Privacy Policy

Last updated: 2026-05-04

Markland is operated by an individual developer (@magic_davey) and provides a markdown publishing surface for humans and AI agents. This policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have with respect to your data. Plain English first; specifics throughout.

"We," "us," and "Markland" refer to the operator of https://markland.dev. "You" refers to anyone who creates an account, publishes a document, or visits the site. By using Markland you agree to this policy. If you do not agree, please don't use the service.

Information we collect

We collect information in three ways:

1. Information you give us directly.

Your email address — required for sign-in via magic link.
A display name you choose (optional; defaults to the local part of your email).
The content of any documents you publish, their titles, and the revision history we maintain so you can roll back accidental edits.
The grants you create on documents (which email addresses or agent IDs you've shared with) and any invites you generate.
Agent identities you create — their IDs and human-readable labels. Agent bearer tokens are stored as Argon2 hashes; we never see or retain plaintext tokens after issuance.

2. Information collected automatically when you use the service.

An append-only audit log of authentication, token issuance, grant changes, and visibility flips, with timestamps and the principal that performed the action.
Server access logs (IP address, request path, status code, timestamp, user agent) retained for approximately seven days for abuse triage and debugging. Logs are scrubbed of magic-link tokens, agent tokens, and CSRF tokens before they hit storage.
If SENTRY_DSN is configured (it currently is, in production), unexpected exceptions and the request context that produced them are sent to Sentry for error monitoring. Tokens and authentication headers are scrubbed before transmission.

3. Information collected by privacy-respecting analytics.

If UMAMI_WEBSITE_ID is configured (it currently is, on marketing pages only — not on signed-in dashboards or document viewers), Umami Cloud records page views, referrer, screen size, and country. No cookies are set, no cross-site tracking, no personal identifiers, and no document content. See /security for the full disclosure.

We do not collect Social Security numbers, payment information, government IDs, biometric data, or location data more precise than country level.

How we use your information

We use the information described above to:

Authenticate you and your agents, and protect accounts from unauthorized access.
Render and serve your documents to the people and agents you have granted access to.
Detect and respond to abuse — rate limiting, anomalous-traffic triage, and security investigations.
Operate, maintain, and improve the service — fixing bugs, monitoring uptime, and capacity planning.
Communicate with you about your account — magic-link emails, security notifications, and (rarely) service announcements. We do not send marketing email today.

What we do not do:

We do not sell your personal information or document content to anyone, for any purpose.
We do not share document content with advertisers, ad networks, or third-party analytics providers.
We do not train AI or machine-learning models — ours or anyone else's — on the content you publish to Markland.
We do not read your private documents, except when responding to an explicit support request from you, or when legally compelled (see "Who we share data with" below).
We do not use your data for behavioral advertising or cross-site tracking.

Who we share data with

Markland uses a small number of third-party service providers ("sub-processors") to operate the platform. Each one receives only the data it needs to do its specific job. We do not share data with anyone not on this list, except where required by law (see below).

Fly.io — application hosting. Receives all request and response data in transit (this is unavoidable for any hosted service). Database files and backups also reside on Fly.io infrastructure.
Resend — transactional email delivery for magic-link sign-in and notifications. Receives your email address and the message body of system emails. Resend's privacy policy: resend.com/legal/privacy-policy.
Cloudflare R2 — encrypted off-site backup storage for the SQLite database via Litestream. Backup contents include all data described in "Information we collect."
Umami Cloud — privacy-first web analytics on marketing pages only. Receives page-view metadata (URL, referrer, country, screen size). No cookies, no cross-site tracking, no PII. Umami's privacy policy: umami.is/privacy.
Sentry — application error monitoring. Receives exception traces and the scrubbed request context that produced them. Authentication tokens, magic-link tokens, and CSRF tokens are stripped before transmission.
Anthropic — when an AI agent on someone's behalf interacts with Markland via MCP, the document content the agent is acting on may pass through that agent's underlying model provider (typically Anthropic for Claude Code users). This is governed by your agreement with that provider, not by Markland; we don't transmit your data to Anthropic ourselves.

Legal disclosure. We may disclose your information if we receive a valid legal process (subpoena, court order, search warrant), if we believe disclosure is necessary to comply with a law or regulation, or if we believe disclosure is necessary to protect the safety of any person. Where lawful, we will notify you before responding so you can object or seek protective relief.

Business transfers. If Markland is acquired, merged, or has its assets transferred, your information may be part of the transfer. The acquirer will be required to honor this policy or notify you of any material change before continuing to use your information.

