Privacy Policy
Effective Date: July 11, 2026
1. Data Controller and Contact Information
The following group companies act as data controllers of your personal data (together, "Markty AI"):
• MARKTYAI YAPAYZEKA TEKNOLOJİLERİ VE YAZILIM A.Ş. (Türkiye). Address: Barbaros Mah. Şebboy Sokak No:4/1 İç Kapı No:1 Ataşehir/İstanbul. MERSİS/Company Registration No: 0612180103300001.
• MARKTY AI LTD, registered in England and Wales under company number 17202415. Registered office: Office 403, Screenworks, 22 Highbury Grove, London, N5 2ER, United Kingdom.
• Contact: info@markty.ai
You can submit your requests under KVKK/GDPR/UK GDPR to the addresses above in writing or to info@markty.ai. Requests will be processed within 30 days at the latest in accordance with applicable law.
2. Scope and Definitions
Our Privacy Principles:
• Lawfulness, Fairness, and Transparency: We process personal data in compliance with applicable laws and in a fair and transparent manner.
• Data Minimization: We collect the data necessary for specific purposes, ensuring it is limited and relevant to those purposes.
• Transparency: We inform you clearly about which personal data we collect and why.
• Security: We implement appropriate technical and organizational measures to protect personal data and regularly update these measures.
• Respect for Your Rights: We respect your data protection rights under KVKK, GDPR, UK GDPR and other applicable laws.
Definitions:
• Personal Data: Any information relating to an identified or identifiable natural person.
• Special Category Personal Data: Health data etc. under KVKK/GDPR provisions. (We do not process this data as a general rule.)
• Usage Data / Device Data: IP, browser type, device information, cookie identifiers, session records, error logs, click flow, etc.
• Content/Prompt Data: Text, visual, video, command, prompt and output data you provide within the scope of Services.
• Pseudonymization/Anonymization: Processes to prevent identity determination.
3. Data Categories We Collect
• Identity and Contact: Name, surname, email, phone, company/title, position.
• Account and Transaction: Login information, account settings, notification preferences, support requests.
• Billing/Payment: Invoice title, tax information, address; payment transactions are processed by payment service providers (Stripe, iyzico). We do not access card data.
• Usage and Device: IP, device/operating system, browser information, language, timestamps, performance/error logs.
• Cookies and Similar Technologies: Session cookies, preference cookies, analytics and marketing cookies (see Cookies).
• Content/Prompt and Outputs: Uploads, prompts, outputs you generate; project/brand configurations; integration settings.
• Marketing and Interaction: Newsletter subscription, campaign participation, event forms, survey responses, references/reviews.
• Application Data: Information you submit in applications for services, employment or other interactions with us.
4. Processing Purposes and Legal Bases (KVKK/GDPR)
• Service Provision and Contract Performance: Account creation, identity verification, content generation, integrations, customer support. (KVKK Art. 5/2-c; GDPR Art. 6/1-b)
• Development, Security and Debugging: Performance measurement, log analysis, fraud/abuse detection. (KVKK Art. 5/2-f legitimate interest; GDPR Art. 6/1-f)
• Marketing Communications: Product updates, newsletters, campaigns (according to your preferences). (Explicit consent or legitimate interest)
• Legal Obligations: Finance and tax legislation, responses to requests and audits. (KVKK Art. 5/2-c; GDPR Art. 6/1-c)
• Establishment, Exercise or Defense of Legal Claims: Dispute management. (KVKK Art. 5/2-e; GDPR Art. 6/1-f)
• Personalization and Analytics: Experience customization, measurement.
• Model and Product Improvement: In accordance with the AI section below and with explicit consent if required.
Explicit Consent: Where necessary, your explicit consent is requested and you can withdraw your consent at any time (withdrawal does not affect the lawfulness of previous processing).
5. Artificial Intelligence and Content/Prompt Data
• Your prompts and outputs may be processed to provide Services, improve security and quality, and prevent misuse.
• We do not use your personal data for general-purpose model training without your explicit consent.
• Limited human review may be applied when necessary (e.g., debugging, security); access is role-based and logged.
• We may use multiple LLM/model providers (OpenAI, Anthropic, Google (Gemini), Fal AI) and infrastructure/analytics providers; data may be transferred to these providers under processor instructions.
