Privacy Policy

Marq-OS is operated by the Marq-OS team. Contact us at privacy@marq-os.com for privacy questions, data-subject requests, or to report a concern.

• Account data: name, work email, hashed password (bcrypt), organization name, and the connectors you install. Required to create your account and sign you in.
• Usage data: connector installations, transaction history, IP address, user agent, request timestamps. Used for billing, quota enforcement, security investigations, and aggregate product analytics.
• Connector content: payloads you submit to individual connectors (e.g. a LinkedIn post draft sent to Linkedpulse). Held only as long as the connector needs to run, and never used to train Marq-OS or third-party models.
• Connector credentials: OAuth tokens, API keys, and similar secrets you provide to connect external services. Stored encrypted at rest with AES-256-GCM, decrypted only inside the connector worker that needs them.
• Billing data: processed by Razorpay. Marq-OS receives subscription status and the last four digits of the payment instrument; we never see full card numbers, UPI IDs, or bank details.
• Support correspondence: emails you send us and the threads they create.

• We do not run third-party advertising trackers (no Google Ads, no Meta Pixel, no LinkedIn Insight tag).
• We do not sell, rent, or trade personal data to anyone.
• We do not use customer content to train Marq-OS models or any third-party AI model.

• To operate the platform and execute the connectors you install.
• To enforce plan quotas and bill you correctly.
• To send transactional email — verification, password reset, billing receipts, security alerts.
• To investigate abuse, debug failures, and meet legal obligations.
• To improve the product in aggregate (counts, latency percentiles, error rates) without identifying individual users.

We rely on a small number of vendors to run the service. They process personal data only on our instructions and under contractual confidentiality:

• Vercel — hosting + CDN for the web app.
• Railway — hosting for the API, Postgres, and Redis.
• Razorpay — payment processing and invoicing.
• Resend — transactional email delivery.
• Anthropic — Claude inference for connectors that need LLM reasoning.
• OpenAI — DALL·E image generation for the Linkedpulse connector.
• LinkedIn — only when you explicitly install Linkedpulse and complete OAuth.
• Google / GitHub — only if you choose “Sign in with Google/GitHub”; we receive your name and email.

The current list is binding. We’ll update this page (and notify Scale + Enterprise customers in advance) before adding any new sub-processor that materially changes how data is handled.

We set first-party cookies strictly necessary to keep you logged in and to prevent CSRF attacks (an HTTP-only session cookie and a CSRF token). We do not set advertising or cross-site tracking cookies. If you sign in with Google or GitHub, those providers may set their own cookies on their consent screen — we have no access to those.

Marq-OS infrastructure currently runs in the US (Vercel) and Asia-Southeast (Railway). If you sign up from the EEA / UK / India, your personal data may be transferred outside your country of residence. Where required, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards with our sub-processors.

• Account & tenant data: retained while your account is active and for 30 days after cancellation, then permanently deleted.
• Transaction logs: 90 days for free / Solo, 180 days for Team, 365 days for Scale, 7 years for Enterprise (compliance hold).
• Backups: rolling encrypted snapshots, kept 30 days, then overwritten.
• Audit logs: retained for the lifetime of the tenant for security and compliance investigations.

You can request immediate deletion at any time from Settings → Data & privacy → Delete account. Hard-delete completes within 30 days, including in our backup tier.

Depending on where you live, you have the right to access, correct, port, delete, or restrict processing of your personal data. You can also object to processing or withdraw consent. To exercise any of these:

• Export: Settings → Data & privacy → Export.
• Correct: edit your profile in Settings.
• Delete: Settings → Data & privacy → Delete account.
• Anything else: email privacy@marq-os.com. We respond within 30 days.

EU/UK residents can also lodge a complaint with their local data protection authority. Indian residents can complain under the DPDP Act 2023; the Grievance Officer is reachable at the address above.

Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted at the storage layer; connector credentials are additionally application-level encrypted with AES-256-GCM keys we rotate. Access to production systems requires SSO + MFA and is logged. We run automated dependency scanning and act on critical CVEs within 72 hours.

Marq-OS is a B2B product. We do not knowingly collect personal data from anyone under 18. If you believe a minor has signed up, please email us and we will delete the account.

We may update this policy as the product evolves. We’ll change the “Last updated” date above and, for material changes, post a notice in-app or email account owners at least 30 days before they take effect.

Privacy + DPO inquiries: privacy@marq-os.com. Security disclosures: security@marq-os.com.