GDPR Compliance

Core Privacy Principles

1. Anonymous-First Architecture

• Default Behavior: All sessions are tracked with anonymous session IDs.

• No Automatic PII Collection: Names, emails, phone numbers are never scraped, inferred, or auto-captured.

• Behavioral Data Only: We analyze clicks, scrolls, hesitations, and engagement—not identities.

// Default tracking – completely anonymous const tracker = new MarkopoloTracker({ projectId: 'YOUR_PROJECT_ID', apiKey: 'YOUR_API_KEY' }); // Result: Anonymous session with no PII

2. Opt-In Identification

PII is collected only when:

• The client explicitly calls an identify() function with user data;

• The user provides information through authenticated or form-based interactions;

• Consent is explicitly granted and recorded.

// PII collection requires explicit client action
tracker.identify('user_123', { email: 'user@example.com', // Only if client provides
name: 'John Doe', // Only if client provides
consent: true // Explicit consent required });

3. Data Minimization

We strictly limit what is collected and processed.

• Session Data:

  • Session IDs, timestamps, event types, URLs

• Behavioral Signals:

  • Scroll depth, click patterns, hesitation signals, engagement metrics

• Model Outputs:

  • Behavioral classifications and predictions (no raw PII stored)

What Markopolo AI does not collect by default

• Names, emails, phone numbers, addresses, payment details, or other PII

• Unless explicitly passed by the client with user consent
  
  
  

GDPR Compliance Features

✅ Lawfulness, Fairness & Transparency (Art. 5.1.a)

• Anonymous by default – no PII unless explicitly provided.

• Clear, configurable consent mechanisms before any identification.

• Transparent data processing, to be disclosed in client privacy notices.

✅ Purpose Limitation (Art. 5.1.b)

• Behavioral data is used exclusively for:

  • Session analytics, personalization, and predictive optimization.

• No secondary processing without additional lawful basis and consent.

• Edge-friendly processing options keep data on the client side where possible.

✅ Data Minimization (Art. 5.1.c)

• Only essential behavioral events are tracked.

• Input masking is available by default (e.g., passwords, payment fields).

• Sensitive data can be explicitly excluded from collection.

// Automatic input masking – recommended configuration
const config = { privacy: { maskAllInputs: true, // Masks all form inputs by default
maskTextSelector: '.sensitive', // Additional CSS selectors
ignoreClass: 'markopolo-ignore' // Exclude elements from tracking } };

✅ Accuracy (Art. 5.1.d)

• Events captured with millisecond precision.

• Session isolation prevents cross-contamination between users.

• Real-time processing reduces risk of acting on stale or outdated data.

✅ Storage Limitation (Art. 5.1.e)

• Configurable data retention policies per project.

• Automatic data expiration based on client settings.

• Full support for “Right to Erasure” workflows (see below).

✅ Integrity & Confidentiality (Art. 5.1.f)

• Encryption:

  • AES-256-GCM at rest

  • TLS 1.3 in transit

• Access Control:

  • JWT-based authentication

  • Role-based access control (RBAC)

• Processing Locations:

  • Edge and regional processing options to support data residency needs.

• Audit Logging:

  • Immutable audit trails for data access and administrative actions.
    
    
    

Data Subject Rights Implementation

Note: Exact API paths and technical endpoints may vary per deployment. The examples below illustrate the supported rights and typical implementation patterns.

Right to Access (Art. 15)

GET /api/users/:userId?project_id=PROJECT_ID Returns: All stored data for the user

Right to Rectification (Art. 16)

PUT /api/users/:userId Body: { "email": "corrected@example.com" }

Right to Erasure / “Right to be Forgotten” (Art. 17)

DELETE /api/users/:userId?project_id=PROJECT_ID
Actions: 1. Deletes user record from identity_users table
2. Anonymizes all associated events (user_id → "deleted_user")
3. Removes all PII while preserving anonymous analytics 4. Deletes aliases and cross-device links

Sample Implementation (Data Layer)

// GDPR deletion – automated erasure + anonymization //

1) Remove user identity await clickhouseClient.command({ query: ` ALTER TABLE identity_users DELETE WHERE project_id = {project_id:String} AND canonical_user_id = {user_id:String} ` }); //
2) Anonymize historical events (analytics preserved, PII removed) await clickhouseClient.command({ query: ` ALTER TABLE events UPDATE user_id = 'deleted_user', properties = '{}' WHERE project_id = {project_id:String} AND user_id = {user_id:String} ` });

Right to Object (Art. 21)

• Unsubscribe mechanisms for email/SMS/WhatsApp communications.

• Opt-out of tracking via consent management tools or custom UI.

• Support for honoring “Do Not Track” or similar browser-level preferences.

POST /api/unsubscribe Body: { "token": "UNSUBSCRIBE_TOKEN" } Result: Immediate opt-out from all communications

Right to Data Portability (Art. 20)

GET /api/users/:userId/export?project_id=PROJECT_ID Returns: JSON export of all user data

Edge-Based Privacy Advantage

Privacy by Architecture

Traditional Server-Side Model: User Action → Server (PII transmitted) → ML Processing → Response ✗ PII frequently leaves the browser ✗ Higher exposure to breach and misuse ✗ Heavy compliance and governance overhead Markopolo AI Model: User Action → Edge / Privacy-aware Processing → Response ✓ PII can remain in the browser where feasible ✓ Reduced exposure and attack surface ✓ Compliance supported by technical design

Benefits

• Reduced PII Transmission: Only transmitted when necessary and lawful.

• Differential-Privacy-Friendly Design: Emphasis on aggregated patterns over individual identities.

• Offline/Edge Capability: Certain logic can run locally to maximize privacy.

• Lower Compliance Overhead: Privacy-by-design reduces many operational risks and costs.
  
  
  

Consent Management

Opt-In Consent Flow (Recommended Pattern)

// Step 1: Initialize tracker (no tracking yet) const tracker = new MarkopoloTracker(config); // Step 2: User accepts cookie / tracking banner if (userAcceptedCookies) { tracker.consent(true); // Tracking starts } // Step 3: User logs in (optional identification) if (userLoggedIn) { tracker.identify(userId, { email: user.email, consent: true, consent_source: 'login_flow' }); }

Default Consent: OFF

• Recording starts only after consent(true) is called.

• Integration with client’s cookie banner / CMP is required before any tracking.

• Consent preferences can be stored client-side and/or server-side (per client policy).

GDPR Requirement

Anonymous sessions, no automatic PII capture✅
Behavioral analytics and optimization only✅
Configurable retention, automatic expiration✅
User data export endpoints✅
Deletion + anonymization of historical events✅
Machine-readable JSON exports✅
Opt-in flows, no default tracking✅
Encryption, RBAC, JWT auth, audit logging✅
Audit trails and monitoring to support client incident response✅

Markopolo AI is built to be GDPR-aligned because we avoid collecting what we do not need.

By focusing on anonymous behavioral patterns instead of personal identities, our platform:

• Reduces compliance complexity for clients;

• Minimizes privacy and security risk;

• Still delivers high-quality predictive and marketing intelligence.

Where PII is required (e.g., for CRM, retention, or personalization use cases), it is processed only with explicit client integration and user consent, and with strong technical safeguards.

Documentation & Contact

• Privacy & Data Protection: https://markopolo.ai/privacy

• GDPR & Compliance Implementation Guide: (Available upon request)

• Security & Architecture Overview: (Available under NDA)
  
  

For any questions related to GDPR, DPIAs, or data processing agreements:

Data Protection & Compliance
📧 dpo@markopolo.ai
📧 compliance@markopolo.ai