Markolé
Privacy Policy
Last Updated: May 12, 2026 | Version: 1.1

Privacy Policy — Markolé

Effective Date: May 1, 2026

This Privacy Policy explains, in plain language, what data we collect when you use Markolé, what we do with it, and the choices you have. If you've ever bounced off a 30-page privacy policy: same. We tried to keep this short and honest.

"We," "us," and "Markolé" mean AI Brand DNA, the company that runs the Markolé platform. "You" means the person using it.

1. The short version

  • We collect the minimum we need to make the Service work and to bill you.
  • We don't sell your data. We don't share it with advertisers.
  • We don't use your brand content to train AI models — ours or anyone else's.
  • You can export or delete your data whenever you want.
  • If something here is unclear, email info@aibranddna.com.

2. What we collect

Information you give us

  • Account info: name, email, password (hashed), the OAuth provider you used to sign up (Google, GitHub, or Apple) if you used one.
  • Billing info: when you buy a plan, Stripe handles the card details — we never see or store your card number. We do see things like your plan, country, and invoice history.
  • Brand content: anything you put into Markolé to build your brand — briefs, descriptions, uploaded files, photos, logos, the outputs we generate with you. We treat this as confidential to your account.
  • Support messages: anything you send us by email or in the app.

Information we collect automatically

  • Usage logs: which pages you visit, which features you use, when, and how long things took. Used to find bugs and improve the product.
  • Device & connection info: browser, OS, IP address, approximate location (from IP), referring page.
  • Cookies and similar tech: a small number, mostly to keep you logged in and remember preferences. We don't use third-party advertising cookies.

Information from third parties

  • If you sign in with Google, GitHub, or Apple, we receive the basic profile they share (name, email, avatar). We don't ask for or store anything beyond that.

3. What we use it for

  • Run the Service: show you your brand work, save it, generate outputs you request, sync across devices.
  • Bill you: process payments through Stripe, send invoices, recover failed payments.
  • Talk to you: confirm signups, send security alerts, answer support questions, send important product updates. We only send marketing emails if you opt in, and you can unsubscribe with one click.
  • Improve the product: look at usage patterns to fix bugs and decide what to build next. Where this involves your content, we work from aggregated, anonymized data — not from your raw brand work.
  • Keep things safe: detect abuse, fraud, and security issues.
  • Comply with the law: respond to legitimate legal requests when we have to.

We do not:

  • sell your personal data;
  • share your content with advertisers;
  • use your brand content (names, logos, copy, files) to train AI models — ours or third parties'. If we ever want to, we'll ask you to opt in separately, and the default will be off.

4. Who we share data with

We share the minimum needed to run the Service, with vendors that are contractually required to protect it. The full list:

VendorWhat they handle
Encore / VercelHosting, deployment, edge delivery
Google Cloud / KubernetesBackend compute, databases, storage
ClerkUser authentication and account management
StripePayment processing and billing
Google, GitHub, AppleOAuth sign-in (only if you use it)
Vercel AnalyticsPrivacy-friendly traffic analytics (no cookies)
Google (Gemini)Text and image generation. Currently: Gemini Pro for final reports, Gemini Flash for conversation, Gemini Flash-Image for image generation.
OpenAILogo generation only. Currently: gpt-image-2.

About AI models. We send only what's needed for the specific request you trigger (a generation prompt and any inputs you attach to it), not your full account or brand library. We may swap to newer models from these same vendors as they release them, without changing this Policy — that's the point of naming the vendors rather than the model versions. Adding a new AI vendor is a material change and we'd update this Policy and notify you. Our agreements with Google and OpenAI on the APIs we use prohibit them from training their models on your inputs or outputs.

We may also share data when legally required (court orders, subpoenas) or to protect rights, safety, and property — and we'll push back on overbroad requests where we can.

If we're ever acquired or merge, your data may transfer with the company; you'll be notified before that happens, and the new owner will be bound by this Policy or one at least as protective.

5. How long we keep it

  • Active account data: as long as your account is open.
  • After you delete your account: content is removed from active systems within 30 days. Encrypted backups roll off within 90 days.
  • Billing and invoice records: kept for up to 7 years to satisfy tax and accounting law.
  • Anonymized analytics: kept indefinitely (it's no longer about you).

6. Your rights

Wherever you are, you can:

  • See what data we have about you.
  • Correct anything wrong.
  • Export your content in standard formats.
  • Delete your account and your data.
  • Object to certain uses, or withdraw consent for anything that's based on consent (like marketing emails).

If you're in the EEA, UK, or Switzerland, GDPR / UK GDPR applies. Our legal bases for processing are: performing our contract with you (running the Service), legitimate interests (security, product improvement), consent (marketing), and legal obligations (tax, fraud prevention). You can lodge a complaint with your local data protection authority, though we'd appreciate a chance to fix things first.

If you're in California, CCPA/CPRA applies. We don't sell or "share" personal information for cross-context behavioral advertising. You can request access or deletion at any time and we won't discriminate against you for it.

To exercise any right: email info@aibranddna.com from the address on your account, or use the export/delete controls in your settings.

7. Security

We use industry-standard practices: TLS encryption in transit, encryption at rest, hashed passwords (when you use a Markolé password rather than OAuth), least-privilege access to production systems, and audit logging. No system is perfectly secure, but we take this seriously and will notify affected users without undue delay if a breach ever exposes their personal data.

8. International transfers

Markolé is operated from the United States, and our infrastructure providers may process data in the US, EU, and other regions. Where data leaves your country, we rely on standard contractual clauses or other approved mechanisms to protect it.

9. Children

Markolé isn't for anyone under 18. We don't knowingly collect data from children. If you think a child has signed up, email us and we'll remove the account.

10. Changes to this Policy

If we update this Policy, we'll post the new version and update the date above. For material changes, we'll email you or notify you in the app before they take effect.

11. Contact

Email: info@aibranddna.com
Company: AI Brand DNA
Location: San Diego, California, USA

If anything in this Policy concerns you, please reach out. We'd rather hear it from you than see you walk away quietly.