Privacy Policy

1. Who We Are and Our Role

Markopolo provides an AI-powered behavioral analytics and marketing automation platform (“Platform”) that helps our clients understand and optimize user engagement across their digital properties.

Depending on the context:

• For data we collect and process about visitors to our own websites and users of our Platform, Markopolo acts as a “data controller”.

• For data processed on behalf of our clients when they integrate Markopolo into their websites, apps, or systems, Markopolo acts as a “data processor”, and our clients are the “data controllers”.

If you have questions about how your data is processed by one of our clients, you should first refer to that client’s own privacy policy.

2. Scope of This Policy

This Privacy Policy applies to:

• Our websites, portals and dashboards;

• Our Platform and software development kits (SDKs), tags, or tracking scripts installed on client properties;

• Our communications and support channels (email, chat, etc.).

This Policy does not apply to third-party websites, services, or applications that may be linked from our services. We encourage you to review the privacy policies of those third parties.

3. Data We Collect

3.1 Anonymous Behavioral Data (Default)

By design, Markopolo operates with an anonymous-first architecture. By default, we do not automatically collect personally identifiable information (PII) such as names, email addresses, or phone numbers.

When the Markopolo tracker or SDK is implemented on a client site, we may collect:

• Session Information

  • Anonymous session ID

  • Page views and URLs visited

  • Timestamps (e.g., session start/end)

• Behavioral Signals

  • Click events and interaction patterns

  • Scroll depth and engagement metrics

  • Hesitation or dwell-time signals

• Technical Data (depending on configuration)

  • Browser type and version

  • Operating system and device type

  • Approximate location based on IP (e.g., country/region), where permitted

This data is used in aggregated or pseudonymized form to power analytics, personalization, and predictions for our clients.

3.2 Optional Identified Data (When Provided by Clients)

Markopolo only processes PII when it is explicitly provided by our clients through:

• An identify() call or equivalent technical integration;

• User login or account flows in the client’s product;

• Form submissions or authenticated interactions, where the client has obtained consent or has another lawful basis.

Such information may include:

• Name;

• Email address;

• Phone number;

• Customer or account ID;

• Other profile attributes the client chooses to send.

This information is under the control of the client (as data controller), and Markopolo processes it strictly in accordance with the client’s instructions and our Data Processing Agreement (DPA).

3.3 Communications & Support Data

When you contact us directly (for example, via email or a contact form), we may collect:

• Your name;

• Email address;

• Company information;

• The content of your message and any attachments;

• Support and communication history.

3.4 Cookies and Similar Technologies

We use cookies and similar technologies (such as local storage, pixels, or tags) to:

• Enable essential Platform functionality;

• Remember user preferences;

• Measure performance and improve our services;

• Support our clients’ analytics and marketing workflows.

For client implementations, cookie usage and consent are managed jointly with our clients’ consent mechanisms (e.g., cookie banners or consent management platforms).

4. How We Collect Data

We may collect data:

• Directly from you
  When you create an account, contact us, or subscribe to communications.

• Automatically through our technologies
  Through our SDKs, trackers, or cookies when you interact with our websites or when you visit a client’s site that uses Markopolo.

• From our clients
  When they provide us with user identifiers or PII as part of their integration with Markopolo.

We do not scrape, infer, or automatically harvest PII from content, forms, or pages. Any PII processed by our Platform is only that which is intentionally sent by our clients with appropriate legal basis.

5. Legal Bases for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases to process personal data:

• Performance of a Contract
  To provide, maintain, and support the Platform under our contracts with clients and users.

• Consent
  For tracking and analytics that require consent (e.g., non-essential cookies, marketing communications). Consent is typically obtained by our clients from their end users and may be withdrawn at any time.

• Legitimate Interests
  To improve our services, ensure security and fraud prevention, and understand product usage, provided these interests are not overridden by your privacy rights.

• Legal Obligations
  To comply with applicable laws, regulations, and lawful requests from authorities.

6. Purposes for Which We Use Data

We use data for the following purposes:

1. Provision of the Platform

   • Deliver core analytics, behavioral intelligence, and automation capabilities to our clients.

2. Personalization and Optimization

   • Help clients personalize experiences, optimize funnels, and improve customer journeys based on anonymous and/or consent-based data.

