Privacy Policy

1. Accountability and contact

MarkMill Software Corp. is responsible for personal information under its control. We have designated a privacy contact for questions, access requests, correction requests, consent withdrawals, and complaints.

MarkMill Software Corp.
900 Central Park Dr, Unit 17
Brampton, Ontario, Canada
Attention: Privacy Officer / Alejandro Garcia Polo
Email: hello@markmill.ca
Phone: 289-889-1844

2. Scope

This policy applies to MarkMill Local's website, account creation, onboarding, Stripe checkout and billing metadata, dashboard, support tickets, update requests, uploaded files, managed website services, analytics, and related communications.

This policy does not apply to third-party websites, payment pages, booking tools, social platforms, domain registrars, or other services that are governed by their own privacy policies.

3. Personal information we collect

We collect information you provide directly, information generated through use of the service, and limited information from third-party services you choose to use with MarkMill Local.

Account information may include name, email address, password credentials, authentication status, Google sign-in profile details if you use Google authentication, and account activity.

Business profile information may include business name, business type, phone number, business email, address or service area, social links, business hours, business notes, website goals, visitor actions, selected pages, selected features, brand colours, domain preferences, launch preferences, and extra notes.

Uploaded content may include logos, photos, menus, service lists, brand files, PDFs, documents, attachments, request files, and other files you provide for your website project or support requests.

Billing information may include Stripe customer ID, subscription ID, plan, billing interval, subscription status, payment status, invoice identifiers, current period dates, cancellation status, and Stripe metadata. We do not store full payment card numbers.

Support and dashboard information may include support ticket subjects, messages, priorities, request descriptions, request attachments, project statuses, website URLs, domain details, launch statuses, internal notes, and website metric snapshots such as visits, clicks, calls, form submissions, and bookings.

Technical and analytics information may include IP address, browser type, device information, pages visited, referring pages, cookie preferences, interactions with the site, and analytics information from Microsoft Clarity if you accept analytics cookies.

4. How we collect information

We collect information when you create an account, sign in, use Google sign-in, complete onboarding, upload files, select a plan, pay through Stripe, manage billing, submit requests, send support messages, update your profile, interact with the website, or communicate with us.

If Google Maps address autocomplete is enabled, Google may process address search input and related technical data according to Google's terms and privacy practices. You may type your service area manually where available.

5. Purposes for collection, use, and disclosure

We collect, use, and disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances, including to create and manage accounts, verify access, complete onboarding, recommend plans, build and maintain websites, host and secure websites, process subscriptions, manage billing, provide support, respond to requests, track project status, communicate with you, improve the service, prevent fraud and abuse, comply with law, resolve disputes, and enforce agreements.

We may also use business content you provide to display your public website, connect business tools, create website copy or layouts, maintain local SEO basics, and provide website metrics.

We assess our purposes against PIPEDA's appropriate-purpose requirement, including whether the collection, use, or disclosure supports a bona fide business need and is proportionate to the privacy impact.

6. Sensitive information

MarkMill Local is not designed to collect or process sensitive personal information such as government identifiers, full financial account numbers, payment card numbers, health information, biometric information, children's information, highly confidential third-party records, or other regulated sensitive data. Do not submit sensitive personal information unless it is necessary for your website project, lawful for you to provide, and appropriate for us to process.

If you submit sensitive or unnecessary personal information, we may delete it, restrict it, or ask you to replace it with less sensitive information.

7. Consent

By using MarkMill Local, submitting information, uploading files, selecting a plan, or communicating with us, you consent to our collection, use, and disclosure of personal information for the purposes described in this policy.

You may withdraw consent, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may prevent us from providing some or all of the service, including hosting, billing, account access, onboarding, support, or website maintenance.

8. Cookies and analytics

We use essential cookies and similar technologies to operate the website and account experience. We also use an analytics cookie consent banner for Microsoft Clarity. If you accept analytics cookies, Microsoft Clarity may collect behavioural metrics, heatmaps, and session replay information to help us understand how visitors use the website and improve the service.

You can accept or decline analytics cookies through the banner. You can also control cookies through your browser settings. Some features may not work properly if cookies are disabled.

9. Automated plan recommendations

The onboarding flow may automatically recommend a plan based on your selected pages, selected features, and visitor goals. This recommendation is used to guide plan selection and does not make a legal or similarly significant decision about you. You can choose a different available plan where the checkout flow permits it.

10. Service providers and disclosures

We do not sell personal information. We may share information with service providers and contractors who help us operate MarkMill Local, including payment processing, subscription management, hosting, media storage, authentication, analytics, maps/address autocomplete, email, security, support, and website infrastructure.

