mrkup.pro
Sign inGet started
Legal

Privacy policy

Effective date: 19 May 2026 · Last updated: 19 May 2026

This Privacy Policy explains how Steven Holmes, trading as mrkup.pro from 53a Main Street, Shadwell, Leeds, LS17 8HQ (a UK sole trader; "mrkup.pro", "we", "us" or "our") collects, uses, stores and shares personal data when you visit mrkup.pro or use the mrkup.pro web application (together, the "Service").

We are the data controller for personal data we collect about you as a visitor or as an individual user of the Service. Where the Service is used by an organisation (your employer or client) under a mrkup.pro subscription, that organisation is the controller of the floorplans, project data and end-customer information they upload, and we act as their processor for that data — see section 9.

If you have any questions about this policy or how we handle your data, contact us at contact@mrkup.pro.

1. Who this policy applies to

This policy applies to:

  • Visitors to our website
  • People who sign up for a free or paid mrkup.pro account
  • Users invited to an account by an account owner
  • People who contact us by email or through the Service

It does not cover third-party websites we link to. If you follow a link to a site we don't operate, please read that site's privacy policy.

2. What personal data we collect

We collect the following categories of personal data:

Account data. When you sign up we collect your email address, a hashed password, your display name (if you provide one), and the role assigned to you within your account (owner, admin or member).

Project and floorplan content. When you use the Service you upload floorplan PDFs and create projects. These files may contain personal data — for example a customer name, a site address, or notes you add about a building or its occupants. You and your account owner choose what to upload and what to type in.

Usage data.Server logs and product analytics such as pages viewed, actions taken in the markup canvas, IP address, browser type, device type, time zone, and approximate location derived from IP. We use this to keep the Service secure and to understand how it's used.

Billing data (paid plans only). If you upgrade to a paid plan, our payment processor collects your billing name, billing address, and card details on our behalf. We do not see or store your full card number — we only receive a token, the last four digits, the card brand, and the billing country.

Support and correspondence. Any messages you send us by email, plus our replies.

Cookies and similar technologies. See section 8.

We don't intentionally collect any special category data (health, ethnicity, religion, etc.) or data about children. The Service is intended for business users only and is not directed at anyone under 18.

3. How we use your data and our lawful basis

What we doWhy we do itLawful basis (UK GDPR)
Create and operate your accountTo provide the Service you signed up forContract
Process and store floorplans and project dataTo provide the ServiceContract
Send floorplan images to a third-party AI service to identify roomsTo provide the AI room-detection featureContract
Generate quote PDFs and let you download themTo provide the ServiceContract
Take payment, manage subscriptions, send invoicesTo bill you for paid plansContract; legal obligation (tax records)
Send service emails (password resets, security notices, breach notifications, material policy changes)To run the Service safely and lawfullyContract; legal obligation
Send product updates and tipsTo keep you informed about features you useLegitimate interests (keeping you informed about a product you actively use); you can opt out at any time
Send marketing emails to people who haven’t yet signed upTo grow the businessConsent
Diagnose bugs, monitor uptime, prevent abuseTo keep the Service secure and reliableLegitimate interests (running a secure service)
Analyse usage in aggregateTo improve the ServiceLegitimate interests (improving our product)
Respond to legal requests, enforce our TermsTo comply with the law and protect our rightsLegal obligation; legitimate interests

Where we rely on legitimate interests, we've assessed that our interest does not override your rights and freedoms. You can object at any time — see section 7.

4. AI processing of floorplans

A core feature of mrkup.pro is automatic room detection on uploaded floorplans. To deliver this feature we send floorplan images, and any text you provide alongside them, to a third-party AI service provider acting as our sub-processor.

The AI provider processes the image to return room labels and outlines, and may temporarily cache the request to deliver and secure the service. The AI provider does not use your content to train its models without our explicit instruction, and we do not give that instruction. Outputs are returned to mrkup.pro and stored against your project in our database.

Floorplans you upload should not contain personal data beyond what is necessary for a quote (typically a site name and address). Avoid uploading documents containing health data, identification documents or other sensitive information.

5. Who we share data with

We share personal data only with the following categories of recipients, and only to the extent needed for them to perform their role:

  • Cloud hosting provider — runs the application servers and serves the website.
  • Database and storage provider — hosts our Postgres database, authentication system and the encrypted file store where uploaded floorplans live.
  • AI service provider — processes floorplan images for room detection, as described in section 4.
  • Payment processor — handles card payments, subscriptions and invoices for paid plans.
  • Email delivery provider — sends transactional and (where applicable) marketing emails.
  • Error monitoring and analytics provider — collects diagnostic and usage data.
  • Professional advisers — accountants, auditors and legal advisers, where reasonably needed.
  • Authorities and acquirers — if we're required to disclose data by law, court order or regulator, or if the business is sold or restructured.

