marking
Legal · Privacy

Privacy policy

Plain-language overview

Markingo Systems Inc. is a private company based in Vancouver, British Columbia. We only collect what we genuinely need, never sell personal information, never share it with advertisers, and answer every privacy request within 30 days. The full policy lives below; the headlines fit on one page.

PIPEDA
Canada federal
BC PIPA
British Columbia
CASL
Anti-spam law
GDPR
European Union
UK GDPR
United Kingdom
CCPA / CPRA
California
Effective May 14, 2026Last updated May 14, 2026See cookie policy →See terms of service →
01

The short version

  • We only collect what we genuinely need to evaluate fit, deliver our services, run the free tools at markingo.io/tools, and improve the site.
  • We never sell personal information. We never share it with advertisers.
  • We use a small set of trusted processors (listed in §04) to host the site, send email, deliver images, and measure aggregate traffic.
  • You can ask us at any time to access, correct, port, or delete your personal information. We respond within 30 days, free of charge.
  • For privacy questions or to exercise your rights, email privacy@markingo.io.
02

Who is responsible

The organisation responsible for your personal information under PIPEDA, and the data controller under GDPR, is:

Markingo Systems Inc.
Vancouver, British Columbia, Canada
Privacy contact: privacy@markingo.io

Our Privacy Officer is reachable at the address above and is responsible for compliance with PIPEDA, BC PIPA, and all other applicable laws. Under BC PIPA we are accountable for personal information in our custody or control, including information we transfer to a service provider.

03

What we collect, and why

We collect personal information through three surfaces. We list every field below so you can see exactly what comes in.

3.1 Contact and lead capture form

When you complete the form on /contact or one of the inline forms across the site, we collect:

  • Your name, email address, and (optionally) company, role, and budget range.
  • The goals you check and the free-form message you write.
  • The page you submitted from, the referring site, and any UTM parameters present in the URL.
  • Your IP address and browser user-agent string, captured automatically by our server for fraud prevention.
  • A first-touch and last-touch JSON payload that captures basic visit context (entry page, referrer, UTM set). We do not capture mouse movements, keystrokes, or screen recordings.

Purpose: to evaluate fit, to respond to your inquiry, and (if you become a client) to negotiate and ship our services. Legal basis under GDPR: Art. 6(1)(b) pre-contractual steps and Art. 6(1)(f) legitimate interest. Under PIPEDA and BC PIPA: collected with your knowledge and consent for purposes a reasonable person would consider appropriate.

3.2 Newsletter

If you subscribe to our newsletter we store your email address with our email service provider for the sole purpose of sending the newsletter. We do not append any other data to it. You can unsubscribe with one click from any newsletter we send. We honour unsubscribes within ten business days per CASL.

3.3 Markingo X-Ray free tools

When you run a tool at /tools we collect the inputs you provide (for the Citation Checker that means the domain you enter and any vertical override). We persist a record of every run for two reasons:

  • To enforce daily and lifetime rate limits per IP (free tier) or per email (email-gated) so the tool stays free for everyone.
  • To feed an aggregated, anonymised dataset called the Markingo Living Index, our quarterly benchmark report on B2B SaaS AI citation patterns. Aggregated means the report never identifies an individual brand or visitor.

If you choose to unlock the full report by submitting your work email, the email plus the domain you queried plus the score we generated are saved to our database and sent to our internal team inbox so we can follow up if you want help fixing what the audit surfaced. We do not run sales sequences against the email automatically.

3.4 Analytics

We measure traffic with Google Analytics 4 (property G-N8ZFBK3CLY) using IP anonymisation. Google Analytics drops a small number of cookies in your browser (see our Cookie policy). The information collected is aggregate (page views, session duration, country-level geography, device class). We do not link analytics events to your identity unless you also submit a form.

We also use Google Search Console and Microsoft Bing Webmaster Tools to monitor how the site appears in search results. Those tools receive only the data Google or Bing already collect when crawling our pages, not personal information from your visit.

04

Who we share it with

We share personal information only with a short list of vetted service providers, all of which are bound by contract to use it solely for the purpose we hand them and to apply safeguards equivalent to ours. We do not sell personal information. We do not share for advertising.

ProviderPurposeLocation
ResendTransactional email + newsletter deliveryUnited States
CloudinaryImage hosting and on-the-fly transformsUnited States / Israel
Google LLCAggregate analytics (GA4), search visibility (Search Console)United States / global
MicrosoftBing Webmaster Tools for search visibilityUnited States
Cal.comMeeting scheduling for intro callsUnited States / EU
OpenAI · Anthropic · Google AI StudioPowering free X-Ray tool calls (brand domain only, no personal identifiers)United States
Contabo GmbHVPS hosting the site and databaseGermany

We may also disclose personal information to comply with a binding legal order, to enforce our terms, or to protect rights, property, or safety. If we are ever asked to disclose your information in a way you did not anticipate, we will tell you unless legally prohibited from doing so.