Current or expected providers may include Stripe for payments and billing, Google for sign-in and Maps functionality, Microsoft Clarity for analytics if accepted, hosting and storage providers, email providers, and professional advisors.

We may disclose information where required or permitted by law, to protect rights and safety, to investigate fraud or security issues, to enforce agreements, in connection with a business transaction, or with your consent.

11. Cross-border processing

Some service providers may process or store information outside Ontario or Canada, including in the United States or other jurisdictions. Information processed outside Canada may be subject to lawful access by courts, law enforcement, or government authorities in those jurisdictions.

We use contractual, technical, and organizational measures designed to protect information handled by service providers. Where provincial privacy laws impose additional cross-border requirements, including Quebec rules for businesses operating in Quebec, we will comply to the extent those laws apply to MarkMill Local.

12. Safeguards

We use reasonable physical, organizational, and technical safeguards appropriate to the sensitivity of the information, including access controls, password protection, HTTPS/SSL, secure payment processing through Stripe, limited staff access, authentication controls, and hosting/security practices.

No internet or storage system is perfectly secure. You are responsible for using strong passwords, maintaining access to your email account, and protecting your own devices and credentials.

13. Retention

We retain personal information only as long as reasonably needed for the purposes described in this policy, including providing the service, maintaining your website, supporting your account, meeting legal and tax obligations, resolving disputes, enforcing agreements, preserving security records, and keeping reasonable business records.

If you cancel or delete your account, we may retain limited information as required or permitted by law. Public website content may need to remain available during transition, cancellation, backup, or legal-retention periods.

14. Accuracy

We rely on you to provide accurate account, billing, business, website, and contact information. You can update certain profile information through the dashboard, and you can contact us if information needs correction. We may ask you to verify updates that affect billing, ownership, domain configuration, website content, or account security.

15. Access, correction, deletion, and questions

You may request access to personal information we hold about you and ask us to correct inaccurate or incomplete information. We will respond to access requests within 30 calendar days, subject to identity verification, lawful extensions, and exceptions permitted by PIPEDA or other law.

You may also request deletion of personal information, subject to legal, tax, accounting, security, backup, fraud-prevention, dispute, operational, and contractual retention requirements. Deletion from MarkMill Local does not automatically delete information already published to your public website, indexed by search engines, cached, copied, exported, emailed, or stored by third parties.

To make a request, contact hello@markmill.ca with enough detail for us to identify your account and the information requested.

16. Provincial privacy rights

PIPEDA generally governs private-sector commercial personal information handling across Canada, subject to provincial private-sector privacy laws that may apply in Alberta, British Columbia, Quebec, or other jurisdictions. If a provincial privacy law applies to your information, you may have additional access, correction, deletion, portability, de-indexing, automated-processing, or complaint rights under that law.

For example, Quebec privacy law can apply to an organization outside Quebec that collects, holds, uses, or discloses personal information in the course of business activities in Quebec. We will comply with applicable provincial privacy rights to the extent they apply to MarkMill Local.

17. Privacy breaches

If we become aware of a breach of security safeguards involving personal information under our control, we will assess the risk and take steps required by applicable law. Where PIPEDA requires it, we will report breaches that pose a real risk of significant harm to the Office of the Privacy Commissioner of Canada, notify affected individuals, and keep required breach records.

Where Quebec privacy law applies, we will also assess confidentiality incidents, take reasonable steps to reduce harm and prevent recurrence, notify the Commission d'acces a l'information and affected individuals where a serious-injury risk exists, and keep required incident records.

18. Commercial electronic messages

We may send service messages about your account, billing, project, support, security, and legal updates. We may also send marketing messages where permitted by Canada's Anti-Spam Legislation. Commercial electronic messages will identify MarkMill Software Corp. and include an unsubscribe mechanism where required.

19. Children's privacy

MarkMill Local is intended for business owners and authorized business representatives. It is not directed to children. We do not knowingly collect personal information from children under 13.

20. Complaints

If you believe we have not handled your personal information properly, contact us first at hello@markmill.ca. We will investigate and respond. If you are not satisfied, you may contact the Office of the Privacy Commissioner of Canada or another applicable privacy regulator.

21. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. If changes are material, we will take reasonable steps to notify affected users.

22. Legal references

This policy is designed with reference to PIPEDA's fair information principles, including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

Key public references include OPC PIPEDA requirements, OPC PIPEDA appropriate-purpose guidance, OPC access guidance, OPC breach guidance, CRTC CASL guidance, and Quebec Commission d'acces a l'information guidance on private-sector privacy scope and confidentiality incidents.