Legal
Privacy Policy
Last updated: July 15, 2026
The short version
We collect the minimum amount of data needed to operate the service. We do not sell your data, and we do not use it to train AI models. We use a small set of well-regarded vendors to host, store, and deliver. You can export or delete your data at any time. Analytics and advertising measurement run on markio-owned platform pages. We currently market to businesses in the United States.
If you connect a Google Business Profile, we access your Google business data (such as your locations, reviews, and posts) only to power the features you turn on in your dashboard. Our use of information received from Google APIs follows the Google API Services User Data Policy, including its Limited Use requirements. Section 5 covers this in full.
If you connect Google Analytics or Google Search Console, we use read-only access to display the properties, traffic metrics, landing pages, and search-performance reports you request in your dashboard. We do not modify your Google Analytics or Search Console data.
If a business owner turns on the optional on-site AI chat assistant, we also process the conversations their site visitors have with it, and the contact details those visitors choose to share. Section 2 explains exactly what that involves.
1. Who we are
markio ("markio", "we", "us") is a small-business website and online-presence platform operated by Intuico Digital at usemarkio.com. We are based in Arizona, USA, and process data in the United States.
2. What we collect
Account information
- Email address (used for sign-in and product communication)
- Password hash (never the password itself)
- If you sign in with Google, your basic Google profile (name, email address, and profile image) as provided by Google Sign-In
- Contact email per business (where contact form leads go)
- Account creation timestamp
Content you create
- Site documents (pages, blocks, copy, color choices, layouts)
- Images uploaded or selected during onboarding
- Chat messages exchanged with the AI editor
- On-site chatbot settings you configure (greeting, persona, suggested prompts)
Scraped data
When you submit a URL during onboarding, we crawl selected pages of that website to extract content (headings, paragraphs, images, contact details, navigation). We store this scraped data associated with your business so we can re-generate or refine your site later.
Google Business Profile connection (optional)
If you choose to connect your Google account to manage your Google Business Profile through markio, we access — via Google's Business Profile APIs, using the https://www.googleapis.com/auth/business.manage scope — the following, only for the business locations you choose to manage:
- Your Business Profile accounts and locations (business name, address or service area, categories, hours, attributes, and similar profile details)
- Reviews left on your locations, and review replies you publish through markio
- Posts and media you create, schedule, or publish to your locations through markio
- Performance and status information used to sync your dashboard with Google
To make these features work, we store the OAuth access and refresh tokensGoogle issues for your connection, plus the connection's status, in our database (Supabase). These tokens let markio call Google on your behalf to perform the actions you initiate; they are never shared with other customers or used for advertising. You can disconnect at any time (Section 8), which deletes the stored tokens. Revoking access in your Google Account permissions also immediately ends markio's access.
Google Analytics and Search Console connections (optional)
If you choose to connect Google Analytics or Google Search Console, markio requests only the read-only scopes https://www.googleapis.com/auth/analytics.readonly and/or https://www.googleapis.com/auth/webmasters.readonly. We access only the Google account and properties you authorize so we can display their reports inside your markio dashboard.
- For Google Analytics, we access your authorized account and property names and identifiers, landing-page paths, sessions, active users, and page-view counts for the displayed reporting period.
- For Search Console, we access your authorized site URLs and permission levels, search queries, clicks, impressions, click-through rates, and average search positions for the displayed reporting period.
- For both connections, we store your connected Google email, available and selected property metadata, the most recently synced dashboard snapshot, connection timestamps and status, and encrypted OAuth access and refresh tokens.
This information is used only to let you select a property, view its read-only performance dashboard, and refresh that dashboard on demand. It is not used for advertising, sold, included in tenant-site analytics, or sent to our AI providers. Disconnecting either integration deletes its stored tokens, property metadata, and report snapshot from our active database. Revoking access in your Google Account permissions also prevents further API access.
Leads captured on tenant sites
When a visitor submits a contact form — or shares their details with the on-site AI assistant — on a site you built with markio, we store that lead (name, email, optional phone, message, the page or context it came from, and a timestamp) so it appears in your dashboard, and we forward a copy to your registered contact email. These leads belong to the business that owns the site; markio acts as a service provider/processor on that business's behalf.
