Product Privacy

Last Updated: September 9, 2025

The basis of effective data protection is comprehensive information about the collection, processing, and use of your data (“data processing”). Therefore, we, Markup AI, Inc. and its affiliates (“Markup AI”, “we”, “us”, or “our”), would like to inform you:

  • When and for which actions we process data;
  • Which data we process for which reasons;
  • Who receives data;
  • Which rights you have related to our data processing.

This Privacy Policy only governs the use of personal data by using our Markup AI platform or contacting Markup AI support. For further Markup AI Privacy Policies, please refer to our web page at https://markup.ai.

You can retrieve, print, or download this Privacy Policy permanently and at any time at https://markup.ai/product-privacy.

Contact details

The Markup AI Platform is provided by:

Markup AI, Inc.
228 Park Ave S Suite 679468

New York, New York 10003-1502 US

Email: gdpr@markup.ai
Internet: https://markup.ai
You can contact our Data Protection Team at gdpr@markup.ai

General information on data processing

  1. Scope of this Privacy Policy

This Privacy Policy aims to explain how Markup AI processes and protects personal data. Therefore, this Privacy Policy applies to the following services:

  • Markup AI Platform
  • Markup AI Customer Support

(together the “Services”).

  1. Legal basis of processing of personal data

The legal bases for the processing of personal data are set out below.

Processing ground Legal basis in the EU GDPR Explanation
Fulfillment of a contract or carrying out pre-contractual measures Art. 6, para. 1b) Processing shall only occur to the extent that it is necessary to establish and fulfill the rights and duties under the contract. Unless specifically stipulated otherwise, we will only process data to this extent.
Legitimate interest Art. 6, para. 1f) Processing will occur to the extent that we have a legitimate interest and there is no overriding interest of the data subject. The specific interest is explained in this Data Privacy Notice in relation to the processing statement.
Consent Art. 6, para. 1a) Processing will occur to the extent that you have specifically agreed to the type and scope of the data processing. You can withdraw your consent at any time with future effect. However, any processing undertaken up to this point will not be affected.
Legal obligation Art. 6, para. 1c) Processing will occur to the extent that this is necessary to comply with a German or European legal obligation.

When using our Services, you are not subject to any decision based solely on automated processing, which produces legal effects concerning them or similarly significantly affects them according to Article 22 EU GDPR.

  1. Data deletion

If you are an “Early Access Program” user, we generally delete all your data within 60 days after your contract has ended. On request, we handle data differently, e.g. delete all your data sooner or keep select data for longer periods.

We may store data for a longer period of time to the extent legal bases require such storing, especially to comply with statutory retention requirements.

Data processing for the provision of our Services

In order for you to use our Services, it is necessary that we process certain personal data. This is the case when you run the Markup AI platform . In addition, we offer various functionalities and services, which require further data processing, e.g. Markup AI Customer Support or Markup AI Administration and Configuration Assistance.

1. Personal data we process when you use our product

Markup AI provides its services as data processor in accordance with Art. 28 EU GDPR on behalf of the client entity that acts as a controller.

When you analyze content using our product, the content is sent to the Markup AI Platform through an encrypted connection. The content is processed by the Markup AI Platform’s engine to be analyzed and produce a response. We do not permanently store the full content for longer than 60 days. During this process the following personal data is processed by the Markup AI Platform:

  • Network Transfer Data (IP-Address)
  • HTTP-Header-Data (including User Agent (browser incl. version), OS information etc.)
  • Username and Password
  • User content submitted for analysis (entire or partial document)
  • Debugging logs on client devices

The Markup AI Platform only uses essential (functional, first-party) session cookies to provide correct session handling information to the server. 

Markup AI incorporates AI-based functionality based on technology provided by Microsoft (Azure OpenAI), AWS (Bedrock) and Google (Vertex). The required documentation is in place with these suppliers as sub-processors. The AI features adhere to EU GDPR principles. Customer data is not used to train the underlying models.

2. Customer support

For Markup AI Customer Support, customers can reference Markup AI’s support policy available at https://community.markup.ai/pub/markup-ai-support-policy

3. Status update subscriptions

On our status page under https://status.markup.ai/ you have the possibility to subscribe to status update notifications regarding the system status of the Markup AI Platform via email or text message. For this we will process your email address or mobile phone number based on our legitimate interest in providing status updates in accordance with Art. 6 (1) lit. f) GDPR. For this we are using the Statuspage solution by Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia with whom we have concluded a data processing agreement pursuant to Art. 28 (3) GDPR as well as standard contractual clauses for third country data transfers. You can unsubscribe from these notifications at any time via the “Manage your subscription” link in each notification email.

4. How we safeguard personal data

Markup AI undertakes to implement and comply with the technical and organizational measures required by Article 32 of the EU GDPR to protect your personal data: Markup AI provides a level of confidentiality, integrity, availability, and resilience of processing generally appropriate in relation to the nature, scope, context, and purposes of processing by implementing appropriate technical and organizational security measures, so risks are permanently reduced.

The Markup AI platform is hosted on Amazon Web Services (AWS) EC2. Amazon Web Services adhere to specific security processes that are documented here and are ISO 27001 certified.

5. Recipient of data

Some of the processing of your personal data is carried out by Markup AI affiliates or other subprocessors, e.g. AWS. Those are commissioned exclusively on the basis of an agreement about the commissioned data processing, in accordance with Art. 28 para. 3 EU GDPR. For a list of subprocessors Markup AI uses, please refer to your data processing agreement with Markup AI or contact gdpr@Markup.ai.

6. Data transfer to third countries

Markup AI and some of our affiliates, service providers or partners are located in a country outside the European Economic Area (EEA). We have concluded the standard contractual clauses with these parties as applicable. 

7. Right to object and right to withdraw consent

If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to withdraw your consent at any time. Your objection or withdrawal only has an effect for the future. To contact us at any time to exercise your right of objection or revocation, please send an email to gdpr@Markup.ai. If you object to processing based on our legitimate interest, we may nevertheless continue processing if we can prove compelling reasons worthy of protection, which outweigh your related interests, rights, and freedoms.

8. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 EU GDPR. As data subject, you have the following rights regarding your personal data. To exercise these rights, please contact us using the contact details above.

Right of access by the data subject according to Art. 15 EU GDPR

You have a right of access concerning your personal data processed by us. This includes the mandatory information set out in Art. 15 EU GDPR.

Right to rectification according to Art. 16 EU GDPR

You have the right to request the immediate correction of inaccurate personal data and the completion of incomplete personal data.

Right to erasure according to Art. 17 EU GDPR

You have the right to request the erasure of your personal data if one of the grounds mentioned in Art. 17 EU GDPR applies; in particular, if there is no longer a legal basis for the processing.

Right to restriction of processing according to Art. 18 EU GDPR

You have the right to request the restriction of the processing of your personal data if one of the grounds mentioned in Art. 18 EU GDPR applies; in particular, at your request instead of deleting the data.

Right to data portability according to Art. 20 EU GDPR

In accordance with the provisions of Art. 20 of the EU GDPR, you have the right to request the personal data concerning you that you have provided to us in a structured, common, and machine-readable format and to transfer this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to lodge a complaint with a supervisory authority according to Art. 77 EU GDPR

According to Art. 77 EU GDPR, you have the right to file a complaint with the supervisory authority responsible for you.

9. Changes to this Privacy Policy

We may adapt the Privacy Policy from time to time for various reasons, including to reflect improved privacy practices, changes to our Services, or to better comply with relevant laws.