This Privacy Policy explains how Document Node Pty Ltd ("we", "us", or "our") collects, uses, and protects information when you use the MarkNode desktop application and the marknode.com website (collectively, the "Service"). Document Node Pty Ltd is the data controller for personal data processed under this policy.
MarkNode is available in three tiers: Free (no account required), Pro (one-time perpetual license), and Ultimate (subscription with cloud features). The data we collect depends on the tier you use, as described below.
1. What Stays on Your Device
For Free and Pro tier users, all document data — your Markdown files, mind maps, and project configurations — is stored entirely on your local device. We do not host, transmit, or have any access to this content. You control where your files live.
The only network communication made by Free and Pro installations is the update check described in section 3.3 below.
2. Data We Collect
2.1 Account and License Data
If you create an account or purchase a license (via cloud.marknode.com), we collect:
- Email address — used for license delivery, purchase receipts, and essential account communications
- OAuth identity information — if you sign in with Google, Microsoft, GitHub, Apple, or Facebook, we receive a unique identifier and your email address from that provider (we do not receive your password)
- License and activation status — to validate your entitlement to Pro or Ultimate features
Sign-in is only required for paid features. The Free tier works with no account.
2.2 Payment Data
Payments made through cloud.marknode.com are processed by Stripe. We do not receive, store, or have access to your full payment card number or banking details. Stripe's privacy policy governs the handling of your payment information.
If you purchase the Pro license through the macOS App Store, that transaction is handled entirely by Apple under their own privacy policy; we receive only a confirmation of the purchase.
2.3 Cloud Document Content (Ultimate tier only)
Ultimate subscribers who use cloud features (cloud sync, real-time collaboration, mind map sharing, browser editing) have their document content stored on our cloud infrastructure, operated on Google Cloud Platform, currently in the Tokyo, Japan region. This content is:
- Encrypted in transit using TLS
- Encrypted at rest using Google Cloud default encryption
- Retained for as long as needed to provide the service, and deleted upon account closure or a verified data deletion request
Cloud features are opt-in. If you do not use cloud sync or collaboration, your documents remain local.
2.4 AI Writing Assistant (Ultimate tier only)
The AI writing assistant is available to Ultimate subscribers. When you invoke it, the relevant document context (the text you choose to send) is transmitted through our own proxy at cloud.marknode.com to a third-party AI provider (currently OpenAI); we may change or use additional providers over time. The content is processed to generate a response and is then discarded. We do not use your prompts or document content to train AI models, and we contractually restrict our AI providers from doing so on our behalf.
2.5 Update Checks and Active-User Estimation
MarkNode periodically checks for application updates regardless of tier. During each check, the following information is sent to our update server:
- Application version
- Operating system and architecture
- IP address (inherent to the network request)
These update checks are also used in aggregate to estimate the number of active users. We count how many distinct installations check for updates over a rolling period — we do not build individual profiles from this data. There is no other telemetry or usage tracking in the desktop application.
2.6 Crash Reporting
We do not currently collect crash reports from the desktop application. If we introduce optional crash reporting in the future, we will update this policy and it will be opt-in.
2.7 Website Data (marknode.com)
When you visit marknode.com, we may collect:
- Server logs — IP address, browser type, referring page, and pages visited (retained for up to 30 days for security and operational purposes)
3. How We Use Your Data
We use the information we collect to:
- Create and manage your account, and deliver and activate your license
- Provide cloud sync, collaboration, and AI assistant features (Ultimate tier)
- Send transactional emails — purchase receipts, license delivery, and account notices — via SendGrid
- Provide application updates
- Estimate aggregate active-user counts from update checks
- Understand aggregate website usage to improve marknode.com
- Comply with legal obligations and enforce our Terms of Service
4. Data Sharing and Sub-Processors
We do not sell or share your personal information with third parties for their own marketing purposes. We share data only with the following service providers, who process it on our behalf:
- Stripe — payment processing for cloud.marknode.com purchases
- Apple — in-app purchase processing for the macOS App Store build
- Google Cloud Platform — cloud storage and hosting infrastructure (Google Cloud Datastore, Tokyo, Japan region) for Ultimate tier cloud features
- Third-party AI provider (currently OpenAI) — processing AI assistant prompts on behalf of Ultimate subscribers; we may change or use additional providers over time
- SendGrid — transactional email delivery (receipts, account notices)
- OAuth identity providers — Google, Microsoft, GitHub, Apple, and Facebook, for account sign-in where you choose those options
- Google Analytics — aggregate website analytics for marknode.com (consent-gated)
These providers are bound by data processing agreements and are permitted to use your data only to perform services on our behalf.
5. Data Retention
- Account and license data — retained for the duration of your license or subscription, plus 90 days after a verified account deletion request
- Cloud documents (Ultimate) — retained until you delete them, until you close your account, or until we receive and verify a data deletion request
- AI assistant prompts — transmitted to the AI provider for processing and discarded; not stored by us after a response is generated
- Server logs — retained for up to 30 days
- Financial records — retained as required by applicable tax and accounting laws, typically 5–7 years
6. Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS) for all data transmitted to our servers
- Encryption at rest for cloud-stored content (Google Cloud default encryption)
- Access controls limiting who can access personal data
- Regular security reviews of our infrastructure
7. Your Rights
For All Users
- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (see section 8 for account deletion)
- Withdraw consent for optional data processing (e.g. analytics cookies)
EU/EEA/UK Residents (GDPR)
You additionally have the right to:
- Data portability — receive your data in a structured, machine-readable format
- Restrict processing of your data
- Object to processing based on legitimate interest
- Lodge a complaint with your local data protection authority
Our legal bases for processing personal data are:
- Contract performance — delivering your license, account, and cloud features
- Legitimate interest — update checks, aggregate active-user estimation, server security logs, and product improvement
- Consent — analytics cookies on marknode.com
California Residents (CCPA/CPRA)
You additionally have the right to:
- Know what personal information is collected and how it is used
- Request deletion of your personal information
- Opt out of the sale or sharing of personal information — we do not sell or share your personal information
- Non-discrimination for exercising your rights
We honour Global Privacy Control (GPC) signals received from your browser as a valid opt-out of any sharing of personal information under CCPA/CPRA.
Australian Residents
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. You may request access to and correction of your personal information held by us.
To exercise any of these rights, contact us at the address in section 11 below.
8. Account Deletion
You may delete your MarkNode account and associated data at any time:
- From within the app — via the Account dialog in MarkNode settings
- By contacting us — email support@documentnode.io and we will process your request
Upon deletion, your account data and cloud documents (if any) will be removed within 90 days, subject to retention obligations described in section 5 (e.g. financial records required by law).
9. International Data Transfers
Our infrastructure spans multiple regions. Cloud document content for Ultimate subscribers is stored in Tokyo, Japan (Google Cloud). Other service infrastructure may be located in Australia or the United States. Where we transfer personal data of EU/EEA residents outside the EEA, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.
10. Children's Privacy
MarkNode is intended for users aged 13 and over (or 16 and over in the EU/EEA). We do not knowingly collect personal information from children below these ages. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page with a new "Last updated" date. For significant changes, we may also notify you via email or an in-app notice.
12. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: support@documentnode.io
- Entity: Document Node Pty Ltd