M8
MARK-8

Privacy Policy

Last updated: June 16, 2026

1. Who we are

MARK-8 ("we", "us", "our") is an AI marketing co-pilot for small businesses. This policy explains what data we collect when you use MARK-8, why we collect it, and how it is stored and protected.

2. Information we collect

  • Account information — your name, email address, and password (stored as a salted hash, never in plain text), provided when you register.
  • Business information — your business name, address, category, and Google Place ID, provided during onboarding.
  • Connected platform data— if you connect Google, Instagram, or Facebook, we access only the data those platforms make available through their official APIs for your business: reviews, public comments, and Q&A tied to your own business listing or page. We never request access to your personal social accounts or private messages.
  • OAuth tokens— access and refresh tokens issued by connected platforms, encrypted with AES-256 at rest. Tokens are never exposed to the browser or to any party outside MARK-8's backend.
  • Generated content — AI-generated posts, blogs, and email drafts created on your behalf, along with the customer signals (reviews/comments) used to inform them.
  • Billing information — subscription plan and usage; payment card details are handled directly by Stripe and never stored on our servers.

3. How we use your information

  • To operate your account and the MARK-8 dashboard.
  • To analyze customer signals (reviews, comments) using AI and generate content informed by them.
  • To publish content to platforms you have explicitly connected, at your direction.
  • To process billing through our payment provider, Stripe.
  • To send essential account and service-related communications.

We do not sell your data or your customers' data to third parties.

4. Data sharing

We share data only with the service providers necessary to operate MARK-8: our database and hosting providers, the AI provider used for content generation and signal analysis, and Stripe for payment processing. We access third-party platform data (Google, Meta) only through their official APIs and only for the business you connect — never through scraping.

5. Data retention & deletion

We retain your account and business data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us at the email below; disconnecting a platform immediately revokes and deletes its stored tokens.

6. Security

OAuth tokens are encrypted at rest with AES-256. Database access is scoped per business with row-level security. We use industry-standard practices to protect your data, but no system is perfectly secure, and we encourage you to use a strong, unique password.

7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to withdraw consent for connected platforms at any time from your dashboard settings.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice.

9. Contact us

Questions about this policy or your data can be sent to privacy@mark8.app.