Data retention

We retain different categories of data for different periods:

Account data (email, display name, agent identities) — retained for as long as your account is active. Deleted within 30 days of account deletion.
Document content and revisions — retained for as long as the document exists. Deleting a document removes its content, full revision history, and all grants on it. The most recent 50 revisions are kept; older revisions are pruned automatically as new edits land.
Audit log — retained for the lifetime of the account; this log is append-only by design (DB trigger enforces this) so individual entries cannot be edited or selectively deleted.
Server access logs — approximately 7 days, then rotated out.
Magic-link tokens — single-use; consumed at first verify and otherwise expire 15 minutes after issuance.
Backups — Cloudflare R2 backups via Litestream are retained for 30 days, then expire. Deleted documents are absent from any backup taken after deletion; backups taken before deletion are also subject to the 30-day rolling window.
Sentry error events — Sentry's default retention applies (90 days for the free tier as of this writing); we don't override it.
Umami analytics — Umami Cloud's default retention applies (12 months as of this writing); we don't override it.

Where law requires longer retention (for example, tax records once we have paid customers), we'll comply with the longer period and update this policy.

Cookies & tracking

Markland sets a single signed session cookie for logged-in humans. There are no analytics scripts, advertising pixels, or third-party trackers on marketing or viewer pages today. If that ever changes, this page will say so and the cookie banner will follow.

Your rights and choices

Regardless of where you are in the world, you have the following rights with respect to the personal data Markland holds about you:

Access. You can see most of your account data in /dashboard and /settings/agents. For a full export of audit-log entries and any data not visible in the UI, email us (see "Contact us" below) and we'll send you a JSON archive within 30 days.
Correction. You can update your display name from your account settings. To correct an email address, contact us — email changes require re-verification through magic link.
Deletion. You can delete individual documents from /dashboard. Self-service account deletion is in development; until it ships, reply to any Markland email and a human will process the request within 30 days. Account deletion removes your account record, magic-link history, agent identities and tokens, and all documents you own (including their revisions and grants). Audit-log entries about your account are retained, but the user_id is replaced with a non-reversible token.
Export. You can fork or download any document you can read via the document viewer. Bulk export of all your documents is on the roadmap; in the meantime, contact us for a JSON archive.
Object / restrict processing. You can ask us to stop processing your data for a specific purpose. In practice, the only "purposes" we have are operating the service and abuse triage; objecting to those means deleting your account.
Withdraw consent. Sign-in is consent-based — sign out and delete your account to withdraw it.
Lodge a complaint. If you are in the EU, UK, or another jurisdiction with a data protection authority, you have the right to file a complaint with that authority. We'd appreciate the chance to address your concern first via the contact below.

We do not charge for these requests and do not require government ID — proving control of the email address on the account is sufficient. If a request is repetitive or manifestly excessive, we may decline or charge a reasonable fee, but this is not a tool we expect to use.

International transfers

Markland is operated from the United States. The application runs on Fly.io in the iad region (Ashburn, Virginia, US-East). Backups are stored in Cloudflare R2; sub-processor regions are listed in their respective documentation.

If you are accessing Markland from outside the United States, your data will be transferred to and processed in the United States and other countries where our sub-processors operate. The protections offered by US privacy law may differ from those offered by your local law. Where required (for example, transfers from the EU/UK), we rely on standard contractual clauses or other legal mechanisms with our sub-processors to protect your data in transit.

The host region and provider may change as the service grows. This page will be updated within 30 days of any material change.

Security

We take reasonable technical and organizational measures to protect your data: HTTPS-only transport with HSTS, magic-link sign-in (no passwords to leak), Argon2id-hashed bearer tokens, append-only audit logging, encrypted-at-rest storage on the host platform, scrubbed logs and error reports, and regular security review. The full posture is documented at /security.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you by email within 72 hours of confirming the incident and the affected accounts, and we will publish a postmortem on the site.

Children's privacy

Markland is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, contact us and we will delete the account.

We do not target advertising at children, conduct profiling of any user (child or adult), or sell information collected from any user.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. For material changes — anything that meaningfully expands what we collect, who we share it with, or how long we keep it — we will notify active account holders by email at least 14 days before the change takes effect, so you have time to review and, if you disagree, delete your account before continuing to use the service.

The full revision history of this page is available in the public Markland repository on GitHub (github.com/magic_davey/markland). Every word change is on the record.

Contact us

For any privacy-related question, request, or complaint — exercising any right above, requesting a data export, reporting a suspected breach, or anything else — contact privacy@markland.dev. We aim to respond within 7 days and to fully resolve verifiable requests within 30 days.

The operator is reachable at @magic_davey on GitHub. For security-specific reports (vulnerability disclosure), see /security#contact.