Privacy Policy

OPTIMIZATION UP L.L.C-FZ ("we", "us", or "our") operates Markifact, a marketing workflow automation platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

At Markifact, we value your privacy and are committed to ensuring the highest level of confidentiality and security for your information. Here's what you need to know about the information we collect when you use our Service:

1. Account Information: When you create a Markifact account, we collect your name, email address, and profile photo URL (if available from your authentication provider). This information is essential to personalize your experience and enable various features of the Service.

2. Integrations: As you connect your marketing platforms with our Service, we collect information that you provide, including details about the platforms you're connecting and their associated data. This data is necessary to provide you with accurate analytics, reports, and insights. For data collected through Google APIs, we adhere to Google's API Services User Data Policy, including the Limited Use requirements. See our Google API usage section below for more details.

3. Usage Information: To help us understand how you interact with our Service and improve your user experience, we collect information about your usage. This includes log data, device information, and other data related to your activities within our Service.

4. Workflow History: We temporarily store your workflow execution history based on your subscription plan (1-30 days). We minimize storage of data pulled from connected platforms, except where needed for features you configure (such as logs, alerts, or exports). Data is primarily processed in real-time during workflow execution.

5. AI Agent Conversation History: If you use AI agent features, we store conversation history so you can review past interactions. You can delete this history at any time. This data is not used to develop, improve, or train generalized AI/ML models.

6. Payment Information: If you choose to subscribe to our paid plans, we collect billing information such as your address. Your payment card details are handled securely by our payment processor, Stripe, and are never stored on our servers.

How We Use Your Information

We use the information we collect to:

1. Provide, Maintain, and Improve the Service: We use your information to deliver the services you request, maintain your Markifact account, and continuously enhance your experience with our platform. This includes optimizing workflow performance and ensuring service reliability.

2. Respond to Your Requests: Your information enables us to address customer service inquiries, provide technical support, handle account-related questions, and resolve any issues you encounter while using our platform.

3. Communicate with You: We use your contact information to send important service updates, share product announcements and new features, provide relevant educational content, and deliver promotional materials (with your consent).

4. Analyze and Monitor Usage: We utilize analytics tools to understand how users interact with our platform, track service performance, and make data-driven improvements to enhance your experience.

5. Ensure Security and Compliance: We process your information to protect against fraudulent activities, maintain platform security, comply with legal obligations, and prevent unauthorized access to your account and data.

Authentication And Authorized Data Access

When you connect a third-party account (such as Google), we access your basic profile information including your email address, name, and profile photo URL. We also access the specific data permitted by the OAuth scopes you approve during authorization (such as analytics data, ad performance, etc.).

We store integration tokens (such as OAuth access and refresh tokens) in encrypted form in our databases hosted on our cloud infrastructure. These tokens are used solely to maintain your authorized connections and can be deleted at any time by disconnecting the integration from your dashboard or by requesting deletion.

Data Access: We do not access your Customer Data unless required for support (at your request), security purposes, or legal compliance.

Revoke Access to Your Google Account

To remove access of the application to your account, you can do it directly in your Google account by following this link: https://myaccount.google.com/permissions‍

Revoke Access to Your Meta Account (Facebook, Instagram, Threads)

To remove Markifact's access to your Meta account, you can do it directly in your Facebook settings by following this link: https://www.facebook.com/settings?tab=business_tools

Revoke Access to Your TikTok Account

To remove Markifact's access to your TikTok account, go to your TikTok settings: https://www.tiktok.com/setting/security and manage your connected apps.

Revoke Access to Your LinkedIn Account

To remove Markifact's access to your LinkedIn account, you can manage your permitted services here: https://www.linkedin.com/psettings/permitted-services

Revoke Access to Your Microsoft Account

To remove Markifact's access to your Microsoft account (including Microsoft Ads), visit: https://account.live.com/consent/Manage

Revoke Access to Other Integrations

For other connected platforms (such as Slack, Shopify, HubSpot, Snapchat, Pinterest, Amazon), you can revoke Markifact's access through the respective platform's settings or app management section. You can also disconnect any integration directly from your Markifact dashboard at any time.

Google API Services User Data Policy

Google API Services Disclosure

Markifact's use and transfer of information received from Google APIs adhere to Google API Services User Data Policy, including the Limited Use requirements. We recommend reviewing Google API Services User Data Policy to better understand their practices.

