GDPR

Privacy policy

Last updated : April 19, 2026

At HelloMarkus.ai, we take your privacy seriously. Here we tell you exactly what data we collect, why, how long we keep it, and how you can access or delete it.

Data controller

The data controller for personal data is: HelloMarkus.ai — [registered name to be filled], with its registered office located at [address to be filled]. For any questions: privacy@hellomarkus.ai.

Data collected

During the free diagnostic (/demo)

  • The URL of the site you're analyzing
  • Your email address (only if you fill it in the "unlock your strategy" form)
  • Your IP address, user-agent, and referring page (anonymous analytics)
  • Campaign parameters (UTM) if you come from an ad or tracked link

When creating an account on the app (app.hellomarkus.ai)

  • First name, last name, professional email
  • Company information (name, sector, URL)
  • LinkedIn credentials if you connect this channel
  • Payment information (via Stripe, we never store your card)
  • Your generated content, strategies, calendars — strictly private, never shared

Purposes of processing

Provide the service
Generate your diagnostic, your strategy, your content. Allow you to manage your account, publish on your channels, track your performance.
Transactional communication
Send you your strategy by email, payment confirmations, important product notifications (incident, maintenance). You cannot unsubscribe from these emails — they're necessary to the service.
B2B nurture (legitimate interest, free opt-out)
After your free diagnostic, we may send you 1 to 2 emails max to suggest trying HelloMarkus. You can refuse these communications in one click from any received email. This practice follows French CNIL doctrine on B2B prospects.
Marketing nurture (explicit consent)
If you checked the "receive Markus marketing tips" box when capturing your email, we send you a maximum of 1 email per month with marketing tips. One-click unsubscribe always available.
Analytics
Measure site usage (page views, time spent, conversions). Aggregated data, no individual profiling.

Legal basis (GDPR, Art. 6)

  • Contract performance — for your subscription to function.
  • Legitimate interest — for the 1-2 B2B nurture emails post-diagnostic.
  • Consent — for monthly marketing emails (explicit checkbox).
  • Legal obligation — for invoice retention (accounting, 10 years).

Retention period

  • Anonymous diagnostic without email: 90 days, then automatic deletion.
  • Diagnostic with email, no account: 2 years (standard CNIL timeframe for prospects).
  • Active account: as long as your account exists + 3 years after closure.
  • Invoices: 10 years (legal accounting obligation).
  • Marketing opt-out: email kept only in a suppression list (to respect your choice).

Recipients of your data

Your data is shared only with the following technical providers, strictly for service operation:

  • Supabase Inc. (AWS EU infrastructure) — database hosting and authentication
  • Netlify, Inc. — landing site hosting
  • Anthropic PBC — Claude AI model for strategy and content generation
  • Stripe, Inc. — payment processing (no banking data transits through our servers)
  • Google Fonts / Analytics — fonts and audience analytics
  • LinkedIn Corporation — only if you connect your LinkedIn account

Transfers outside the EU

Some of these providers may process your data outside the EU (notably the United States). In this case, we ensure adequate safeguards are in place (European Commission standard contractual clauses).

Your rights

Under the GDPR and the French Data Protection Act, you have the following rights:

  • Right of access — obtain a copy of the data we hold on you
  • Right to rectification — correct inaccurate information
  • Right to erasure — delete your data (except legal obligations)
  • Right to portability — retrieve your data in a usable format
  • Right to object — refuse processing, notably marketing
  • Right to restriction — temporarily freeze a contested processing
  • Right to withdraw consent at any time (monthly marketing)

How to exercise your rights

To exercise these rights: privacy@hellomarkus.ai. We'll respond within 30 days.

You also have the right to lodge a complaint with the French CNIL (cnil.fr) if you believe your rights are not being respected.

Cookies

We use a minimal number of cookies, all essential for site operation:

  • Session cookie (app.hellomarkus.ai) — to keep you logged in
  • Stripe cookies — to secure payments

No third-party tracking cookies

No third-party analytics cookies (Google Analytics, etc.) without your consent. No mandatory banner since we only use strictly necessary cookies.

Security

We implement appropriate technical and organizational measures to protect your data: encrypted exchanges (HTTPS/TLS), encrypted database at rest, strict access policy, regular audits. No system is infallible; in case of breach, you'll be notified within 72 hours as required by GDPR.

Legal notice · Terms · Cookies · Contact · Back to home