mark5.ai
mark5.ai
Version 1.0 · Effective Date: January 30, 2026 · Last Updated: January 30, 2026
This Privacy Policy describes how Arctan Engineering Inc., d/b/a mark5.ai ("mark5.ai," "we," "us," or "our"), collects, uses, and protects your personal information when you use our websites and services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.
| Category | Data |
|---|---|
| Account information | Email address, password (hashed, never stored in plain text) |
| Profile information | Display name (optional) |
| Receipt images | Photos of receipts you upload |
| Expense data | Vendor, date, amount, category, account assignments, notes |
| Payment information | Processed by Stripe; we do not store credit card numbers |
| 2FA credentials | Encrypted TOTP secrets for two-factor authentication |
| Support communications | Emails or messages you send to us |
| Category | Data |
|---|---|
| Device information | Browser type, operating system, device type |
| Usage data | Pages visited, features used, timestamps |
| IP address | Collected by Firebase for authentication and security |
If you sign in using a third-party provider (e.g., Google), we may receive your name and email address from that provider, subject to their privacy policies and your account settings.
We use your information to:
We do not use your data for advertising. We do not sell your personal information.
We use the following third-party services to operate mark5.ai. Each provider receives only the data necessary to perform its function:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase | Authentication, database, file storage, hosting | Email, password hash, receipt images, expense data, IP address |
| Google Cloud Document AI | Receipt data extraction (OCR) | Receipt images |
| Stripe | Payment processing | Email, payment method details (card info goes directly to Stripe) |
These providers are bound by their own privacy policies and data processing agreements. We do not share your data with any other third parties except as required by law.
Your data is stored on Google Cloud Platform (Firebase) infrastructure located in the United States. Google Cloud provides enterprise-grade security including physical security, network protection, and encryption.
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
| Scenario | Retention Period |
|---|---|
| Active account | Data is retained as long as your account is active |
| Account deletion | Account data, receipt images, and expense records are deleted within 30 days of account deletion |
| Backups | Backup copies may persist for up to 90 days after deletion, after which they are purged |
| Stripe records | Payment records are retained by Stripe in accordance with their data retention policy and applicable financial regulations |
| Anonymized data | Aggregated, anonymized data (with all personal identifiers removed) may be retained indefinitely to improve the Service |
| Legal obligations | We may retain data longer if required by law or to resolve disputes |
Before deleting your account, you will be prompted to download your data.
Regardless of your location, you may:
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
We do not sell personal information, including information of persons under 16 years old. Because we do not sell personal information, the CCPA right to opt out of sale does not apply.
To exercise your rights, email support@mark5.ai. We will verify your identity before processing requests.
If you are in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing.
Our lawful bases for processing are:
To exercise your GDPR rights, contact us at support@mark5.ai.
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will take steps to delete that information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@mark5.ai.
mark5.ai uses minimal cookies and tracking:
Your data is stored and processed in the United States on Google Cloud infrastructure. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.
By using the Service, you consent to this transfer. We rely on Google Cloud's data processing agreements and security measures to protect data in transit and at rest.
In the event of a data breach that affects your personal information, we will:
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect.
We will update the version number and "Last Updated" date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, contact us at:
mark5.ai
Email: support@mark5.ai