Privacy Policy

Last Updated: September 13, 2025

This Privacy Policy describes how Markmill Software Corp. ("MarkMill", "we", "us", or "our") collects, uses, and discloses your information when you use our website and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is governed by the laws of Ontario and the federal laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Accountability and Contact Information

We have designated a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws. If you have any questions, concerns, or complaints about our privacy practices, please contact us at:

Markmill Software Corp.
Attn: Privacy Officer
Email: privacy@markmill.co

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use our Service, and information we collect from third-party sources. The collection is limited to what is necessary for the purposes identified in this policy.

2.1. Information You Provide to Us

  • Account Information: When you create an account, we collect your name, email address, and password.
  • Company Information: To use our services, you provide information about your company, including its name, industry, size, description, website URL, and logo.
  • Brand and Marketing Strategy Information: We collect details about your brand voice, values, colors, fonts, business goals, target audience, and unique value proposition to power our AI agents.
  • Payment Information: When you subscribe to a paid plan, our third-party payment processor, Stripe, collects your payment card information. We do not store your full payment card details but we do store subscription status and transaction history.
  • Marketing Assets: You may upload marketing assets such as images, videos, text documents, and logos for use in your campaigns.
  • Social Media Credentials: If you connect your social media accounts (e.g., Facebook, Instagram, Twitter, LinkedIn), we securely store authentication tokens to allow us to post content and gather analytics on your behalf. We do not store your passwords for these accounts.
  • Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

2.2. Information We Collect Automatically

  • Usage Information: We collect information about your interactions with our Service, such as the pages you visit, the features you use, and the actions you take. This includes data on marketing requests, posts, and images generated.
  • Log Data: Our servers automatically record information ("Log Data") created by your use of the Service. Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, and device information.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. For more information, see the Microsoft Privacy Statement. You can manage your cookie preferences through your browser settings.

2.3. Information We Receive from Third Parties

  • Social Media Platforms: When you connect your social media accounts, we receive analytics and performance data about your posts and campaigns directly from the platform APIs. This includes metrics like impressions, reach, engagement, likes, comments, and shares.
  • AI Service Providers: We use third-party AI providers like OpenAI and Google Gemini to generate content. While we send them prompts based on your data, we do not share personally identifiable account information beyond what is necessary to generate the content.

3. How We Use Your Information (Identifying Purposes)

We use the information we collect for the following purposes:

  • To Provide and Maintain our Service: To create and manage your account, process payments, and deliver the core functionalities of our AI-powered marketing services.
  • To Power AI and Automation: Your company, brand, and product information is used as input for our AI agents to research your brand, design campaigns, and generate content.
  • To Communicate With You: To send you service-related announcements, updates, security alerts, and support messages.
  • To Improve and Personalize the Service: To analyze usage trends, understand our user base, and enhance the user experience.
  • For Marketing and Analytics: To measure the performance of your marketing campaigns, provide you with analytics dashboards, and track key metrics like ROI and engagement.
  • For Security and Compliance: To protect our Service from fraud and abuse, and to comply with our legal obligations.

4. How We Share and Disclose Information

We do not sell your personal information. We may share your information in the following limited circumstances:

  • With Third-Party Service Providers: We share information with vendors and service providers who perform services on our behalf, such as payment processing (Stripe), AI content generation (OpenAI, Google Gemini), cloud hosting, and analytics (Microsoft Clarity). These providers are contractually obligated to protect your information and use it only for the services we have requested.
  • With Connected Social Media Platforms: When you authorize us, we share content for publication on your connected social media accounts.
  • For Legal Reasons: We may disclose your information if we believe it's required by law, subpoena, or other legal process, or to protect the rights, property, or safety of MarkMill, our users, or the public.
  • With Your Consent: We may share your information for other purposes with your explicit consent.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We will also retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request the deletion of your account and associated data by contacting our Privacy Officer.

6. Data Security (Safeguards)

We implement robust technical and organizational security measures to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include data encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

7. Your Rights and Choices (Individual Access & Consent)

In accordance with PIPEDA, you have the following rights regarding your personal information:

  • Right to Access: You can request access to the personal information we hold about you.
  • Right to Correction (Accuracy): You have the right to request that we correct any inaccurate or incomplete information. You can update most of your account and company information directly through your dashboard settings.
  • Right to Withdraw Consent: You can withdraw your consent for our collection, use, and disclosure of your information at any time, subject to legal or contractual restrictions. Note that withdrawing consent may affect your ability to use certain features of the Service.

To exercise these rights, please contact our Privacy Officer. We will respond to your request within 30 days.

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our primary third-party service providers, such as Stripe and OpenAI, are based in the United States. We use contractual and other means to ensure a comparable level of protection while the information is being processed by a third party.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Challenging Compliance

If you have a complaint about our compliance with this Privacy Policy, please contact our Privacy Officer. We will investigate all complaints and take appropriate measures to resolve the issue. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.