Privacy Policy

1. Introduction

Markus ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing assistant platform and related services (collectively, the "Service").

By using Markus, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name
• Password (securely hashed)
• Profile picture (if provided)

2.2 Campaign and Contact Data

When you create and manage campaigns, we collect:

• Campaign names, descriptions, and configurations
• Contact information (names, email addresses, phone numbers, company details)
• Lead discovery search queries and results
• Email templates and AI-generated content
• Email engagement data (opens, clicks, replies)

2.3 Email Communication Data

When you send emails through Markus, we collect:

• Email content and subject lines (including AI-generated content)
• Email metadata (send times, recipients, delivery status)
• Engagement metrics (opens, clicks, bounces, replies)
• Conversation threads and response content

2.4 Lead Discovery Data

When you use our lead discovery features, we collect:

• Search queries and location parameters
• Discovered business information (from Google Maps and web scraping)
• Contact details extracted from public sources

2.5 Billing Information

For subscription management, we store:

• Stripe customer ID
• Subscription plan and billing cycle
• Subscription status and dates

Note: We do not store complete payment card information. All payment processing is handled securely by Stripe.

2.6 Usage and Analytics Data

We automatically collect:

• Device and browser information
• IP address and approximate location
• Pages visited and features used
• Error logs and performance data

3. How We Use Your Information

We use the information we collect to:

3.1 Provide the Service

• Authenticate your account and maintain your session
• Generate AI-powered email content personalized to your campaigns
• Send emails on your behalf through our email delivery service
• Track email engagement and campaign performance
• Discover and manage leads and contacts

3.2 Improve and Personalize

• Analyze usage patterns to improve features
• Personalize AI content generation based on your preferences
• Develop new features and functionality

3.3 Communicate with You

• Send notifications about your campaigns and account
• Provide customer support
• Send important service updates and security alerts

3.4 Process Payments

• Process subscription payments through Stripe
• Manage billing and subscription status

3.5 Ensure Security and Compliance

• Detect and prevent fraud or abuse
• Monitor for security threats
• Ensure compliance with email sending regulations (CAN-SPAM, GDPR)

4. Third-Party Services and Data Sharing

We share data with the following third-party services to provide our Service:

4.1 Authentication and Database

• Supabase: User authentication, database storage, and real-time features

4.2 AI and Content Generation

• Anthropic (Claude): Campaign descriptions, contact information, and email context are sent to Anthropic's Claude API for AI-generated email content. Anthropic's privacy policy governs their handling of this data.

4.3 Email Delivery

• SendGrid: Email content, recipient addresses, and sender information for email delivery, tracking (opens, clicks, bounces), and webhook events

4.4 Lead Discovery

• Google Maps API: Search queries and location data for business discovery
• Web Scraping Services: Publicly available business information from websites

4.5 Payment Processing

• Stripe: Payment card information and billing details for subscription processing. We do not have access to your full card numbers.

4.6 Analytics and Monitoring

• Sentry: Error tracking, performance monitoring, and debugging information

4.7 Infrastructure

• Vercel: Frontend hosting and edge functions
• Railway: Backend API hosting

5. Data Storage and Security

5.1 Data Storage

Your data is stored in secure cloud infrastructure:

• Primary database hosted on Supabase (PostgreSQL)
• Passwords securely hashed using industry-standard algorithms
• API keys and sensitive credentials encrypted at rest

5.2 Security Measures

We implement security measures including:

• HTTPS encryption for all data in transit
• Row Level Security (RLS) policies on database tables
• Regular security monitoring and error tracking
• Secure authentication with JWT tokens

5.3 Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active
• Campaign Data: Retained indefinitely for your reference unless you request deletion
• Email Data: Retained for analytics and conversation continuity
• Contact Data: Retained until you delete contacts or your account
• Analytics Data: Retained according to third-party provider policies

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access the personal data we hold about you and request a copy in a portable format.

6.2 Correction

You can update your account information through your profile settings or by contacting us.

6.3 Deletion

You can request deletion of:

• Your entire account and associated data
• Specific campaigns, contacts, or email data
• AI-generated content and templates

6.4 Opt-Out of Analytics

You can opt out of analytics tracking by using browser privacy features or contacting us.

7. Email Sending Compliance

Markus helps you send marketing emails to your contacts. By using our email sending features, you agree to:

• Only send emails to contacts who have consented or have a legitimate business relationship
• Comply with CAN-SPAM, GDPR, and other applicable email regulations
• Include accurate sender information and physical address
• Honor unsubscribe requests promptly
• Not send spam, deceptive, or malicious content

We reserve the right to suspend accounts that violate email sending policies or receive excessive spam complaints.

8. European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, legitimate interests, and legal obligations
• Right to Object: You can object to processing based on legitimate interests
• Right to Restrict: You can request restriction of processing in certain circumstances
• Data Portability: You can request your data in a machine-readable format
• Withdraw Consent: You can withdraw consent at any time where consent is the legal basis
• Lodge Complaint: You have the right to lodge a complaint with your local data protection authority

9. California Users (CCPA)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt out of the "sale" of personal information (note: we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at josh@jclvsh.art.

10. Children's Privacy

Markus is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

We will respond to your request within 30 days.

13. Summary of Data Practices