Privacy Policy
Last updated: 2026
Markyto Technology ("Markyto", "we", "us") operates markyto.com and the Markyto EMS platform. This policy explains how we collect, use, disclose, and protect personal information when you visit our website, contact us, or use our services.
Who we are
Markyto Technology
26 Orchard Way, Brandon, MB R7A 7S9, Canada
hello@markyto.com
Scope
This policy applies to (1) public website visitors, (2) prospective customers and support contacts, and (3) users of Markyto EMS workspaces, including web and mobile experiences.
Information we collect
- Website and contact data: name, email, company, message content, and related correspondence when you contact us or request information.
- Account and identity data: workspace/company profile, user profile details, role/permission assignments, login/session data, and audit records of key actions.
- Operations data entered by customers in EMS modules, which may include leads, clients, projects, tasks, notes, communications, HR records, payroll-related records, finance records, and uploaded files.
- Technical and usage data: IP address, browser/device metadata, request and error logs, product interaction events, and security telemetry used to operate and protect the service.
EMS modules and data categories
Depending on your enabled modules and settings, Markyto EMS may process the following categories of personal and business information within your tenant workspace:
- Leads, CRM, and consultations: contact details, lead source/campaign metadata, communication history, booking and consultation details, and follow-up activity.
- Clients, projects, and tasks: client records, project/case details, assignments, workflow stages, deadlines, comments, and project-related documents.
- HR and attendance: employee profile data, attendance events, payroll structures, salary components, payslip and deduction/tax-related records.
- Finance and billing: invoices, payments, expenses, vendors, accounts, reconciliation and reporting data, and external accounting sync metadata.
- Communication modules: email logs/templates, WhatsApp messaging metadata and content, and support/service communication records.
- AI modules: assistant prompts/replies, tool traces, confirmation receipts, staged attachments, and escalation records required for safe operation and auditability.
How we use information
- Provide, secure, and maintain Markyto EMS services requested by customers and authorized users.
- Operate module features such as CRM, projects, tasks, HR, finance, reporting, messaging, and automation workflows.
- Authenticate users, enforce permissions, maintain tenant isolation, and investigate abuse, fraud, or security incidents.
- Deliver transactional and service communications (for example, account notices, support responses, workflow notifications, and legally required messages).
- Monitor reliability and improve performance, accessibility, and product quality.
- Comply with legal obligations and enforce our terms, contracts, and internal governance controls.
Legal bases and Canadian compliance
We design our practices with PIPEDA (federal), Quebec Law 25, BC PIPA, and CASL in mind. Depending on context, our legal basis includes consent, contract performance, legitimate interests, and legal compliance. For tenant workspace data, the customer organization generally acts as controller (or equivalent) and Markyto acts as processor/service provider under contract.
AI features (voice and assistant)
When enabled by a company administrator, voice and assistant requests may be processed by external AI providers to generate responses and tool plans. Provider keys may be customer-supplied per tenant, and some deployments may use platform fallback keys. We keep confirmation gates for sensitive write actions and maintain audit records of AI-assisted operations.
- Voice assistant: spoken/typed requests and related context may be sent to configured AI services for intent interpretation and response generation.
- Claude Assistant: chat messages, supported attachments (such as images/PDFs), and tool interactions may be processed to provide in-application assistance.
- Safety and control: tenant scoping, role checks, and explicit confirmation are enforced for sensitive data-changing actions.
Integrations and third parties
Customers can enable integrations in settings. When enabled, relevant data is exchanged with third-party providers according to customer configuration and permissions. Common integrations and providers include:
- Meta (Facebook/WhatsApp) for WhatsApp Business messaging and related business messaging features.
- Stripe for payment processing and webhook-based payment status events.
- Google services for authentication and cloud functionality, where configured.
- Zoho, QuickBooks, and Xero for CRM/accounting synchronization, where connected by the customer.
- Email infrastructure providers and analytics/monitoring providers needed to operate and improve service reliability.
Meta and WhatsApp Business data
If your organization enables Meta/WhatsApp features, we may process business phone identifiers, message content, template metadata, delivery/status events, and account configuration data needed to operate those features within your tenant. We process this information under customer instructions and applicable platform terms.
Data sharing, subprocessors, and international transfers
We do not sell personal information. We share data with subprocessors and service providers only as needed to deliver services, maintain infrastructure, provide support, process payments, and meet legal obligations. Data may be processed in jurisdictions where our providers operate, subject to contractual and technical safeguards.
Retention
We retain data for as long as needed to provide services, support legitimate business and legal requirements, and enforce agreements. Retention may vary by module and record type. Some operational artifacts are short-lived (for example, temporary staged assistant files), while core business records are retained until deleted by customers or no longer required under contract/legal obligations.
Security safeguards
We use administrative, technical, and organizational safeguards designed for multi-tenant SaaS operation, including access controls, tenant scoping, logging/audit trails, and encryption in transit. No method of transmission or storage is 100{}ecure, but we continuously improve controls based on risk and operational needs.
Your rights and choices
Depending on applicable law, you may request access, correction, deletion, or information about how personal data is handled. Where Markyto processes data on behalf of a customer organization, requests may need to be directed to that organization first. You can contact us at hello@markyto.com.
Meta/WhatsApp data deletion requests
For Meta/WhatsApp-related data deletion requests, contact hello@markyto.com with your business account details, phone number identifiers, and organization/workspace information. We will verify authority and coordinate deletion or anonymization in accordance with contractual, legal, and platform requirements.
Children
Our services are intended for business use and are not directed to children under 13 (or higher age thresholds where required by local law).
Policy updates
We may update this policy from time to time. Material changes will be reflected by updating the effective date and, where appropriate, by additional notice.