Privacy Policy
MarkFlow is built on a simple promise: your documents are yours. We don't sell your data, we don't train AI models on your files, and we keep as little as we need for as short a time as we can. This page tells you exactly what that means in practice.
Last updated: May 19, 2026.
The short version
- If you're not signed in, your files never leave your browser except as part of a request to Google Gemini.
- If you're signed in, we store a minimal profile (email, display name, photo URL) in Firebase Authentication and Firestore.
- If you're an approved user running a large or scanned PDF through our managed pipeline, that PDF is uploaded to private Google Cloud Storage scoped to your account, processed, and queued for deletion.
- We don't sell data, share it with advertisers, or use it to train models.
- You can ask us to delete everything at any time — see Deleting your data.
Who runs MarkFlow
MarkFlow is operated by Schoedel Design, an independent studio based in Texas, United States. For any privacy question, email barry@schoedeldesign.ai.
What we collect, and where it lives
1. Documents and text you submit
The PDFs, Word files, HTML, and pasted text you feed to MarkFlow are document content. Here is what happens to that content in each mode:
- In-browser conversion (default for everyone). Your file is read in your browser. If the conversion needs an AI model, the text or page contents are sent to Google Gemini over an HTTPS request from your browser. We do not store the file on our servers in this mode.
-
Server-managed conversion (approved accounts only).
Large or scanned PDFs are uploaded to a private Google Cloud
Storage bucket at a path scoped to your user ID
(
pdf-inputs/<your-uid>/<job-id>/source.pdf). Our Cloud Run backend reads it, sends the page contents to Google Gemini for OCR and formatting, writes the resulting Markdown back tomarkdown-outputs/<your-uid>/<job-id>/output.md, and returns it to your browser. Both objects are automatically deleted by a Cloud Storage lifecycle policy 30 days after upload, and you can flush them sooner from the profile menu (see Deleting your data). -
Bring your own Gemini key.
If you add your own Google Gemini API key in the profile menu,
requests go directly from your browser to Google. Your key is
stored encrypted-at-rest in our Firestore (so it can also be
used by the server-managed pipeline when you choose) and,
optionally, in your browser's
localStorageif you check “Remember key”. We never log your key.
2. Account information
If you sign in with Google, we store the following in Firebase
Authentication and a per-user Firestore record at
users/<your-uid>:
- Your Firebase user ID.
- Your email address.
- Your display name and profile photo URL (as provided by your Google account).
- The date you first signed in.
- A running count of conversions you've performed today (for daily limits).
3. Job metadata
For each server-managed conversion we store a record in Firestore at
conversion_jobs/<job-id> containing the
original filename, file size, page count, your user ID and email,
the job status, and timestamps. These records are scheduled for
deletion 30 days after the job completes.
4. Usage counters
- For approved users with monthly OCR allowances, we keep a per-month page counter at
ocr_usage/<your-email>_<YYYYMM>. - We keep aggregate, non-identifying counts of logins and conversion requests at
stats/<period>so we can see whether the service is being used. These do not link back to individual users.
5. Error logs
When something fails, we record the error message, stack trace,
the action that triggered it, your user ID and email, and any
relevant context (e.g. the filename) in Firestore at
conversion_errors/<error-id>. We use these to
fix bugs. Cloud Run may also record server-side errors
(including your email if the error is auth-related) in
Google Cloud Logging. These logs do not contain
your document content.
6. Things stored in your browser
MarkFlow uses your browser's storage for a small number of preferences, not for cross-site tracking:
localStorage["markflow-theme"]— your light/dark preference.localStorage["gemini_api_key"]— only if you opted in to “Remember key”.sessionStorage["login_recorded"]— a transient flag used so we don't double-count logins.
We do not use third-party analytics cookies, advertising trackers, or fingerprinting.
What we never do with your data
- We don't sell it.
- We don't share it with advertisers or data brokers.
- We don't use it to train AI models — ours or anybody else's.
- We don't read your documents. Backend processing is automated; humans only look at the contents of an upload if you specifically send it to us as part of a bug report.
Third parties we hand data to
Running MarkFlow requires us to pass certain data through third-party services. Those services have their own privacy practices:
- Google Gemini — receives the document content or page images that need to be converted. See Gemini API terms.
- Firebase Authentication, Firestore, Cloud Storage, and Cloud Run (all Google Cloud) — host your account, job metadata, and (for approved-server jobs) your uploaded files. See Firebase Privacy & Security.
Deleting your data
You can ask us to delete any or all of your data at any time. Today, the available controls are:
- Sign out from the profile menu — this clears in-memory state and, if you didn't enable “Remember key”, your Gemini key as well.
- Remove your stored Gemini key via the profile menu's “Remove server-side key” control. This deletes the key from Firestore immediately.
- Flush your conversion history from the profile menu's “Flush conversion history” button. This removes all of your stored PDFs, converted Markdown, and job records from MarkFlow immediately. Your account stays intact.
- Delete your account and data from the profile menu's “Delete my account and data” button. This removes your Firebase account, your Firestore records, your stored Gemini key, your job history, your OCR usage counters, and any uploaded PDFs or output Markdown in one shot. The action requires you to type
DELETEto confirm and cannot be undone. - Need help instead? Email barry@schoedeldesign.ai from the address you signed up with, or use the bug-report button (top-right) with subject “Delete my data.”
How long we keep things, in one table
| Data | Retention |
|---|---|
| Uploaded PDFs (server-managed) | 30 days (auto-deleted by Cloud Storage lifecycle), or sooner via “Flush conversion history” |
| Converted Markdown (server-managed) | 30 days (auto-deleted by Cloud Storage lifecycle), or sooner via “Flush conversion history” |
| Job metadata | 30 days (auto-deleted by Firestore TTL) |
| Account profile | Until you ask us to delete it |
| Stored Gemini API key | Until you remove it or delete your account |
| Error logs | Up to 90 days; auto-deleted by Firestore TTL |
| Aggregate usage stats | Indefinite (no personal identifiers) |
Children
MarkFlow is not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided information to us, email us and we'll delete it.
Changes to this policy
If we materially change what we collect or how we use it, we'll update this page and note the change at the top. The current version is dated above.
Contact
Privacy questions, deletion requests, or anything else: barry@schoedeldesign.ai.