• For privacy-sensitive content, cropping/masking, anonymization, data minimization and retention period shortening principles are applied.
• Prompt/output retention periods are determined according to account activity, legal obligations and legitimate interest requirements.
• You can manage your AI processing preferences (e.g., opting out of human review, training/improvement consent) by contacting info@markty.ai.
6. Cookies and Similar Technologies
• Strictly Necessary/Essential Cookies: Provide the basic functions required for the website to work (login, security, navigation); they do not require consent. This category also includes the Dub partner-program attribution cookies (dub_id, dub_partner_data), which back our contractual partner payouts.
• Preferences/Functional Cookies: Remember your preferences (language, region, currency); they are used only with your consent.
• Statistics/Analytics Cookies: Collect information on site usage and traffic, and load only after you consent: traffic and usage statistics on the website via Google Analytics 4; pseudonymous in-app product analytics via Mixpanel (EU-hosted).
• Marketing/Targeting Cookies: Track behavior to deliver personalized advertising and retargeting via Google Ads and Meta Pixel, loaded only after you consent.
You can manage your cookie preferences through browser settings and/or the cookie banner/settings. Rejecting cookies may limit some functions.
7. Data Sharing and Recipient Categories
Your personal data is shared only when necessary for service provision or as required by law, with the following recipient categories:
• Payment Service Providers: Payment processing and billing (Stripe, iyzico).
• Hosting and Cloud: Server, storage, CDN (AWS, Vercel).
• LLM/Model Providers: Processing of prompts/outputs (OpenAI, Anthropic, Google (Gemini), Fal AI).
• Integration Platform: Composio, which manages the OAuth connections for optional third-party services you connect (e.g., Slack, Gmail, Outlook, Canva, Google Analytics, Reddit).
• SEO and Search Data: DataForSEO, used to analyze publicly available website content and search-engine data when you request SEO reports, website audits or AI-visibility scans.
• Analytics, Debugging and Monitoring: Performance, logging, security (Google Analytics, Mixpanel, Sentry).
• Partner Program: Dub.co for partner/affiliate attribution and payouts.
• Communication/CRM and Support Tools: Newsletter, support and customer communication.
• Consultants and Legal Representatives: In dispute or audit processes.
• Public Authorities/Competent Authorities: Within the scope of legal obligations.
• Affiliates and Business Transfer: In case of merger/acquisition/restructuring.
Sharing is done with data processor agreements and appropriate security measures for limited purposes.
8. Integrations You Connect (Social Platforms, the Pinterest API and Other Services)
markty.ai uses the Pinterest API to connect your Pinterest account to the Platform. With your authorization, we access your Pinterest profile, boards and pins, publish content (pins) on your behalf, and retrieve analytics for content published through the Platform.
• Purpose limitation: Pinterest data is used solely to provide the Platform's features to you (publishing/scheduling content and performance reporting). We do not sell, resell or redistribute Pinterest content or Pinterest-derived data to third parties.
• Disconnection: When you disconnect your Pinterest account or delete your markty.ai account, we delete the related access tokens and stop accessing the Pinterest API. Pinterest-derived data stored on the Platform is deleted within 30 days, unless a longer retention period is required by law.
• No affiliation: markty.ai is an independent product and is not endorsed by, certified by or otherwise affiliated with Pinterest. "Pinterest" is a trademark of Pinterest, Inc.
Social publishing: You can connect Instagram, Facebook, LinkedIn and Pinterest to publish and schedule content. For each platform we store encrypted OAuth tokens, basic account/page identifiers, the IDs of posts published through the Platform and our own publishing statistics. The purpose-limitation and disconnection principles described above for Pinterest apply to every connected platform.
Other optional integrations: You can also connect services such as Google Calendar (see Section 9), Slack, Gmail, Outlook, Canva and Google Analytics (the OAuth connections for these services are managed by our integration processor Composio). We access a connected account only to perform the actions you request in the product (for example sending an email or Slack message you approved in chat, creating a Canva design from your content, or reading your Google Analytics reports to generate weekly insights) and do not use these accounts for any other purpose. Disconnecting an integration revokes the stored tokens and stops further data exchange.
9. Google Services Integration
When you connect a Google service in Markty, you grant the OAuth scopes listed below. You can revoke access at any time at https://markty.ai/integrations (Disconnect button) or at https://myaccount.google.com/permissions.
