Product Privacy

Last Updated: February 11, 2026

The basis of effective data protection is comprehensive information about the collection, processing, and use of your data (“data processing”). Therefore, we, Markup AI, Inc. and its affiliates (“Markup AI”, “we”, “us”, or “our”), would like to inform you:

  • When and for which actions we process data;
  • Which data we process for which reasons;
  • Who receives data;
  • Which rights you have related to our data processing.

This Privacy Policy only governs the use of personal data by using our Markup AI platform or contacting Markup AI support. For further Markup AI Privacy Policies, please refer to our web page at markup.ai

You can retrieve, print, or download this Privacy Policy permanently and at any time at https://markup.ai/product-privacy

Contact details

The Markup AI Platform is provided by:

Markup AI, Inc.
228 Park Ave S Suite 679468
New York, NY 10003

Email: dataprotection@markup.ai
Internet: www.markup.ai 

You can contact our Data Protection Officer at dataprotection@markup.ai

General information on data processing

  1. Scope of this Privacy Policy

This Privacy Policy aims to explain how Markup AI processes and protects personal data. Therefore, this Privacy Policy applies to the following services:

  • Markup AI Managed Cloud (“Markup AI platform”);
  • Markup AI Integrations;
  • Markup AI Add-on Services;
  • Markup AI Customer Support

(together the “Services”).

  1. Legal basis of processing of personal data

The legal bases for the processing of personal data are set out below.

Processing ground Legal basis in the EU GDPR Explanation
Fulfillment of a contract or carrying out pre-contractual measures Art. 6, para. 1b) Processing shall only occur to the extent that it is necessary to establish and fulfill the rights and duties under the contract. Unless specifically stipulated otherwise, we will only process data to this extent.
Legitimate interest Art. 6, para. 1f) Processing will occur to the extent that we have a legitimate interest and there is no overriding interest of the data subject. The specific interest is explained in this Data Privacy Notice in relation to the processing statement.
Consent Art. 6, para. 1a) Processing will occur to the extent that you have specifically agreed to the type and scope of the data processing. You can withdraw your consent at any time with future effect. However, any processing undertaken up to this point will not be affected.
Legal obligation Art. 6, para. 1c) Processing will occur to the extent that this is necessary to comply with a German or European legal obligation.

When using our Services, you are not subject to any decision based solely on automated processing, which produces legal effects concerning them or similarly significantly affects them according to Article 22 EU GDPR.

  1. Data deletion

If you are a Markup AI platform user, we generally delete all your data within 45 days after your contract has ended. On request, we handle data differently, e.g. delete all your data sooner or keep select data for longer periods.

We may store data for a longer period of time to the extent legal bases require such storing, especially to comply with statutory retention requirements.

Data processing for the provision of our Services

In order for you to use our Services, it is necessary that we process certain personal data. In addition, we offer various functionalities and services, which require further data processing, e.g. Markup AI Integrations, Markup AI Customer Support or Markup AI Administration and Configuration Assistance.

1. Personal data we process when you use our product

Markup AI provides its Services as a data processor in accordance with art. 28 GDPR on behalf of the client entity that acts as a controller.

When you analyze content using our API, integrations and plug-ins, the content is sent to the Markup AI Platform through an encrypted connection. The content is processed by the Markup AI Platform’s linguistic engine to produce a report. We do store the content and the report for 60 days and then delete it. During this process the following personal data is processed by the Markup AI Platform:

  • Network Transfer Data (IP-Address)
  • HTTP-Header-Data (including User Agent (browser incl. version), OS information etc.)
  • Username and Password
  • User content submitted for analysis (entire or partial document)
  • Debugging logs on client devices

Depending on its settings, the Markup AI Platform generates and returns reports, including reporting data and scorecards, from checks initiated by the users. Based on your configuration, these contain scores that can constitute personal data, such as:

  • spelling, grammar, terminology, style, and clarity metrics and
  • data on checked content,
  • snippets of user content submitted for analysis,
  • guidance and additional user information

related to an identified or identifiable person.

In the case of Markup AI platform use, Markup AI Platform processing takes place on computer systems that are legally under our control, but which we only access with your express permission. Hence, we generally don’t have any access to the data here described.

Markup AI incorporates AI-based functionality based on technology provided by Microsoft Azure OpenAI, Google Vertex and AWS Bedrock. The required documentation is in place with Microsoft, AWS and Google as a sub-processor. The AI features adhere to GDPR principles.

2. Customer support

For Markup AI Customer Support, customers can reference Markup AI’s support policy available at https://community.markup.ai/pub/markup-ai-support-policy. We use the information the customer submits to reply to support requests. Information typically included in support requests is:

  • Name
  • Email Address
  • Organization
  • Software version information
  • Software configuration files
  • Software log-files
  • Test document

Markup AI support scans the log-files to pinpoint the exact issue reported. The support team uses the additional supplied configuration and version information to reproduce the customer environment. Markup AI support may request and use a test document to further troubleshoot the issue and provide a workaround and/or solution. Test document data is deleted within three months of completion of troubleshooting processes, unless Markup AI is legally required or allowed to keep the data for other purposes.