3. Security and Abuse Prevention

   • Detect and prevent security incidents, fraudulent activities, or misuse of our services.

4. Service Improvement and Analytics

   • Analyze usage, monitor performance, and develop new features.

5. Customer Support and Communications

   • Respond to inquiries, provide technical support, and communicate important updates.

6. Legal and Compliance

   • Fulfill legal obligations, respond to legal processes, and manage disputes.

7. Data Minimization and Retention

Data Minimization

In line with GDPR’s data minimization principle:

• Anonymous session tracking is the default;

• Only essential behavioral events are collected for analytics and optimization;

• Input masking features can be enabled to prevent capture of sensitive fields (e.g., passwords, payment details);

• PII is only processed if explicitly provided by the client with a valid legal basis.

Retention

We retain data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. Retention periods may vary depending on:

• The type of data;

• Our contractual commitments;

• Legal retention requirements.

Upon expiry of the relevant retention period, data is either deleted, anonymized, or aggregated so that individuals are no longer identifiable.

8. International Data Transfers

Markopolo is a global company and may process data on servers located in different jurisdictions. Where personal data is transferred from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that do not provide an equivalent level of data protection, we implement appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission; and/or

• Other lawful transfer mechanisms under applicable data protection laws.

You may request more information about our transfer safeguards by contacting us (see Section 13).

9. Security Measures

We take appropriate technical and organizational measures to protect data, including:

• Encryption of data in transit (e.g., TLS 1.3) and at rest (e.g., AES-256);

• Strict access control using authentication and role-based access control (RBAC);

• Network and application-level security, including monitoring and logging;

• Regular review of security controls and procedures;

• Employee confidentiality obligations and security training.

While we strive to protect all data, no method of transmission or storage is completely secure. In the event of a data breach that affects personal data, we will take steps required under applicable law, including notifications to clients and/or authorities, as appropriate.

10. Data Subject Rights (GDPR and Similar Laws)

Where GDPR or similar data protection laws apply, individuals have certain rights regarding their personal data. These may include:

• Right of Access
  To obtain confirmation as to whether we process personal data about you and, if so, to receive a copy.

• Right to Rectification
  To request correction of inaccurate or incomplete personal data.

• Right to Erasure (“Right to be Forgotten”)
  To request deletion of personal data in certain circumstances.

• Right to Restriction of Processing
  To request limitation of processing where you contest accuracy, lawfulness, or necessity of the data.

• Right to Data Portability
  To receive personal data in a structured, commonly used, and machine-readable format and, where technically feasible, transmit it to another controller.

• Right to Object
  To object to processing based on legitimate interests, and to object at any time to processing for direct marketing.

• Right to Withdraw Consent
  Where processing is based on consent, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

Exercising Your Rights

If Markopolo is acting as data controller (e.g., for our own website and account data), you can exercise your rights by contacting us using the details in Section 13.

If Markopolo is acting as data processor (e.g., on a client’s website or app), you should direct your request to the relevant client (the data controller). We will assist them in fulfilling your request in accordance with our contractual obligations and applicable law.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

11. Cookies and Consent Management

Our services and Platform may use:

• Strictly necessary cookies – required for basic functioning of the services;

• Analytics cookies – to understand usage and performance;

• Functional or preference cookies – to remember settings and choices;

• Marketing cookies – where applicable and only with valid consent.

Clients integrating our tracker are responsible for:

• Implementing appropriate cookie banners and consent management tools;

• Ensuring that tracking only begins after required consent is obtained (e.g., via consent(true) logic);

• Maintaining accurate records of user choices and consent where required by law.

You can manage or disable cookies in your browser settings. However, disabling certain cookies may affect the functionality of our services.

12. Children’s Privacy

Our Platform is generally not directed to children under the age of 16 (or the relevant age of digital consent in your jurisdiction), and we do not knowingly collect personal data from children without appropriate consent.

If you believe that we have collected personal data from a child without proper consent, please contact us immediately so we can take appropriate steps, including deletion where required.

13. Contact Information

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, you can contact us at:

Markopolo AI – Data Protection & Privacy
📧 dpo@markopolo.ai
📧 compliance@markopolo.ai

(You may also contact us using the contact details available on our website.)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page, and

• Provide additional notice where required by law (e.g., via email or in-product notices).

We encourage you to review this Privacy Policy periodically to stay informed about our information practices.