled correctly, you can lodge a complaint with your local Data Protection Authority. In Spain, the competent authority is the Agencia Española de Protección de Datos (AEPD), at www.aepd.es.

10. Contact

Privacy contact: privacidad@maraiagenda.com.
Data Protection Officer (DPO): dpo@maraiagenda.com.

Frequently asked questions about data deletion

How do I request the deletion of my personal data in Marai?

Send an email to privacidad@maraiagenda.com with your full name, the phone number you used with the business, the business name and the subject "Data deletion request (Art. 17 GDPR)". Optionally you may attach a copy of your ID or official document to speed up identity verification (Art. 12.6 GDPR).

How long does Marai take to process my deletion request?

We process the request within a maximum of 30 calendar days from receipt, pursuant to Art. 12.3 GDPR. We normally complete the deletion in 48-72 hours. If the request is complex or we receive a high volume, we may extend the period by two further months, informing you of the reason.

What data does Marai store about me as a customer of a business?

Depending on your interaction with the business, Marai may store: identification data (name, phone, email), WhatsApp or email conversations with the business, appointment and payment history, loyalty points, active memberships and GDPR consent records. We do not store your WhatsApp password, phone contacts or GPS location.

What happens to my data after deletion?

Your personal data is removed from Marai's active systems, conversations and appointments linked to your identity are anonymised or deleted, and backups are overwritten within a maximum of 30 days. We only keep data that the law requires us to retain (billing records for 6 years under Art. 30 CCom and consent records under Art. 7.1 GDPR).

Can I exercise other GDPR rights besides deletion?

Yes. In addition to the right of erasure (Art. 17 GDPR), you can exercise the rights of access (Art. 15), rectification (Art. 16), restriction of processing (Art. 18), portability (Art. 20) and objection (Art. 21). Write to privacidad@maraiagenda.com. If you believe we are not handling your request properly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.