Scopes used for Google Calendar:
• https://www.googleapis.com/auth/calendar.app.created
• https://www.googleapis.com/auth/calendar.readonly
The calendar.app.created scope lets Markty create and manage a single dedicated "Markty Content" calendar in your Google account. Every post you schedule in Markty appears as an event on that calendar with the post preview in the description. Drag-rescheduling or deletion of those events in Google Calendar is reflected back in Markty. With this scope, Markty cannot read or modify your other Google calendars or events.
The calendar.readonly scope lets Markty read events on your primary calendar so it can suggest marketing campaigns tied to your upcoming events (product launches, sales, pop-ups, webinars, holidays). Event titles, times, and descriptions are read on demand and are not stored persistently in Markty's database; only the resulting suggestion text and status are persisted.
• What we store: encrypted OAuth tokens (access and refresh); the Google event IDs of events Markty itself created (so we can update or delete them when you reschedule or cancel a post); calendar suggestions as text records (event title, suggestion prompt, status) tied to your account.
• What we never do: read, modify, or delete events on calendars other than the dedicated Markty Content calendar; share Google calendar data with third parties; sell calendar data; or use Google user data to train, retrain, or fine-tune AI or machine-learning models.
10. AI Processing of Google Data
Data obtained through Google APIs (event titles and descriptions on your primary calendar) is sent to OpenAI's API for classification of marketing relevance. OpenAI does not train on API data per OpenAI's API data usage policy (https://openai.com/policies/api-data-usage-policies). Markty does not use, transfer, or sell Google user data for AI/ML model training. We do not retain Google calendar event data after classification.
Markty's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
11. International Transfer
Your data may be transferred to countries outside your jurisdiction. In such cases, in accordance with KVKK Art. 9 and relevant board decisions and GDPR Art. 44-49:
• Transfer to countries with adequate protection,
• If there is no adequate protection, transfer within the framework of commitments/SCCs, explicit consent or legal exceptions,
• Technical and organizational security measures (encryption, access control, audit) are applied.
12. Retention Periods
Personal data is retained for the period necessary for processing purposes and/or as required by legal obligations (e.g., tax/finance). When the period expires, data is deleted, anonymized or destroyed.
Example: support records and logs for reasonable periods; billing records for at least 10 years according to relevant legislation.
13. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, loss or disclosure (encryption, transmission security, access control and access restrictions, network security, firewalls, backup, logging, employee authorization and regular audits). However, 100% security of transmissions over the internet cannot be guaranteed.
14. Your Rights
KVKK Rights (Art. 11)
• Right to be informed about whether your personal data is processed,
• Right to request information about processing,
• Right to learn about appropriate use,
• Right to know third parties to whom data is transferred domestically/internationally,
• Right to request correction if processed incompletely/incorrectly,
• Right to request deletion/destruction,
• Right to restrict processing/object,
• Right to request compensation if you suffer damage.
You can submit your requests to info@markty.ai.
GDPR/UK GDPR Rights (EEA/UK Users)
• Access: Know whether we process your personal data and access it,
• Rectification: Correct inaccurate or incomplete data,
• Erasure ("Right to be Forgotten"): Request deletion of your personal data,
• Restriction of Processing: Limit the processing of your personal data,
• Data Portability: Receive your data in a structured, machine-readable format,
• Objection: Object to processing for marketing or other purposes,
• Withdrawal of Consent: Withdraw consent at any time without affecting the lawfulness of prior processing,
• Right to lodge a complaint with your local supervisory authority.
To exercise these rights, you can contact info@markty.ai.
15. Children's Privacy
Services are intended for users aged 16 and over (or the higher minimum age required for valid consent in your country of residence) and are not directed at children. We do not knowingly collect data from children. If such a situation is detected, the relevant data is deleted or anonymized.
16. Third Party Links
The Platform may contain links to third-party websites/services. We are not responsible for the content and practices of these sites. We recommend reviewing the privacy policies of relevant sites before visiting.
17. Policy Changes
This Policy may be updated from time to time. Changes take effect as soon as they are published on the Platform. We will provide reasonable notice of significant changes. Your continued use of the Services means you accept the changes.
18. Contact
For your questions and rights requests: info@markty.ai
Email: info@markty.ai