Use of Google API Services Data

When you choose to connect various Google services to Markifact, we require specific permissions to fetch and display data for your interactive queries. Below are the permissions required for each Google service:

• Google Analytics: https://www.googleapis.com/auth/analytics.readonly
• Google Ads: https://www.googleapis.com/auth/adwords
• Google Search Console: https://www.googleapis.com/auth/webmasters.readonly
• Google BigQuery: https://www.googleapis.com/auth/bigquery
• Google Drive: https://www.googleapis.com/auth/drive.file
• Google Merchant Center: https://www.googleapis.com/auth/content
• Google Business Profile: https://www.googleapis.com/auth/business.manage
• Google Display & Video 360: https://www.googleapis.com/auth/display-video, https://www.googleapis.com/auth/doubleclickbidmanager

You have full control over which services you connect to Markifact. You can choose to integrate any combination of these services or none at all, based on your specific needs.

Markifact's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google API data is used only to provide the features the user configures (such as reporting and workflow automation) and is not used to develop, improve, or train generalized AI/ML models. When Google API data is involved, we only use it to provide user-requested functionality and do not allow third parties to use it for their own purposes.

Third-Party Integrations and Data Sharing

When you create workflows in Markifact, you can connect various third-party marketing and business applications. Each integration requires specific permissions to access and process data necessary for your workflow automation.

Data Processing and Access

1. Real-Time Data Processing: We only access and process data from your connected applications during workflow execution, authorized automation tasks, and when generating requested analytics and reports. We minimize storage of data pulled from integrations, except where needed for features you configure (such as logs, exports, or scheduled reports). We retain only workflow execution logs/history for a limited period based on your plan (as described above). Security and fraud-prevention logs may be retained longer where necessary to protect the Service.

2. Workflow Execution Logs: While we don't store your application data, we temporarily retain workflow execution logs. The retention period varies based on your subscription plan, ranging from 3 to 30 days.

3. Integration Permissions: When connecting a third-party application, you'll see a clear list of required permissions before authorization. You maintain full control over which applications to connect and can revoke access at any time through your dashboard.

4. Security Standards: All data transfers are protected using industry-standard encryption and OAuth 2.0 authentication where available. We never share access tokens between different user accounts and automatically manage security credential updates.

Managing Your Integrations

Your dashboard provides complete visibility and control over your integrated applications. You can view all connected services, monitor their current status, and manage permissions directly from your account settings.

Each integration follows strict security protocols and adheres to the respective service's privacy policy. We respect data residency requirements and can provide detailed information about specific integration's data handling upon request.

We maintain transparent communication about any changes to integrations, including regular security updates and performance improvements. You'll receive notifications about any significant changes to integration requirements or capabilities.

Data Flow Between Integrations

When you create workflows that connect multiple services, data flows between integrations only during workflow execution to achieve your automation goals. Here's how data sharing works in Markifact:

1. Cross-Integration Data Flow: Data moves between services only when required by the workflow steps you configure. You control which fields and outputs are passed between steps.

2. Temporary Data Exchange: Data sharing between integrations is temporary and happens only during workflow execution. After the workflow completes, we do not retain exchanged data except for execution logs as specified in our retention policy.

3. User-Controlled Data Sharing: You explicitly configure what data from one step can be used by another step. Nothing is shared automatically or by default.

4. Integration Privacy Boundaries: Each integration maintains its own privacy boundaries. When you connect multiple services, you should review each provider's privacy policy to understand how they handle data.

5. Secure Data Transfer: All data transfers occur over encrypted channels and are processed using OAuth 2.0 where applicable.

6. Google API Data Usage: Data obtained from Google APIs is used only for user-configured workflows and is handled in accordance with the Google API Services User Data Policy, including Limited Use requirements.

We recommend carefully reviewing your workflow configurations to ensure you're comfortable with the data being shared between different services. You can modify or disconnect any integration at any time through your workflow settings.

AI Features

Markifact includes optional AI-powered steps that users can add to workflows (for example: summarizing results, generating insights, or transforming workflow outputs).

Users can either:

• use Markifact-managed AI (included in the product), or
• bring their own AI API key (BYOK) and connect their preferred provider.

AI steps only run when explicitly added and configured by the user.

Data Processing and Model Training

Markifact does not use customer data to develop, improve, or train generalized AI/ML models.

When users use Markifact-managed AI, data is processed only to generate the requested workflow output and is not used for generalized model training. Where supported, we enable available provider controls intended to prevent training on submitted data.

When users use BYOK, AI requests are sent using the user-provided credentials. The processing and data handling for those requests is subject to the user's chosen AI provider's terms and privacy policy, not Markifact. Markifact does not have control over how third-party providers process data when you use BYOK.

Data Storage and Retention

AI requests are processed in real time during workflow execution. Markifact does not permanently store customer data sent to AI services.

We only store:

• workflow execution logs/history (retained for a limited period based on the user's subscription plan), and
• AI agent conversation history (if the user uses AI agent features), which the user can delete at any time.