On-site AI chat assistant (optional, when enabled)
If a business owner enables the on-site AI assistant on their site, then when a visitor chats with it we process:
- The conversation transcript(the visitor's messages and the assistant's replies), stored so the assistant has context and so the business owner can see what produced a lead
- A hashed, non-reversibleversion of the visitor's IP address plus their browser user-agent, used only for rate-limiting and abuse prevention — we do not store the raw IP
- Any contact details the visitor chooses to submit through the assistant (handled as a lead, above)
To generate replies, the visitor's messages and a summary of the business's own website content are sent to our AI provider (OpenRouter / Google Gemini — see Section 4). The assistant only answers from the business's own content; it is not used to profile visitors or for advertising, and these transcripts are not used to train AI models.
Usage and billing data
Basic logs: requests served, page renders, errors, product usage, aggregate Google Analytics traffic data for markio-owned platform pages, paid-ad attribution events for markio's own ads, product analytics (PostHog), and AI usage. We meter AI actions (for example, AI edits and chatbot replies) as "AI Credits" so we can show your usage and bill correctly; this includes token counts and the type of action, not the content. When you purchase AI Credits or a paid plan, payment is handled by our third-party payment processor, Stripe — markio never receives or stores your full card number.
3. How we use your data
- To provide and operate the Service (authentication, hosting your sites, sending lead notifications)
- To generate site content with AI based on your inputs
- To perform the Google Business Profile actions you initiate (reading reviews, posting, replying, syncing) when you connect a Google account
- To list the Google Analytics properties and Search Console sites you authorize and display their read-only traffic and search performance reports in your dashboard
- To send transactional emails (password resets, lead notifications, account updates)
- To monitor and prevent abuse (rate limiting, quota enforcement)
- To improve the Service (aggregate usage analytics)
We do not use your data to train AI models. We do not sell your data. We share limited website and conversion events with advertising and analytics platforms so we can understand product usage and measure markio's own paid ads.
4. Who we share data with
We use these third-party processors strictly to operate the Service:
- Supabase (USA) — authentication and structured data storage, including Google connection tokens. Privacy policy.
- Cloudflare R2 + CDN (global edge, primary US region) — image and asset delivery. Privacy policy.
- Google (USA) — Google Sign-In, Google Analytics, Search Console, and the Google Business Profile APIs. We use a separate platform-owned Google Analytics property for aggregate traffic measurement on markio-owned pages. When you connect your own Google account, markio exchanges data with Google only to perform the Business Profile actions or display the Analytics and Search Console reports you request. Privacy policy.
- Meta(USA) — advertising measurement for markio's own Meta ads, including Pixel and Conversions API website events such as page views, registration, site creation, and subscription events. Privacy policy.
- PostHog (USA) — product-event analytics, error monitoring, and privacy-masked session replay on selected markio-owned marketing, onboarding, site-overview, and editor pages. Form inputs are masked, and billing, lead, account, administrative, and connected Google data pages are excluded from replay. Privacy policy.
- Plausible Analytics (EU/USA) — privacy-oriented aggregate traffic measurement on markio-owned platform pages when enabled. Privacy policy.
- Crisp (France/USA) — live chat widget on markio-owned pages. Privacy policy.
- Sentry (USA) — error and performance monitoring and privacy-masked diagnostic replay for the markio application. Text and inputs are masked by default, and the Google Analytics and Search Console integration panel is blocked from replay capture. Privacy policy.
- OpenRouter + Google Gemini(USA) — large language model inference. We send your AI-editor chat messages and scraped data, and — where the on-site chatbot is enabled — your site visitors' chatbot messages, so the AI can respond. OpenRouter privacy, Google Gemini privacy.
- Stripe (USA) — payment processing for paid plans and AI Credits. Stripe receives your payment details directly; markio never sees your full card number. Privacy policy.
- Resend (USA) — transactional email delivery. Privacy policy.
- Openverse (US/global) — stock photo search. Search queries you make are sent to Openverse to fetch results. Privacy policy.
- Vercel (USA) — application hosting. Privacy policy.
We may share data when required by law (subpoena, court order) or to protect the rights, property, or safety of markio, our users, or the public. We do not otherwise sell or rent your personal data.
5. Google user data & Limited Use
When you connect a Google account, markio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide and improve the user-facing features you enable in markio (managing your Business Profile locations, reviews, posts, and related actions; or displaying your authorized Analytics and Search Console reports).
- We do not transfer Google user data to others except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition with appropriate notice.
