Privacy Policy

1. Introduction

Welcome to MarkIt ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our universal content capture platform (the "Service").

By using MarkIt, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), and profile data when you create an account.
• Content Data: URLs, screenshots, images, documents, text notes, and handwritten notes you upload or save to MarkIt.
• Metadata: Categories, tags, and organizational data associated with your saved content.
• Reminders: Custom reminder messages and scheduling preferences you set for your saved items.

2.2 Automatically Collected Information

• Usage Data: Information about how you interact with the Service, including features used, pages visited, and actions taken.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies: Session cookies for authentication and preference storage.

2.3 Third-Party Services

• Google Calendar Data: When you connect your Google account, we access your Google Calendar to create reminder events. We only access calendar data necessary for reminder functionality.
• AI Processing: Your content may be processed by OpenAI's API for optical character recognition (OCR), categorization, and search functionality.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process and store your captured content (URLs, images, notes, documents)
• Generate AI-powered categorization, tagging, and search results
• Send reminder notifications via email and Google Calendar (if connected)
• Authenticate your identity and manage your account
• Respond to your requests, questions, and feedback
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Google API Services - Limited Use Disclosure

MarkIt's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• What we access: We only access your Google Calendar to create reminder events for your saved content.
• How we use it: Google Calendar data is used solely to schedule and display reminders you create within MarkIt.
• What we don't do: We do NOT:
  • Read, modify, or delete existing calendar events you didn't create through MarkIt
  • Share your Google Calendar data with third parties
  • Use your Google data for advertising or marketing purposes
  • Sell or transfer your Google data to third parties
  • Use Google data for any purpose other than providing reminder functionality
• Data retention: We store only the calendar event IDs for reminders you create. You can disconnect Google Calendar access at any time from your account settings.

5. Chrome Extension

The MarkIt Chrome Extension allows you to capture URLs directly from your browser. This section explains how the extension handles your data.

5.1 What the Extension Accesses

• Current Tab URL: When you click "Capture This URL" or use the keyboard shortcut, the extension reads the URL of your active tab.
• Page URLs: When you right-click and select "Capture to MarkIt," the extension reads the URL of the page or link.
• Authentication Cookies: The extension uses your existing MarkIt session cookies to authenticate API requests. Cookies are read-only and never modified.

5.2 Extension Permissions

• activeTab: Access the current tab's URL when you initiate a capture.
• contextMenus: Add "Capture to MarkIt" to your right-click menu.
• cookies: Verify your MarkIt authentication status (read-only).
• notifications: Show capture success or error messages.

5.3 What the Extension Does NOT Do

• Does NOT track or record your browsing history
• Does NOT store any data locally on your device
• Does NOT inject advertisements or tracking scripts
• Does NOT collect analytics or telemetry data
• Does NOT modify any cookies or web page content
• Does NOT run in the background when not actively capturing

6. How We Share Your Information

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• Service Providers: We use trusted third-party services:
  • Supabase (database and authentication)
  • OpenAI (AI processing for OCR, categorization, embeddings)
  • Resend (email delivery for reminders)
  • Google Calendar API (reminder scheduling, if you connect your Google account)
  • Vercel (hosting and deployment)
  These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Legal Requirements: We may disclose your information if required by law, court order, or government request.
• Protection of Rights: We may share information to protect the rights, property, or safety of MarkIt, our users, or others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (HTTPS/TLS) and at rest
• Row-Level Security (RLS) policies ensuring users can only access their own data
• Secure authentication using JWT tokens
• Regular security audits and updates
• Access controls limiting employee access to user data

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

• Account Data: Retained until you delete your account
• Content Data: Retained until you delete specific items or your entire account
• Usage Logs: Retained for up to 90 days for analytics and troubleshooting
• Google Calendar Access: Tokens are stored securely and can be revoked at any time through your account settings or Google account permissions

9. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Delete your account and all associated data
• Export: Download your saved content in a portable format
• Revoke Permissions: Disconnect Google Calendar or other third-party integrations at any time
• Opt-out: Unsubscribe from reminder emails or disable notifications

To exercise these rights, please contact us at markit.ai.contact@gmail.com

10. Children's Privacy

MarkIt is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will delete the information.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: markit.ai.contact@gmail.com