Users can disable AI features at any time by removing AI steps from their workflows or not using the AI agent features at all.

Cross-Integration Data Sharing

For workflows that combine multiple services, including Google services, all processing occurs in real-time and is limited to your specific workflow requirements. We maintain logs of workflow execution and monitor our systems to help ensure compliance with applicable policies.

All core functionality remains independent of AI features, and you can use Markifact without enabling any AI services. We encourage you to review each AI provider's privacy policy before incorporating their services into your workflows. You maintain control over which data points are shared and can modify these settings at any time through your workflow configuration.

User Consent and Agreement

When registering for Markifact, we require your explicit consent regarding our data handling practices. During the sign-up process, you must actively acknowledge your understanding of:

1. Data Collection: How we collect and process your information

2. Data Sharing: How we share data with integration partners and service providers

3. Privacy Practices: Our overall privacy and security measures

4. Terms of Service: Your rights and obligations when using Markifact

Opt-Out Options

Markifact provides you with control over your data:

1. Integration Control: You choose which third-party platforms to connect. You can disconnect any integration at any time through your dashboard, and we will stop accessing data from that platform.

2. AI Features: AI-powered features are optional. You can remove AI steps from workflows or avoid using AI agent features entirely.

3. Marketing Communications: You can opt-out of promotional emails at any time via the unsubscribe link or your account settings.

4. Cookies and Tracking: You can manage tracking preferences through the cookie banner or your browser settings.

5. Account Closure: If you wish to stop all data processing, you can delete your account and request deletion of your data.

Note: Some data processing is essential for Markifact's core functionality (such as processing data from connected platforms during workflow execution). If you disconnect all integrations, certain features will not be available.

Service Agreement

By using Markifact, you acknowledge and agree that:

1. Explicit Consent: Your use of our service indicates explicit consent to our data processing practices

2. Policy Acceptance: You have read and agree to our privacy policy and terms of service

3. Informed Decision: You understand how your data will be used and shared

If you do not agree with this policy, please refrain from signing up and using Markifact.

If you have questions about our consent process or data handling practices, please contact our support team before creating an account.

Information Sharing and Disclosure

We may share your information with third parties in specific circumstances to operate our service securely and effectively:

1. Service Providers: We work with trusted third-party service providers to operate Markifact. These include:

   • Cloud Infrastructure: Google Cloud Platform, Vercel (EU regions)
   • Payment Processing: Stripe
   • Email Delivery: Amazon Web Services SES (EU region)
   • Analytics: For platform performance monitoring
   • AI Providers: When using Markifact-managed AI features

   All providers are contractually obligated to protect your information and can only use it to provide services to us. We may update our service providers from time to time to operate the Service; any new providers will be bound by appropriate confidentiality and security obligations.

2. AI Data Sharing: When you use AI features, the data required for that specific AI step may be sent to the selected AI provider. AI steps run only when explicitly configured by the user, and Markifact does not use customer data to develop, improve, or train generalized AI/ML models.

3. Compliance with Laws: We may share information when required by law. This includes responding to legal requests from law enforcement, complying with court orders or subpoenas, protecting against fraudulent or illegal activity, and meeting regulatory requirements.

4. Business Transfers: If Markifact is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

5. Your Consent: We will share your information with third parties when you have given us explicit consent to do so. You can revoke this consent at any time through your account settings.

We ensure all information sharing follows applicable data protection laws and industry best practices. You will be notified of any material changes to our sharing practices through updates to this privacy policy.

Tracking Technologies

We and our partners use various tracking technologies to enhance your experience on our platform and improve our services.

Essential cookies are required for the Service to function (such as login sessions and security). Non-essential cookies (analytics and marketing) are used only where permitted by law or with your consent.

Types of Tracking Technologies

1. Essential Cookies: Required for core functionality including keeping you logged into your account securely, maintaining your session, enabling security features, and remembering your preferences.

2. Analytics Cookies: We use Google Analytics across markifact.com to collect information about user interactions, identify returning visits, gather location and device data, track engagement signals, and measure site performance. You can opt out of Google Analytics tracking using Google's Analytics Opt-out Browser Add-on.

3. Marketing Cookies and Pixels: We may use these technologies to track email engagement, measure marketing campaign effectiveness, analyze user behavior patterns, and optimize our content delivery. These are only used with your consent where required.

4. Marketing Cookies and Pixels: We may use these technologies to track email engagement, measure marketing campaign effectiveness, analyze user behavior patterns, and optimize our content delivery. These are only used with your consent where required.

5. Log Files: Our servers automatically collect certain information including IP addresses, browser types, Internet Service Provider (ISP), timestamps, page references/exit pages, and number of clicks. This data helps us maintain service security and improve platform performance.