3. Status update subscriptions

On our status page under https://status.markup.ai/ you have the possibility to subscribe to status update notifications regarding the system status of the Markup AI Platform via email or text message. For this we will process your email address or mobile phone number based on our legitimate interest in providing status updates in accordance with Art. 6 (1) lit. f) GDPR. For this we are using the Statuspage solution by Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia with whom we have concluded a data processing agreement pursuant to Art. 28 (3) GDPR as well as standard contractual clauses for third country data transfers. You can unsubscribe from these notifications at any time via the “Manage your subscription” link in each notification email.

4. How we safeguard personal data

Markup AI undertakes to implement and comply with the technical and organizational measures required by Article 32 of the GDPR to protect your personal data: Markup AI provides a level of confidentiality, integrity, availability, and resilience of processing generally appropriate in relation to the nature, scope, context, and purposes of processing by implementing appropriate technical and organizational security measures, so risks are permanently reduced:

Markup AI has implemented and maintains an Information Security Management System (ISMS) and a Privacy Information Management System (PIMS) in accordance with the global standards ISO/IEC 27001:2022 and 27701:2019. The management systems have been externally certified and are being externally audited on a regular basis.

Within the ISMS/PIMS and fully covering the Services of Markup AI and the personal data processed, Markup AI - in accordance with the global standards - has implemented, maintained and monitored various technical controls, e.g.:

  • Secure software design in compliance with “privacy by design” and “privacy by default” covering the full data life cycle
  • Secure authentication using state-of-the-art methods (e.g. OAuth 2.0)
  • Encryption of all data in transport and at-rest with state-of-the-art methods (e.g. TLS 1.3, AES-256)
  • Comprehensive monitoring using SIEM/SOC technology
  • Protection against unauthorized access via web application firewalls with IDS/IPS
  • Separation of data of different clients through numerous layers of controls
  • Frequent internal and external pentesting
  • Use of mature subprocessors (e.g. AWS) who have established external information security management systems themselves

5. Recipient of data

Some of the processing of your personal data is carried out by Markup AI subprocessors, e.g. AWS. Those are commissioned exclusively on the basis of an agreement about the commissioned data processing, in accordance with Art. 28 para. 3 GDPR.

The complete up-to-date list of sub-processors can be accessed here:

https://markup.ai/sub-processors/ 

 

Markup AI does not share your personal data with other third parties than the above mentioned contractually-bound sub-processors and with the organization which purchases our services on a contractual basis (usually your employer; our services are currently offered as a pure B2B product).

 

Markup AI and Markup AI’s sub-processors do not use your personal data for training purposes of AI.

6. Data transfer to third countries

Some of the subprocessors are located in a country outside the European Economic Area (EEA). We have concluded the standard contractual clauses with these suppliers. 

7. Right to object and right to withdraw consent

If the data processing is based on your consent or our legitimate interest, you have the right to withdraw your consent or object to the processing at any time. Your objection or withdrawal only has an effect for the future. To contact us at any time to exercise your right of objection or revocation, please send an email to dataprotection@markup.ai. If you object to processing based on our legitimate interest, we may nevertheless continue processing if we can prove compelling reasons worthy of protection, which outweigh your related interests, rights, and freedoms.

8. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 GDPR. As data subject, you have the following rights regarding your personal data. To exercise these rights, please contact us using the contact details above.

Right of access by the data subject according to Art. 15 EU GDPR

You have a right of access concerning your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right to rectification according to Art. 16 EU GDPR

You have the right to request the immediate correction of inaccurate personal data and the completion of incomplete personal data.

Right to erasure according to Art. 17 EU GDPR

You have the right to request the erasure of your personal data if one of the grounds mentioned in Art. 17 GDPR applies; in particular, if there is no longer a legal basis for the processing.

Right to restriction of processing according to Art. 18 EU GDPR

You have the right to request the restriction of the processing of your personal data if one of the grounds mentioned in Art. 18 GDPR applies; in particular, at your request instead of deleting the data.

Right to data portability according to Art. 20 EU GDPR

In accordance with the provisions of Art. 20 of the GDPR, you have the right to request the personal data concerning you that you have provided to us in a structured, common, and machine-readable format and to transfer this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to lodge a complaint with a supervisory authority according to Art. 77 EU GDPR

According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.

9. Changes to this Privacy Policy

We may adapt the Privacy Policy from time to time for various reasons, including to reflect improved privacy practices, changes to our Services, or to better comply with relevant laws.

Last Updated: February 11, 2026