Privacy

Privacy Policy

Last updated: July 8, 2026

The short version

Markloom is an editor over storage you already own. Your documents live in your Google Drive or your GitHub repository — Markloom has no database and keeps no copy of any file. There is nothing of yours on our servers to lose, sell, or leak.

What we store

  • A session cookie — an encrypted token containing your name, email, and the OAuth access token for the storage provider you signed in with. It lives in your browser and is decrypted only on our server to proxy your requests. Signing out deletes it.
  • Nothing else. No database, no analytics trackers, no advertising identifiers. File contents pass through our server memory during a save or load and are never written to disk or logs.

What we can access

  • Google Drive — the drive.file scope: only files Markloom created or files you explicitly opened with it. The rest of your Drive is invisible to us.
  • GitHub — only the repositories you installed the Markloom app on (typically just markloom-notes).

You can revoke this access at any time from your Google account permissions or GitHub installations. Your files are unaffected either way — they were always yours.

The playground

The no-account playground runs entirely in your browser. Drafts and their version history are stored in your browser's localStorage and IndexedDB and never touch our servers. Clearing your browser data deletes them.

Third parties

Signing in and syncing files means your requests flow to Google or GitHub under their own privacy policies. Our hosting provider records standard, short-lived request logs (IP, path, status) as any web host does — never file contents or tokens.

Changes & contact

If this policy changes, the date above changes with it. A support contact will be published here at launch.