6. Local Storage: We use local storage and similar technologies to improve load times, store workflow configurations, maintain your preferences, enable offline functionality, and cache certain content for better performance.

You can manage your tracking preferences through:

• The cookie consent banner displayed when you first visit our website
• Your browser settings
• Third-party opt-out tools (such as Google's Analytics Opt-out Browser Add-on)
• Your account preferences in the Markifact dashboard

Please note that blocking some types of tracking technologies may impact your experience and the availability of certain features on our platform. We regularly review and update our tracking practices to ensure compliance with industry standards and privacy regulations.

Your Privacy Controls and Data Security

Your Choices

You have control over your account information and communications preferences:

1. Account Management: Access and update your account information directly through your Markifact dashboard.

2. Communication Preferences: Manage your email preferences easily by:

• Adjusting notification settings in your account
• Unsubscribing from promotional emails using the link provided in each email
• Updating your communication preferences in your profile settings

Data Retention

Markifact maintains clear data retention policies to protect your privacy:

1. General Data: We retain information only as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Once data is no longer needed, it is either securely deleted or de-identified.

2. Workflow History: Your workflow execution history is retained according to your subscription plan (1-30 days).

3. Account Data: Basic account information is retained while your account is active. Upon account deletion, we remove all associated data according to our deletion schedule.

Data Deletion

If you would like to delete your Markifact account and all associated data, please contact us at contact@markifact.com with the subject line "Data Deletion Request." We will delete or anonymize your data within a reasonable timeframe (typically within 30 days), except where retention is required for legal, tax, security, or fraud-prevention purposes.

For Facebook, Instagram, and Threads connections, you may also revoke Markifact’s access directly from your Facebook account under Settings → Business Integrations or in Accounts Center → Connected Experiences. Once revoked, Markifact will no longer have access to your Meta Platform Data.

Security Measures

We implement industry-standard security measures to protect your data:

1. Data Protection: Your information is protected using advanced encryption and security protocols during transmission and storage.

2. Infrastructure Security: We employ multiple layers of security controls to prevent unauthorized access, use, disclosure, and destruction of data.

3. Regular Audits: Our security measures are regularly reviewed and updated to maintain the highest standards of protection.

While we implement comprehensive security measures, please note that no method of internet transmission or electronic storage is 100% secure.

Children's Privacy

Markifact is not directed to children under 13, and we do not knowingly collect personal information from children.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For All Users:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data
• Right to Data Portability: Request an export of your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Restrict Processing: Request that we limit how we use your data

For California Residents (CCPA/CPRA):

• Right to Know: You can request details about the categories and specific pieces of personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell your personal information as defined under CCPA
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

For EEA/UK Residents:

• Right to Lodge a Complaint: If you are in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

We Do Not Sell Personal Information: Markifact does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at contact@markifact.com. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

Data Processing Agreements

For business customers who require a Data Processing Agreement (DPA) for compliance purposes, please contact us at contact@markifact.com to request one.

Privacy Policy Updates

We may update this Privacy Policy from time to time. If we make any material changes, we will notify you by email or by posting a notice on our website prior to the change becoming effective.

Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

1. Contract: Processing necessary to provide the Service you have requested (such as account creation, workflow execution, and integrations)

2. Legitimate Interests: Processing for our legitimate business interests, including security and fraud prevention, product improvement and analytics, and customer support

3. Consent: Processing based on your consent, including marketing communications and non-essential cookies (you may withdraw consent at any time)

4. Legal Obligation: Processing required to comply with applicable laws, such as tax and accounting requirements, legal requests, and regulatory compliance

International Data Transfers

Markifact stores and processes data in the European Union (EU) using Google Cloud Platform and Vercel, both configured to use EU data centers. If you access our services from outside the EU, your data will be transferred to and processed in the EU.

For users in the European Economic Area (EEA), Switzerland, or the United Kingdom, we rely on appropriate safeguards for any data transfers, including Standard Contractual Clauses where applicable.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

1. Notify relevant supervisory authorities within 72 hours where required by law (such as GDPR)
2. Notify affected users without undue delay where required by law or where the breach is likely to result in a high risk to your rights
3. Provide details about the nature of the breach, the data affected, and steps we are taking to address it
4. Offer guidance on steps you can take to protect yourself

We maintain incident response procedures and regularly test our security measures to prevent and detect breaches.

Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates, specifically the regulations applicable to the Meydan Free Zone, Dubai, where OPTIMIZATION UP L.L.C-FZ is registered.

Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE, unless otherwise required by applicable local law (such as GDPR for EU residents).

Contact Us

In order to receive further information regarding use of the Site, please contact us at: contact@markifact.com.