HomeMarcusPricingAI ConsultSmashContactAdmin
Talk to AI

Privacy Policy

Information We Collect

We collect information you provide directly, such as your name, email address, phone number, and business details when you use our preview generator or contact forms.

How We Use Your Information

We use your information to generate website previews, communicate about our services, and improve your experience. We do not sell your personal data to third parties.

Data Security

We implement industry-standard security measures to protect your data. However, no method of transmission over the internet is 100% secure.

Marcus AI and Google User Data

When you connect Marcus AI to your Google account, Marcus reads your Gmail messages and Google Calendar events so it can summarize your inbox, surface priority messages, and brief you on what's scheduled. Marcus Free operates entirely in read-only mode and cannot send, modify, or delete anything in your Google account.

What we access. Marcus Free requests two read-only Google OAuth scopes:

  • https://www.googleapis.com/auth/gmail.readonly — read-only access to your Gmail messages and metadata.
  • https://www.googleapis.com/auth/calendar.readonly — read-only access to your Google Calendar events.

Marcus Free does NOT request permission to send email, draft email, triage or modify messages, create or update calendar events, or make any other changes to your Google account. Those are not features of the free tier.

Why each scope. Gmail read access lets Marcus summarize your inbox and answer questions about specific messages when you ask. Calendar read access lets Marcus tell you what's scheduled, remind you of upcoming meetings, and prepare briefings for events.

How we use it. Your Google data is used solely to respond to queries you make through Marcus. We do not use it to train AI/ML models and we do not sell, rent, or share it with third parties for advertising, analytics, or profile-building.

Where your data is processed and stored. Marcus Free runs as a local Docker application on your own machine. Your Gmail messages and calendar events are fetched directly from Google by your local Marcus container; they are not routed through Build With Eman servers. OAuth refresh tokens are stored locally inside your Marcus container and are never transmitted to our servers. Any summaries or facts Marcus remembers in its knowledge graph are stored in your own Supabase project, which you connect with your own credentials during install. You control the database and can delete entries at any time.

Sharing with service providers. To generate voice and language responses, Marcus sends relevant portions of your request to an AI model provider (currently OpenAI) using your own API key, which you supply during install. OpenAI processes this data under its own privacy policy and API terms; Marcus does not hold, relay, or store your OpenAI key or your conversation data on our servers. No other third party processes your Google user data.

Retention and deletion. Marcus does not retain copies of your Google user data beyond what is required for an individual response (held in memory on your local machine, not ours). To fully remove Marcus: (1) uninstall Marcus (docker compose down -v in ~/.marcus/compose/), (2) delete your Supabase project, (3) revoke Marcus's access at Google Account Permissions.

Your control. You can revoke Marcus's access to your Google account at any time via Google Account Permissions. Revocation stops Marcus from accessing your Google data immediately; locally-stored tokens become inert and can be removed by uninstalling Marcus.

Limited Use compliance. Marcus AI's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Marcus does not use Google user data to develop, improve, or train generalized AI/ML models.

Paid (Marcus Pro) tier note. Marcus Pro customers are onboarded onto a separate OAuth client and governed by a separate per-customer agreement and privacy addendum. This policy applies specifically to Marcus Free.

Marcus AI and Meta (Facebook + Instagram)

When you connect Marcus to Meta, Marcus reads your Facebook Page and Instagram Business account data so it can show follower counts, post performance, and queue scheduled content. Marcus only operates on Pages you explicitly grant access to during the OAuth consent screen.

What we access (v1, read-only).

  • pages_show_list — see which Facebook Pages you administer.
  • pages_read_engagement — read post insights (likes, reach, replies) for the Pages you authorize.
  • instagram_basic — read profile info and recent posts for the Instagram Business account linked to an authorized Page.
  • business_management — list business assets so we can show you which Page+IG to connect.

What we do NOT access. Marcus does not read your personal Facebook profile, friends list, private messages, or any Page you do not explicitly authorize on the Meta consent screen. The publishing scopes (pages_manage_posts, instagram_content_publish) are not requested in v1; when posting is added, it will require a separate consent step.

Storage and use. Meta access tokens are stored in your tenant's encrypted column on Supabase (your project, your keys) and used only to fulfill requests you make through Marcus. Page metadata (handle, follower count) may be cached briefly to render your Ops dashboard. We do not sell, share, or use Meta data for advertising, analytics outside Marcus, or AI/ML training.

Revoke at any time. Disconnect Meta from the Marcus Ops dashboard, or revoke Marcus's access at Facebook Business Integrations.

Marcus AI and X (Twitter)

When you connect Marcus to X, Marcus reads your account metadata and engagement metrics through the X API v2 using OAuth 2.0 with PKCE.

Scopes (v1, read-only).

  • tweet.read — read tweets and their engagement metrics.
  • users.read — read your profile, follower count, and following count.
  • follows.read — read who you follow and who follows you.
  • offline.access — refresh tokens so you do not have to reauthorize every two hours.

Storage and use. X access + refresh tokens are stored encrypted in your tenant row on Supabase and used only for the Marcus Ops dashboard and content workflows you initiate. Marcus does not post, like, follow, or send DMs in v1; tweet.write is not requested.

Revoke at any time. Disconnect X from the Marcus Ops dashboard, or revoke at X Connected Apps.

Marcus AI and TikTok

When you connect Marcus to TikTok, Marcus reads your basic profile and your public video list via the TikTok for Developers API.

Scopes (v1, read-only).

  • user.info.basic — read your username, display name, and avatar.
  • video.list — read your public video metadata so Marcus can surface view counts and trends.

Publishing. The video.publish scope (Content Posting API) requires a separate TikTok audit and is not requested in v1. When publishing is added, it will go through a separate consent flow.

Storage and use. TikTok access + refresh tokens are stored encrypted in your tenant row on Supabase. Tokens are used solely for the Ops dashboard and Content Ops workflows you initiate.

Revoke at any time. Disconnect TikTok from the Marcus Ops dashboard, or manage connected apps in the TikTok app under Settings and privacy → Security and login → Authorized apps.

Data Deletion

You can delete your Marcus data at any time. See our full Data Deletion page for step-by-step instructions for each connected platform (Google, Meta, X, TikTok), how to delete your local Marcus container, and how to wipe the Supabase project that holds your knowledge graph.

Contact Us

If you have questions about this policy, contact us at [email protected].

Last updated: May 3, 2026