Privacy Policy

Last updated: March 25, 2026

1. The Short Version

We collect what we need to run the platform and nothing more. Your data is yours. We don't sell it, we don't use it to train AI models, and we don't share it with anyone except the services needed to operate Markli (Anthropic for AI, Stripe for payments, and the social platforms you choose to connect).

2. What We Collect

Account Data

When you register: name, email address, and password. Passwords are hashed with bcrypt — we never store or see your plain text password. If you sign in with Google, we receive your name, email, and profile image from Google's OAuth.

Brand and Project Data

When you create a project, we collect: the website URL you provide, any additional links (social profiles, about pages, portfolios), and the brand description you write in your own words. We crawl these publicly accessible web pages to understand your brand. From this, we generate your brand agent persona (voice, tone, messaging, audience profile).

AI-Generated Content

Everything the AI creates for you is stored: blog posts, social media posts, marketing plans, SEO reports, competitor analyses, content calendars. This is your content — we store it so you can access, edit, and publish it.

Social Media Tokens

When you connect Twitter/X, Instagram, Facebook, LinkedIn, or Medium, we store OAuth access tokens and refresh tokens so we can publish content on your behalf. These tokens are encrypted at rest using AES-256-GCM. We can only do what you authorize — posting content. We cannot read your DMs, change your passwords, or access private data beyond what the platform's OAuth scope allows.

Payment Data

Credit card payments go through Stripe. We store your Stripe customer ID and subscription ID — we never see or store your card number. If you pay with stablecoins (Solana), we store your wallet address and transaction references.

Hosted Blog Data

If you use our hosted blog, your blog posts, metadata, and any custom branding (logo, colors, analytics snippet) are stored and served publicly on your domain. Visitors to your blog are not tracked by us — if you add your own analytics (Google Analytics, Plausible, etc.), that's between you and that analytics provider.

Usage Data

We track which features you use, how many agent runs you execute, and basic page views. This helps us understand what works and what to improve. We do not track you across other websites.

3. What We Do With Your Data

  • Run the platform — generate content, manage your projects, publish to connected platforms
  • Create your brand agent persona from your website and description
  • Process payments and manage subscriptions
  • Calculate and pay referral commissions
  • Send transactional emails (account confirmations, billing notifications, important updates)
  • Improve the Service based on aggregated, anonymized usage patterns

4. What We Don't Do

To be explicit:

  • We don't sell your data. Not to advertisers, data brokers, or anyone else. Ever.
  • We don't use your content to train AI models. Your brand data, blog posts, and marketing content are used only to serve you. Anthropic's commercial API terms also prohibit using API inputs for model training.
  • We don't send marketing emails unless you opt in. Transactional emails only (billing, security, critical product updates).
  • We don't track you across the web. No cross-site tracking, no advertising pixels, no fingerprinting.
  • We don't share your data with "partners" — there is no vague list of unnamed third parties getting your information.

5. AI Processing — Exactly What Gets Sent

When the AI generates content for you, here is specifically what gets sent to Anthropic (Claude):

  • Brand agent creation: Your website's public text content (what any visitor can see), the additional URLs you provide, and the brand description you write
  • Content generation: Your brand agent persona, the topic/brief, and relevant project context (SEO keywords, audience data)
  • Website analysis: Your website's publicly visible HTML, text, and metadata
  • SEO/competitor analysis: Your website data and publicly available competitor website data

We do not send Anthropic your account credentials, payment information, social media tokens, private messages, or any data unrelated to the specific AI task being performed.

Anthropic's commercial API does not use inputs or outputs for model training. Their data retention and processing terms are available at anthropic.com.

6. Who Else Sees Your Data

Only the services strictly necessary to operate Markli:

  • Anthropic (Claude): Receives project content for AI generation, as described above
  • Stripe: Processes your payments. Receives your email and billing details
  • Social platforms you connect: Receive the content you publish through Markli (tweets, posts, articles). Only platforms you explicitly authorize
  • Medium: If you enable cross-posting, article content and canonical URLs are sent to Medium's API
  • Your hosted blog visitors: Blog content you publish is publicly accessible. We include a "Powered by Markli" footer with your referral link unless removed via a paid add-on

We will disclose data if legally required (court order, subpoena, law enforcement request). If that ever happens, we'll notify you unless legally prohibited from doing so.

7. Data Security

What we do to protect your data:

  • All traffic is encrypted via HTTPS/TLS
  • Passwords are hashed with bcrypt (we never store them in plain text)
  • Social media OAuth tokens are encrypted at rest with AES-256-GCM
  • The database is not publicly accessible — it only accepts connections from our application servers
  • Infrastructure runs on dedicated servers (Hetzner), not shared hosting

No system is 100% secure. We take reasonable precautions, but we cannot guarantee that a breach will never happen. If one does, we will notify affected users promptly.

8. Data Retention and Deletion

We keep your data for as long as your account is active. When you delete your account:

  • Account credentials and profile data — deleted immediately
  • Social media tokens — deleted immediately
  • Projects, brand agents, AI-generated content, marketing plans — deleted within 7 days
  • Hosted blog content — stays live for 30 days (so you can redirect or migrate), then permanently deleted
  • Payment records (Stripe customer ID, invoice history) — retained as required by tax law
  • Referral commission records — retained as required by financial regulations

If you want your data deleted sooner, email us at hi@markli.ai and we'll handle it manually.

9. Cookies

We use essential cookies only:

  • Session cookie: Keeps you logged in. Expires when you close your browser or after 30 days.
  • CSRF token: Prevents cross-site request forgery attacks.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. If we add optional analytics in the future, it will be opt-in.

10. Your Rights

Depending on where you live, you have the right to:

  • See your data: Request a copy of everything we store about you
  • Fix your data: Correct any inaccurate information
  • Delete your data: Request full deletion of your account and data
  • Export your data: Download your content in standard formats (JSON, HTML)
  • Stop processing: Object to specific uses of your data

To exercise any of these, email hi@markli.ai. We respond within 14 days.

11. International Data

Markli's servers are hosted in Germany (Hetzner). Your data may also be processed in the United States by Anthropic (AI processing) and Stripe (payments). Both companies maintain data processing agreements compliant with GDPR and other applicable regulations.

12. Age Requirement

Markli is for users 18 and older. We do not knowingly collect data from anyone under 18. If we discover we have, we'll delete it immediately.

13. Changes

If we change this policy, we'll email you about material changes at least 14 days before they take effect. The date at the top tells you when the policy was last updated.

14. Contact

Questions about your data or this policy? Email hi@markli.ai.