Each of these providers is bound by a written contract that requires them to handle personal data securely and only on our instructions. We can provide a current list of sub-processors on request to contact@mrkup.pro.

We do not sell personal data, and we do not share it for cross-context behavioural advertising.

6. International transfers

Some of our service providers are based outside the UK, including in the United States and the European Economic Area. When personal data leaves the UK we make sure there are appropriate safeguards in place — typically the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, combined with additional technical measures such as encryption in transit and at rest.

You can ask us for a copy of the safeguards we rely on at contact@mrkup.pro.

7. Your rights

Under UK data protection law you have the right to:

  • Be informed about how we use your data — this policy is part of how we meet that.
  • Access the personal data we hold about you.
  • Rectify data that is wrong or incomplete.
  • Erase your personal data ("right to be forgotten") in certain circumstances.
  • Restrict how we use your data in certain circumstances.
  • Object to our use of your data where we rely on legitimate interests, and to direct marketing at any time.
  • Data portability — receive a machine-readable copy of data you've given us, where we process it under contract or consent and by automated means.
  • Withdraw consent at any time where we rely on consent. Withdrawing consent doesn't make our earlier processing unlawful.
  • Complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. We'd appreciate a chance to address your concerns first.

To exercise any of these rights, email contact@mrkup.pro. We'll respond within one month. We may need to verify your identity before acting.

If you're an end-user whose data was uploaded to mrkup.pro by one of our customers (for example, your name appears on a floorplan), please contact that customer first — they're the controller of that data. We'll help where we can.

8. Cookies

We use a small number of cookies and similar technologies:

  • Strictly necessary cookies — log you in, remember your session, prevent CSRF attacks. These don't need consent.
  • Preference cookies — remember things like dark/light mode.
  • Analytics cookies — help us understand which features are used. We only set these with your consent through the cookie banner.

You can change or withdraw your cookie preferences any time via the "Cookie settings" link in the footer, or through your browser. Blocking strictly necessary cookies will break parts of the Service.

9. When we are a processor

If you use mrkup.pro through an organisation's account, that organisation is the controller of the project and floorplan data they upload, and we are their processor under UK GDPR Article 28. Our processing is governed by a Data Processing Addendum (available on request, and incorporated by reference into our Terms of Service for paid plans).

Among other things, the DPA commits us to:

  • Process customer data only on the controller's documented instructions.
  • Keep the data confidential and require staff and sub-processors to do the same.
  • Apply appropriate technical and organisational security measures (encryption in transit and at rest, access controls, audit logging, regular backups).
  • Help the controller respond to data subject rights requests.
  • Notify the controller without undue delay if we become aware of a personal data breach affecting their data.
  • Delete or return customer data on termination of the contract, subject to backup retention windows.

If you're an end-user (for example, an occupant named on a floorplan), please raise rights requests with the controller in the first instance — that is, the mrkup.pro customer who uploaded the data.

10. How long we keep your data

  • Account data — for as long as your account is active, plus up to 30 days after you delete it (to allow recovery from accidental deletion). After that, we delete or anonymise it.
  • Project, floorplan and quote data — for as long as your account is active. If you delete a project, it's removed from our systems within 30 days. Encrypted backups are rotated within 90 days.
  • Billing records — kept for 6 years after the end of the relevant tax year, in line with HMRC requirements.
  • Support emails — kept for up to 3 years from the last contact.
  • Server and audit logs — typically 30–90 days.

If you'd like your account deleted before then, email contact@mrkup.proand we'll handle it.

11. Security

We protect your data with measures including:

  • TLS encryption for data in transit.
  • Encryption at rest for the database and uploaded files.
  • Row-level security in the database so account data is segregated.
  • Strong password hashing and optional multi-factor authentication.
  • Role-based access controls and audit logging for staff access.
  • Regular dependency updates and routine security reviews.

No system is perfectly secure. If you think your account has been compromised, contact us at contact@mrkup.pro straight away.

12. Changes to this policy

We may update this policy from time to time. If a change is material we'll let you know by email or an in-app notice at least 14 days before it takes effect. The "Last updated" date at the top of this page always reflects the current version.

13. Contact

Steven Holmes, trading as mrkup.pro
53a Main Street, Shadwell, Leeds, LS17 8HQ
Email: contact@mrkup.pro

UK Information Commissioner's Office registration: registration pending.