05

Where it is stored

Our database lives in Germany on a Contabo virtual private server, protected by full-disk encryption at rest and TLS 1.3 in transit. Backups are stored in the same jurisdiction. Email delivery, analytics, image hosting, and AI tool calls happen in the United States and (for some Cloudinary regions) Israel.

When personal information crosses a border we rely on the EU Standard Contractual Clauses for transfers out of the EEA, on the UK International Data Transfer Addendum for transfers out of the UK, and on the contractual safeguards required by PIPEDA Principle 4.1.3 for transfers initiated from Canada.

06

How long we keep it

Contact & lead form
24 months from last interaction, then redacted archive for tax.
Newsletter
Until you unsubscribe.
X-Ray tool runs
Run record indefinitely in anonymised Living Index. Email attached to a gated run follows the lead rule.
Server access logs
90 days for security forensics, then deleted.
Analytics events (GA4)
14 months at property level, then auto-deleted by Google.
Backups
Rolling 30 days, encrypted, same jurisdiction.
07

How we protect it

We apply administrative, physical, and technical safeguards proportionate to the sensitivity of the information. Personal information is encrypted in transit via TLS and at rest on the disk. Access is limited to the engineering team on the principle of least privilege. We rotate secrets when team members change. We patch the operating system and dependencies on a regular cadence and run automated security checks on every deploy.

If we ever experience a breach involving real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada without unreasonable delay, as required by PIPEDA. Where required, we will also notify the relevant European supervisory authority within 72 hours.

08

Your rights

The rights below apply to all visitors. We exercise every one of them free of charge and respond within thirty days under PIPEDA, or sooner where another law requires.

Access

Ask us what personal information we hold about you and request a copy.

Correction

Ask us to correct inaccurate or incomplete personal information.

Deletion

Ask us to delete personal information when we no longer have a business or legal need to keep it.

Portability

Ask us to provide your personal information in a structured, machine-readable format.

Restriction & objection

Ask us to limit processing, or object outright when we rely on legitimate interest (GDPR / UK GDPR).

Withdraw consent

Withdraw any consent you previously gave, subject to legal or contractual restrictions.

Opt out of sale / sharing

Not applicable. We do not sell or share for cross-context behavioural advertising. If that ever changes, a clear opt-out link will appear.

Non-discrimination

We will not deny service, change pricing, or change service quality because you exercised a privacy right.

To exercise any of these rights, email privacy@markingo.io from the address associated with your account, or include enough information for us to verify your identity. We never charge a fee. We never retaliate.

If you are unhappy with our response you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca), the Office of the Information and Privacy Commissioner for British Columbia (oipc.bc.ca), or the equivalent supervisory authority in your country of residence.

09

Cookies and similar technologies

We use a small set of cookies to keep the site working and to measure aggregate traffic. We do not use advertising cookies. We do not use cross-site trackers. For the full list, including names, purposes, expiration, and how to opt out, see our Cookie policy.

10

Commercial electronic messages (CASL)

When we send a commercial electronic message under Canada’s Anti-Spam Legislation, we identify Markingo Systems Inc. as the sender, include a working unsubscribe mechanism that takes effect within ten business days, and rely on either your express consent (you opted in) or an implied consent ground recognised by CASL such as an existing business relationship. To stop receiving messages, click the unsubscribe link in any email or write to privacy@markingo.io.

11

Children

Markingo’s site and services are for businesses, not children. We do not knowingly collect personal information from anyone under the age of sixteen. If you believe a child has provided us with personal information, contact us and we will delete it.

12

Automated decisions

We do not make decisions about you that produce legal or similarly significant effects on you using solely automated means. The free X-Ray tools generate a score and recommendations, but those are informational only and never act on you.

13

Changes to this policy

We update this policy when our practices change or when the law requires it. The effective date at the top reflects the version currently in force. When we make a material change we will give notice through the site (and, where appropriate, by email to active newsletter subscribers and clients) before the change takes effect. We keep a versioned history available on request.

14

Contact us

Privacy questions, requests, or complaints: privacy@markingo.io

General contact: markingo.io/contact

Mailing address available on request.

Markingo Systems Inc. · Vancouver, BC, Canada
Cookie policyTerms of service