Privacy Policy

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (DSG) is:

2.1 Account Registration

When you create an account, we collect your email address and a hashed version of your password. This data is required to provide the service (legal basis: Art. 6(1)(b) GDPR — performance of a contract).

2.2 API Usage Data

When you use the MarkMyAI API (/v1/mark, /v1/detect), we process:

• The image URL provided (not stored permanently — fetched, processed, discarded)
• A SHA-256 hash and perceptual fingerprint of the image (stored in audit log)
• Metadata you provide: ai_model, creator, purpose
• Timestamp of the request
• Your user ID linked to your API key

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interests — fraud prevention, audit integrity).

2.3 Images Uploaded for Compliance Checking (/check)

Images uploaded to the free compliance checker are processed in memory only. We do not store the image file. The result (metadata analysis) is displayed to you and discarded after your session ends.

2.4 Waitlist Email

If you sign up for our waitlist, we collect your email address to notify you about product updates. Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by emailing hello@markmyai.com.

2.5 Product Emails (Onboarding & Usage)

After account creation, we may send you service-related emails to help you get started (onboarding tips, feature highlights) or to inform you about your plan usage. These emails are based on our legitimate interest in providing a good user experience (Art. 6(1)(f) GDPR).

You can unsubscribe at any time via the link at the bottom of each email, or in your Dashboard Settings. Transactional emails (password reset, billing confirmations) are not affected by this setting.

2.6 Log Data

Our hosting infrastructure (Vercel) automatically collects standard server log data including IP address, browser type, referring URL, and timestamps. This data is retained for up to 30 days for security purposes. Legal basis: Art. 6(1)(f) GDPR.

2.7 Website Analytics (Google Analytics 4)

If you explicitly consent via our consent banner, we use Google Analytics 4to understand which pages are visited, how visitors arrive on the site, and which product pages or flows are effective. We configure analytics without advertising features and with IP anonymization. Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time via the privacy settings on the website.

2.8 Payment Data

Payment processing is handled by Stripe. We do not store your full payment card details. Stripe acts as a data processor under a Data Processing Agreement. Please review Stripe's Privacy Policy.

All US-based processors operate under Standard Contractual Clauses (SCCs) or are covered by the EU–US Data Privacy Framework, providing adequate safeguards for data transfers outside the EEA under Art. 46 GDPR.

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
• Audit log entries (fingerprints, hashes): Retained for 7 years — these form the compliance evidence chain required by the EU AI Act.
• Waitlist emails: Until you withdraw consent or we complete the launch notification.
• Server logs: Up to 30 days.
• Analytics data: According to the retention settings configured in Google Analytics, or until consent is withdrawn where applicable.

You have the following rights regarding your personal data:

• Access (Art. 15): Request a copy of the data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate data.
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Restriction (Art. 18): Request that processing be restricted.
• Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interests.
• Withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time.

You can exercise many of these rights directly in your Dashboard Settings:

• Export your data — download a complete JSON export of all data we hold about you.
• Delete your account — permanently erase your account, marks, audit log, API keys, and email history.
• Email preferences — opt out of onboarding and marketing emails at any time.

For any other requests, contact us at hello@markmyai.com. We will respond within 30 days.

You have the right to lodge a complaint with a supervisory authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC). If you are located in the EU, you may contact your national data protection authority.

We use technically necessary cookies (session cookies) required for authentication and security. If you explicitly consent, we also use analytics cookies from Google Analytics 4. We do not use advertising cookies. See our Cookie Policy for details.

We may update this privacy policy from time to time. Material changes will be communicated by email to registered users or by a prominent notice on this page. The date at the top of this page indicates when it was last updated.