1. Why Marco stores data

Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.

2. What we collect (and where it lives):

1. Account Basics
   We store your email address and an optional display name in our database*. This allows us to create and display your profile in Marco.

2. Credentials
   For connecting and syncing your email, we store app-specific IMAP/SMTP passwords or OAuth tokens (such as from Google or Microsoft) in our database*.

3. Email Cache
   To enable offline access, search, rules, and real-time notifications, we store headers, message bodies, drafts, contacts, and flags locally, along with an encrypted server cache.

4. Attachments
   Attachments are stored temporarily in our database* to speed up previews and downloads.

5. App Settings
   Themes, shortcuts, notification preferences, rules, and signatures are stored in the database* so your settings sync instantly across all your devices.

6. Diagnostics
   To help us fix bugs and improve performance, crash reports and performance metrics are sent to Sentry, where they are retained for up to 30 days.

*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.

Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email. 

3. How we use — and don’t use — your data:

We use your data to deliver the core features of Marco: syncing your mail across devices, sending push notifications when new mail arrives, running any rules and filters you’ve set, and troubleshooting crashes using only aggregated diagnostic data.

We never sell your data or show targeted ads. We don’t mine your mailbox for marketing insights, share your data with advertisers or data brokers, or allow humans or AI agents to read your email or train models on your content.

4. How to connect your email accounts

• App passwords. Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.

• OAuth (Google & Microsoft). Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.

5. Special notice for Google‑connected accounts

Marco’s use and transfer of information received from Google APIs follows Google’s API Services User Data Policy — including the Limited Use requirements.

• Scopes requested. Read, send, and organize Gmail messages.

• Purpose. Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.

• Annual security assessment. We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.

• Human access. No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.

6. How we protect your data

• Encryption everywhere. AES‑256 at rest, TLS 1.2+ in transit.

• Tenant isolation. Row‑Level Security keeps each user’s records separate.

• Private network. All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.

• Mandatory MFA. Every Marco teammate uses multi‑factor authentication on every device and internal service...

• Fine‑grained engineer access. Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments..

• 30‑day logs. Operational logs are retained for 30 days and then wiped.

• Annual security audit. An independent auditor reviews our controls each year as part of Google’s OAuth verification program..

7. Data retention & deletion:

• Email cache, account data, attachments, credentials, and user settings
  → Deleted immediately and permanently when you delete your Marco account
  

• Crash logs (Sentry)
  → Retained for 30 days
  

• Rules and filters you create
  → Retained for 30 days
  

• OAuth tokens
  → Revoked and deleted as soon as you disconnect the account

You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.

8. Third‑party vendors we trust:

WorkOS

• What they do: Authentication

• Safeguards: SOC 2 Type 2 & SOC 3 compliant

Sentry

• What they do: Crash diagnostics

• Safeguards: Receives crash metadata only — no email content

9. Your controls

• Delete everything. One click inside the app.

• Disconnect accounts. Remove any email account at any time.

• Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.

Questions? Write to security@marcoapp.io.

9. Your controls

Depending on where you live, you may have additional rights over your personal information — for example, under the EU/UK GDPR, California Consumer Privacy Act (CCPA), or similar laws. These can include:

• The right to know what personal data we hold about you.

• The right to correct inaccurate data.

• The right to request deletion (“right to be forgotten”).

• The right to object to or restrict certain processing.

• The right to obtain a portable copy of your data.

To exercise any of these rights, email support@marcoapp.io. We will respond within 30 days (or the timeframe required by law).

10. Children’s privacy

Marco is intended for users aged 18 and up. We do not knowingly collect information from children. If you believe a child has used Marco, contact us and we will delete the data.

11. Changes to this policy

If we make material changes, we’ll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.

12. How to reach us

The fastest way: security@marcoapp.io