Privacy policy
Privacy policy
Privacy policy
Last updated: 1 May 2025
Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.
We will never sell, rent, or trade your personal data. Ever.
Have a question? Email us at security@marcoapp.io and a real human will respond.
Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.
We will never sell, rent, or trade your personal data. Ever.
Have a question? Email us at security@marcoapp.io and a real human will respond.
Welcome to Marco — offline‑first email done right. We wrote this Privacy Policy in plain language so you can understand exactly what data we hold and how we handle it.
We will never sell, rent, or trade your personal data. Ever.
Have a question? Email us at security@marcoapp.io and a real human will respond.
1. Why Marco stores data
Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.
2. What we collect (and where it lives):
1. Why Marco stores data
Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.
2. What we collect (and where it lives):
1. Why Marco stores data
Lightning‑fast search, mail rules that run in the background, push notifications, multi‑device sync, and many other core Marco features, all require access to, and storage of, your email data. We keep only the data needed for those features and discard the rest as quickly as possible.
2. What we collect (and where it lives):
Category
Account basics
!
!
!
Credentials
!
!
!
Email cache
!
!
!
Attachments
!
!
!
App settings
!
!
!
Diagnostics
!
!
!
What it includes
Email address, optional display name
App‑specific IMAP/SMTP passwords or OAuth tokens (Google / Microsoft)
Headers, message bodies, drafts, contacts, flags
Temporarily cached files
Themes, shortcuts, notification prefs, rules, signatures
Crash reports & performance metrics (via Sentry)
Where it’s stored
Database*
Database*
Local cache + encrypted server cache
Database*
Database*
Sentry (30‑day TTL)
Why we need it
Create and show your profile in Marco
Connect, sync, and send email
Offline access, search, rules, and real‑time notifications
Speed up previews and downloads
Sync settings across multiple devices instantly
Fix bugs and improve stability
*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.
Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email.
3. How we use — and don’t use — your data:
*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.
Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email.
3. How we use — and don’t use — your data:
*Database: Our database is encrypted at rest, and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform.
Marco does not run ads, trackers, or pixel beacons. Diagnostics never include the content of your email.
3. How we use — and don’t use — your data:
We do
Sync your mail across devices
Send push notifications when new mail arrives
Run the rules and filters you create
Troubleshoot crashes (aggregate diagnostics only)
We never
Sell your data or show targeted ads
Mine your mailbox for marketing insight
Share your data with advertisers or data brokers
Allow humans or AI agents to read your email, or train models on email content
4. How to connect your email accounts
App passwords. Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.
OAuth (Google & Microsoft). Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.
5. Special notice for Google‑connected accounts
Marco’s use and transfer of information received from Google APIs follows Google’s API Services User Data Policy — including the Limited Use requirements.
Scopes requested. Read, send, and organize Gmail messages.
Purpose. Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.
Annual security assessment. We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.
Human access. No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.
6. How we protect your data
Encryption everywhere. AES‑256 at rest, TLS 1.2+ in transit.
Tenant isolation. Row‑Level Security keeps each user’s records separate.
Private network. All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.
Mandatory MFA. Every Marco teammate uses multi‑factor authentication on every device and internal service...
Fine‑grained engineer access. Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments..
30‑day logs. Operational logs are retained for 30 days and then wiped.
Annual security audit. An independent auditor reviews our controls each year as part of Google’s OAuth verification program..
7. Data retention & deletion:
4. How to connect your email accounts
App passwords. Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.
OAuth (Google & Microsoft). Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.
5. Special notice for Google‑connected accounts
Marco’s use and transfer of information received from Google APIs follows Google’s API Services User Data Policy — including the Limited Use requirements.
Scopes requested. Read, send, and organize Gmail messages.
Purpose. Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.
Annual security assessment. We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.
Human access. No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.
6. How we protect your data
Encryption everywhere. AES‑256 at rest, TLS 1.2+ in transit.
Tenant isolation. Row‑Level Security keeps each user’s records separate.
Private network. All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.
Mandatory MFA. Every Marco teammate uses multi‑factor authentication on every device and internal service...
Fine‑grained engineer access. Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments..
30‑day logs. Operational logs are retained for 30 days and then wiped.
Annual security audit. An independent auditor reviews our controls each year as part of Google’s OAuth verification program..
7. Data retention & deletion:
4. How to connect your email accounts
App passwords. Connect any IMAP‑capable provider (including Fastmail, Yahoo, and iCloud) using an app‑specific password.
OAuth (Google & Microsoft). Authorize Marco without sharing your password. Access and refresh tokens are encrypted at rest and only accessible via a private network within a SOC 2 Type 1 compliant hosting platform. Permissions scoped to the minimum possible permissions Marco needs to function.
5. Special notice for Google‑connected accounts
Marco’s use and transfer of information received from Google APIs follows Google’s API Services User Data Policy — including the Limited Use requirements.