- We do not use Google user data for serving advertising, and we do not sell it.
- We do not use Google user data to train, fine-tune, or develop generalized/standalone AI or machine-learning models.
- We do not allow humans to read Google user data unless (a) you give explicit consent for specific data, (b) it is necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
Google connection tokens are stored securely and are used solely to make the API calls needed for the actions you initiate. You can revoke markio's access at any time (Section 8).
6. Where your data is stored
All data is stored on infrastructure located in the United States. We chose providers (Supabase, Cloudflare, Stripe, Resend, Vercel) that offer SOC 2 compliance and follow standard cloud-security practices.
If you are accessing the Service from outside the US, you consent to your data being transferred to and processed in the US.
7. Cookies and similar technologies
markio uses cookies and browser storage for essential functions and for analytics / advertising measurement on markio-owned platform pages (such as the marketing site and dashboard). We do not intentionally load analytics or ad-measurement scripts on tenant websites under /sites/*.
- Authentication cookies (set by Supabase) — keep you signed in
- Google Analytics cookies — aggregate traffic and product-page usage on markio-owned platform pages
- Meta Pixel cookies — measure markio ad performance and correlate browser events with server-side conversion events
- PostHog cookies / local storage — product-event analytics, exception reporting, and privacy-masked session replay on selected markio-owned pages; form inputs and sensitive account, billing, lead, administrative, and connected Google data surfaces are excluded from replay
- Plausible — may use a lightweight cookie or similar identifier when enabled for aggregate traffic measurement
- Crisp — chat widget session cookies on markio-owned pages
You can limit cookies through your browser settings. Blocking essential authentication cookies will prevent you from staying signed in. If you are a California resident and want to opt out of sale/sharing for cross-context behavioral advertising, email hello@usemarkio.com— we do not sell personal information, but we use ad-measurement tools that may qualify as "sharing" under some state laws.
8. Your rights
You can:
- Access the data we hold about you — emailable upon request
- Correct inaccurate data — most fields are editable from your dashboard directly
- Disconnect Google— remove a connected Google Business Profile, Google Analytics property, or Search Console site at any time from the integration's settings in your dashboard. This deletes that connection's stored tokens and integration data. You can also revoke access directly at Google Account permissions.
- Deleteany business you've created from its Settings page. This permanently removes the scraped data, generated site, downloaded images, and chat history.
- Delete your entire account — from Account settings in your dashboard (permanent; cancels billing; removes Google connections). Or email hello@usemarkio.com if you cannot sign in.
- Export your site data — currently available as a JSON dump on request; in-product export is on our roadmap
- Object to specific processing — email us; we will accommodate where legally possible
If you are in the EU/UK, you have additional rights under the GDPR/UK GDPR including the right to lodge a complaint with your data-protection authority. If you are a California resident, you have rights under the CCPA/CPRA, including the right to know, delete, and correct, and the right not to be discriminated against for exercising them; markio does not sell or share personal information as those terms are defined under the CCPA/CPRA.
9. Data retention
We retain your data for as long as your account is active. When you delete a business, its scraped data, site doc, chat history, images, captured leads, and on-site chatbot transcripts are removed. When you disconnect a Google integration, its stored Google tokens, connection metadata, and cached report snapshot are deleted. When you delete your account from Account settings, associated data is removed promptly (typically within minutes). Email requests are processed within 30 days. Some records may be retained where required for legal or operational purposes (e.g. fraud-prevention logs, financial records).
Business owners can also delete individual leads and chatbot transcripts, or request their deletion, by emailing us. A visitor who chatted with an on-site assistant can ask the business that owns the site (or markio) to delete their conversation.
10. Children
markio is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, email us and we will delete it.
11. Security
We follow industry-standard practices for storing and transmitting data, including TLS encryption in transit, encryption at rest via our cloud providers, and least-privilege access controls on internal systems. No system is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials safe.
12. AI training disclosure
We do not use your data — including your content, AI-editor chats, on-site chatbot transcripts, or Google user data — to train AI models. The third-party model providers we use (OpenRouter, Google) have their own policies on training data; we send requests in a way intended not to be retained for training, but you should review their privacy policies for current details.
13. Changes to this policy
We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. If a change materially reduces your rights, we'll email you before it takes effect.
14. Contact us
Questions about your data or this policy? Email hello@usemarkio.com.
See also our Terms of Service.