Privacy policy

Privacy policy

Privacy policy

Last updated: 1 May 2025

Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.

We will never sell, rent, or trade your personal data. Ever.

Have a question? Email us at security@marcoapp.io and a real human will respond.

Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.

We will never sell, rent, or trade your personal data. Ever.

Have a question? Email us at security@marcoapp.io and a real human will respond.

Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.

We will never sell, rent, or trade your personal data. Ever.

Have a question? Email us at security@marcoapp.io and a real human will respond.

1. Why Marco stores data

Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.

2. What we collect (and where it lives):

  1. Account Basics
    We store your email address and an optional display name in our database*. This allows us to create and display your profile in Marco.

  2. Credentials
    For connecting and syncing your email, we store app-specific IMAP/SMTP passwords or OAuth tokens (such as from Google or Microsoft) in our database*.

  3. Email Cache
    To enable offline access, search, rules, and real-time notifications, we store headers, message bodies, drafts, contacts, and flags locally, along with an encrypted server cache.

  4. Attachments
    Attachments are stored temporarily in our database* to speed up previews and downloads.

  5. App Settings
    Themes, shortcuts, notification preferences, rules, and signatures are stored in the database* so your settings sync instantly across all your devices.

  6. Diagnostics
    To help us fix bugs and improve performance, crash reports and performance metrics are sent to Sentry, where they are retained for up to 30 days.

*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.

Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email. 

3. How we use — and don’t use — your data:

We use your data to deliver the core features of Marco: syncing your mail across devices, sending push notifications when new mail arrives, running any rules and filters you’ve set, and troubleshooting crashes using only aggregated diagnostic data.

We never sell your data or show targeted ads. We don’t mine your mailbox for marketing insights, share your data with advertisers or data brokers, or allow humans or AI agents to read your email or train models on your content.

4. How to connect your email accounts

  • App passwords. Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.

  • OAuth (Google & Microsoft). Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.

5. Special notice for Google‑connected accounts

Marco’s use and transfer of information received from Google APIs follows Google’s API Services User Data Policy — including the Limited Use requirements.

  • Scopes requested. Read, send, and organize Gmail messages.

  • Purpose. Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.

  • Annual security assessment. We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.

  • Human access. No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.

6. How we protect your data

  • Encryption everywhere. AES‑256 at rest, TLS 1.2+ in transit.

  • Tenant isolation. Row‑Level Security keeps each user’s records separate.

  • Private network. All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.

  • Mandatory MFA. Every Marco teammate uses multi‑factor authentication on every device and internal service...

  • Fine‑grained engineer access. Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments..

  • 30‑day logs. Operational logs are retained for 30 days and then wiped.

  • Annual security audit. An independent auditor reviews our controls each year as part of Google’s OAuth verification program..

7. Data retention & deletion:

  • Email cache, account data, attachments, credentials, and user settings
    Deleted immediately and permanently when you delete your Marco account

  • Crash logs (Sentry)
    Retained for 30 days

  • Rules and filters you create
    Retained for 30 days

  • OAuth tokens
    Revoked and deleted as soon as you disconnect the account

You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.

8. Third‑party vendors we trust:

WorkOS

  • What they do: Authentication

  • Safeguards: SOC 2 Type 2 & SOC 3 compliant

Sentry

  • What they do: Crash diagnostics

  • Safeguards: Receives crash metadata only — no email content

9. Your controls

  • Delete everything. One click inside the app.

  • Disconnect accounts. Remove any email account at any time.

  • Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.

Questions? Write to security@marcoapp.io.

9. Your controls

Depending on where you live, you may have additional rights over your personal information — for example, under the EU/UK GDPR, California Consumer Privacy Act (CCPA), or similar laws. These can include:

  • The right to know what personal data we hold about you.

  • The right to correct inaccurate data.

  • The right to request deletion (“right to be forgotten”).

  • The right to object to or restrict certain processing.

  • The right to obtain a portable copy of your data.

To exercise any of these rights, email support@marcoapp.io. We will respond within 30 days (or the timeframe required by law).

10. Children’s privacy

Marco is intended for users aged 18 and up. We do not knowingly collect information from children. If you believe a child has used Marco, contact us and we will delete the data.

11. Changes to this policy

If we make material changes, we’ll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.

12. How to reach us

The fastest way: security@marcoapp.io


1. Why Marco stores data

Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.

2. What we collect (and where it lives):


  1. Account Basics

    We store your email address and an optional display name in our database. This allows us to create and display your profile in Marco.

  2. Credentials

    For connecting and syncing your email, we store app-specific IMAP/SMTP passwords or OAuth tokens (such as from Google or Microsoft) in our database.

  3. Email Cache

    To enable offline access, search, rules, and real-time notifications, we store headers, message bodies, drafts, contacts, and flags locally, along with an encrypted server cache.

  4. Attachments

    Attachments are stored temporarily in our database to speed up previews and downloads.

  5. App Settings

    Themes, shortcuts, notification preferences, rules, and signatures are stored in the database so your settings sync instantly across all your devices.

  6. Diagnostics

    To help us fix bugs and improve performance, crash reports and performance metrics are sent to Sentry, where they are retained for up to 30 days.


1. Why Marco stores data

Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.

2. What we collect (and where it lives):


  1. Account Basics

    We store your email address and an optional display name in our database. This allows us to create and display your profile in Marco.

  2. Credentials

    For connecting and syncing your email, we store app-specific IMAP/SMTP passwords or OAuth tokens (such as from Google or Microsoft) in our database.

  3. Email Cache

    To enable offline access, search, rules, and real-time notifications, we store headers, message bodies, drafts, contacts, and flags locally, along with an encrypted server cache.

  4. Attachments

    Attachments are stored temporarily in our database to speed up previews and downloads.

  5. App Settings

    Themes, shortcuts, notification preferences, rules, and signatures are stored in the database so your settings sync instantly across all your devices.

  6. Diagnostics

    To help us fix bugs and improve performance, crash reports and performance metrics are sent to Sentry, where they are retained for up to 30 days.