Scopes requested. Read, send, and organize Gmail messages.
Purpose. Exactly the same as for IMAP accounts: sync, search, rules, offline access, and notifications.
Annual security assessment. We undergo an independent, Google‑mandated security audit every year as part of our OAuth verification.
Human access. No one at Marco reads your Gmail data unless you explicitly invite us to during a support session.
6. How we protect your data
Encryption everywhere. AES‑256 at rest, TLS 1.2+ in transit.
Tenant isolation. Row‑Level Security keeps each user’s records separate.
Private network. All backend services (except our public API and internal BI tools) run on a non‑routable private network, hosted by a platform that is SOC 2 Type I compliant.
Mandatory MFA. Every Marco teammate uses multi‑factor authentication on every device and internal service...
Fine‑grained engineer access. Only a small, vetted subset of engineers receive just‑in‑time access to production data; internal tools hide message bodies and attachments..
30‑day logs. Operational logs are retained for 30 days and then wiped.
Annual security audit. An independent auditor reviews our controls each year as part of Google’s OAuth verification program..
7. Data retention & deletion:
Data types
Email cache, account data, attachments, credentials, and user settings
Crash logs (Sentry)
Run the rules and filters you create
OAuth tokens
Retention
Deleted immediately and permanently when you delete your Marco account
30 days
30 days
Revoked and deleted as soon as you disconnect the account
You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.
8. Third‑party vendors we trust:
You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.
8. Third‑party vendors we trust:
You can delete your Marco account any time under Settings → Security. We permanently erase all associated data within 24 hours and cannot recover it.
8. Third‑party vendors we trust:
Vendor
WorkOS
Sentry
!
!
!
What they do
Authentication
Crash diagnostics
Safeguards
SOC 2 Type 2 & SOC 3 compliant
Receives crash metadata only; no email content
9. Your controls
Delete everything. One click inside the app.
Disconnect accounts. Remove any email account at any time.
Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.
Questions? Write to security@marcoapp.io.
9. Your controls
Depending on where you live, you may have additional rights over your personal information — for example, under the EU/UK GDPR, California Consumer Privacy Act (CCPA), or similar laws. These can include:
The right to know what personal data we hold about you.
The right to correct inaccurate data.
The right to request deletion (“right to be forgotten”).
The right to object to or restrict certain processing.
The right to obtain a portable copy of your data.
To exercise any of these rights, email support@marcoapp.io. We will respond within 30 days (or the timeframe required by law).
11. Children’s privacy
Marco is intended for users aged 18 and up. We do not knowingly collect information from children. If you believe a child has used Marco, contact us and we will delete the data.
12. Changes to this policy
If we make material changes, we’ll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.
13. How to reach us
The fastest way: security@marcoapp.io
9. Your controls
Delete everything. One click inside the app.
Disconnect accounts. Remove any email account at any time.
Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.
Questions? Write to security@marcoapp.io.
9. Your controls
Depending on where you live, you may have additional rights over your personal information — for example, under the EU/UK GDPR, California Consumer Privacy Act (CCPA), or similar laws. These can include:
The right to know what personal data we hold about you.
The right to correct inaccurate data.
The right to request deletion (“right to be forgotten”).
The right to object to or restrict certain processing.
The right to obtain a portable copy of your data.
To exercise any of these rights, email support@marcoapp.io. We will respond within 30 days (or the timeframe required by law).
11. Children’s privacy
Marco is intended for users aged 18 and up. We do not knowingly collect information from children. If you believe a child has used Marco, contact us and we will delete the data.
12. Changes to this policy
If we make material changes, we’ll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.
13. How to reach us
The fastest way: security@marcoapp.io
9. Your controls
Delete everything. One click inside the app.
Disconnect accounts. Remove any email account at any time.
Export. Your email is ultimately hosted by your email provider; nothing is locked inside Marco.
Questions? Write to security@marcoapp.io.
9. Your controls
Depending on where you live, you may have additional rights over your personal information — for example, under the EU/UK GDPR, California Consumer Privacy Act (CCPA), or similar laws. These can include:
The right to know what personal data we hold about you.
The right to correct inaccurate data.
The right to request deletion (“right to be forgotten”).
The right to object to or restrict certain processing.
The right to obtain a portable copy of your data.
To exercise any of these rights, email support@marcoapp.io. We will respond within 30 days (or the timeframe required by law).
11. Children’s privacy
Marco is intended for users aged 18 and up. We do not knowingly collect information from children. If you believe a child has used Marco, contact us and we will delete the data.
12. Changes to this policy
If we make material changes, we’ll notify you in‑app and/or by email before they take effect. The latest version will always live at marcoapp.io/privacy.
13. How to reach us
The fastest way: security@marcoapp.io
