Privacy Policy

Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.

We will never sell, rent, or trade your personal data. Ever.

Have a question? Email us at [email protected] and a real human will respond.

Part 1: The Marco App

Marco stores data to enable:

Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only data needed for those features and discard the rest as quickly as possible.

Part 2: What we collect (and where it lives)

1. Account Basics

We store your email address and an optional display name in our database*. This allows us to create and display your profile in Marco.

2. Credentials

For connecting and syncing your email, we store app-specific IMAP/SMTP passwords or OAuth tokens (such as from Google or Microsoft) in our database*.

3. Email Cache

To enable offline access, search, rules, and real-time notifications, we store headers, message bodies, drafts, contacts, and flags locally, along with an encrypted server cache.

4. Attachments

Attachments are stored temporarily in our database* to speed up previews and downloads.

5. App Settings

Themes, shortcuts, notification preferences, rules, and signatures are stored in the database* so your settings sync instantly across all your devices.

6. Diagnostics

To help us fix bugs and improve performance, crash reports and performance metrics are sent to Sentry, where they are retained for up to 30 days.

*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.

Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email.

Part 4: How to connect your email accounts

1. App Passwords

Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.

2. OAuth (Google & Microsoft)

Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.

Part 5: Special notice for Google‑connected accounts

Marco's use and transfer of information received from Google APIs follows Google's API Services User Data Policy — including the Limited Use requirements.

1. Scopes requested: Read, send, and organize Gmail messages
2. Purpose: Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.
3. Annual security assessment: We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.
4. Human access: No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.

Part 6: How we protect your data

1. Encryption everywhere: AES‑256 at rest, TLS 1.2+ in transit.
2. Tenant isolation: Row‑Level Security keeps each user's records separate.
3. Private network: All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.
4. Mandatory MFA: Every Marco teammate uses multi‑factor authentication on every device and internal service.
5. Fine‑grained engineer access: Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments.
6. 30‑day logs: Operational logs are retained for 30 days and then wiped.
7. Annual security audit: An independent auditor reviews our controls each year as part of Google's OAuth verification program.

Part 7: Data retention & deletion

1. Email cache, account data, attachments, credentials, and user settings: Deleted immediately and permanently when you delete your Marco account
2. Crash logs (Sentry): Retained for 30 days
3. Rules and filters you create: Retained for 30 days
4. OAuth tokens: Revoked and deleted as soon as you disconnect the account

You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.

Part 8: Third‑party vendors we trust

1. WorkOS: Authentication. Safeguards: SOC 2 Type 2 & SOC 3 compliant
2. Sentry: Crash diagnostics. Receives crash metadata only — no email content

Part 9: Your controls

• Delete everything. One click inside the app.
• Disconnect accounts. Remove any email account at any time.
• Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.

Questions? Write to [email protected].

Part 10: Children's privacy

Marco is intended for users aged 18 and up. We do not knowingly collect information from children.

Part 11: Changes to this policy

If we make material changes, we'll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.

Part 12: The marcoapp.io Website

Our marketing website (marcoapp.io) uses lightweight analytics to understand aggregate traffic and improve usability. This data is anonymous and never linked to your Marco account.

When you visit our website, we may process: (1) aggregated visit counts, (2) page views, (3) referral sources, (4) basic device and browser metadata (e.g. screen size, OS, country, language), (5) no personally identifiable information (PII).

Analytics tools we use:

1. Google Analytics 4 (GA4): Configured with IP anonymization and no advertising identifiers
2. Simple Analytics: Fully privacy-friendly, no cookies, no tracking of individual visitors
3. PostHog: Used only for anonymous product interaction metrics

These tools help us understand general website usage patterns — not individual behaviour.

How to reach us

For any privacy or security concerns: [email protected]

© 2026 Marco Technology Inc.