Privacy Policy

Last updated: January 20, 2025

1. Introduction

MarcoDocs (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our documentation hosting service.

2. Information We Collect

Information You Provide

• Account Information: Email address and display name when you create an account
• Organization Data: Organization names and member information you add
• Content: Documentation, API specifications, and other content you upload
• Payment Information: Processed securely through Stripe (we don't store credit card details)

Information Automatically Collected

• Authentication Data: User ID and authentication timestamps via Firebase Auth
• Activity Logs: Actions you take within the service (for security and debugging)
• Usage Analytics: How you interact with our service, which features you use, and page views (via Google Analytics)
• Technical Information: Browser type, operating system, device type, screen resolution, and anonymized IP addresses
• Performance Data: Page load times, error reports, and service reliability metrics
• IP Addresses: Temporarily logged for security, rate limiting, and debugging (not used for tracking)
• Cookies: Essential cookies for authentication and analytics

Information We DON'T Collect

• Personal information beyond email and name
• Precise location data
• Browsing behavior across other sites
• Sensitive personal information (health, financial, etc.)
• Information about children under 13

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Authenticate your identity and manage access
• Process payments for premium features
• Send service-related communications
• Respond to your requests and support needs
• Analyze usage patterns to improve the Service
• Identify and fix technical issues
• Develop new features based on user behavior
• Implement rate limiting and prevent abuse
• Index and enhance documentation search capabilities
• Provide AI-powered features (with your consent)
• Protect against fraudulent or illegal activity
• Comply with legal obligations

4. How We Store and Protect Your Data

We take the security of your data seriously and implement multiple layers of protection:

• Encryption in Transit: All data is encrypted via HTTPS/TLS
• Encryption at Rest: Data is encrypted on our servers using industry standards
• Access Control: Employee access is strictly limited, logged, and audited
• Infrastructure Security: Secure cloud infrastructure with regular security updates
• Monitoring: 24/7 monitoring for security threats and anomalies
• Backups: Regular encrypted backups in geographically distributed locations
• Regular Audits: Security assessments and penetration testing

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We share data only with:

• Service Providers:
  • Google (Firebase for auth/database, Analytics for usage insights)
  • Stripe (payment processing)
  • Cloud infrastructure providers (hosting and storage)
  • AI service providers (for enhanced features, with your consent)
  • Search and indexing services (to improve documentation discovery)
• Your Content Processing: We may process your documentation content through third-party services to provide features like search, AI chat, and content suggestions. This processing is done securely and only for providing requested features.
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with a merger or acquisition (with notice)
• Aggregated Data: We may share anonymized, aggregated data that cannot identify you

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update inaccurate information
• Delete: Request deletion of your account and data
• Export: Receive your data in a portable format
• Object: Opt out of certain uses of your data
• Restrict: Limit how we process your data

7. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how you use the Service to make improvements
• Performance Cookies: Monitor site performance and identify issues
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling essential cookies will prevent you from using the Service.

8. Analytics and Improvements

We collect analytics data to improve our Service. This includes:

• Usage Patterns: Which features are most/least used
• User Journeys: How users navigate through the Service
• Performance Metrics: Load times, error rates, and reliability
• Feature Adoption: How new features are being used

Analytics data is aggregated and anonymized where possible. We do not use this data for advertising or sell it to third parties.

9. AI and Content Processing

To enhance your documentation experience, we may offer AI-powered features:

• Search Enhancement: Indexing your content for better search results
• AI Chat: Enabling users to ask questions about your documentation
• Content Suggestions: Recommending improvements or related content
• Auto-categorization: Organizing content intelligently

Important: AI features that process your content will be opt-in. We will clearly explain what data is processed and obtain your consent before enabling these features. You maintain ownership of all your content.

10. Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 90 days of account deletion
• Backups: May persist in backups for up to 90 days
• Legal Obligations: Some data may be retained longer if required by law
• Anonymized Data: May be retained indefinitely for service improvement

11. Employee Access and Government Requests

Employee Access: Access to customer data is strictly limited to employees who need it to perform their jobs. All access is logged and regularly audited. Employees are bound by strict confidentiality agreements.

Government Requests: We will never voluntarily share your documentation content with government agencies. If legally compelled to provide data:

• We will review the validity of the request
• We will challenge overbroad or invalid requests
• We will notify you unless legally prohibited
• We will provide only the minimum data required

12. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

14. Security Incidents

In the event of a data breach that may affect your personal information, we will notify you as required by applicable law and take appropriate steps to mitigate harm.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page
• Updating the “Last Updated” date
• Sending an email notification for significant changes

By continuing to use the Service after changes take effect, you agree to the revised Privacy Policy.

16. Contact Us

For privacy-related questions or to exercise your rights:

• Use our contact form
• Email us at the address provided in your account settings
• Response time: Within 30 days for most requests

17. Region-Specific Rights

European Economic Area (EEA): Additional rights under GDPR including data portability and lodging complaints with supervisory authorities.

California Residents: Additional rights under CCPA including the right to know what personal information is collected and the right to non-discrimination.