MarkupBETA from Sprout
← Back to Markup

Privacy Policy

Last updated: 14 June 2026

Markup (“Markup”, “we”, “us”, “our”) is a product operated by Sprout Solutions Phil., Inc. (“Sprout”). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Markup at sproutmarkup.com (the “Service”).

We handle personal data in accordance with Singapore’s Personal Data Protection Act 2012 (the “PDPA”) and, where they apply to you, other data protection laws such as the EU/UK GDPR. This Policy is designed to apply globally to all users of the Service.

1. Personal data we collect

  • Account data. When you sign in, we receive your email address and basic profile information (such as your name and profile picture) from your chosen sign-in provider.
  • Content you provide. The HTML files and related assets you upload, and associated metadata (titles, tags, folders, and the email addresses of people you choose to share with).
  • Usage data. Records of your activity in the Service, such as uploads, file views, and last-active timestamps, used to operate the Service and to produce aggregate analytics.
  • Technical data. IP address, browser and device information, and log data generated when you access the Service.

2. How we use personal data

We use personal data to:

  • provide, operate, and maintain the Service (authentication, hosting, rendering, and sharing);
  • authenticate you and enforce access controls;
  • secure the Service, prevent abuse, and diagnose problems;
  • produce aggregate analytics and understand how the Service is used; and
  • communicate with you about the Service.

Where the GDPR applies, our legal bases are: performance of a contract with you, our legitimate interests in operating and securing the Service, your consent (where required), and compliance with legal obligations.

3. Consent and withdrawal of consent (PDPA)

By using the Service and providing personal data, you consent to our collection, use, and disclosure of personal data for the purposes described in this Policy. You may withdraw consent at any time by contacting us (see “Contact” below), subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may mean we can no longer provide the Service to you.

4. Your content and who can see it

Files you upload are private by default. They are accessible only to you and the specific people you choose to share them with, who must sign in to open them. We do not make your files publicly listed or searchable. You are responsible for any personal data contained in the files you upload and for the recipients you choose.

5. Disclosure and service providers

We do not sell personal data. We engage a limited number of reputable third-party service providers (sub-processors) that process personal data on our behalf, under appropriate confidentiality and data-protection obligations, to operate the Service. They fall into the following categories:

  • Identity and authentication providers — to let you sign in securely.
  • Cloud infrastructure and storage providers — to host the Service and store your files and data.

We can provide the current list of sub-processors on request. We may also disclose personal data where required by law, regulation, or legal process, or to protect the rights, safety, and property of Sprout, our users, or the public.

6. International transfers

The Service runs on cloud infrastructure located primarily in the Southeast Asia region. Where personal data is transferred across borders, we take steps to ensure it receives a standard of protection comparable to that under the PDPA, including through contractual safeguards with our service providers.

7. Retention

We retain personal data for as long as your account is active or as needed to provide the Service, and afterwards only as required for legitimate business or legal purposes. You may request deletion of your account and content (see “Your rights”).

8. Security

We use technical and organizational measures to protect personal data, including encryption in transit, access controls, and rendering uploaded content in an isolated, sandboxed environment. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

Subject to applicable law, you may:

  • access the personal data we hold about you and information about how it is used;
  • correct inaccurate or incomplete personal data;
  • request deletion of your personal data and content;
  • withdraw consent; and
  • where the GDPR applies, object to or restrict processing and request data portability.

To exercise these rights, contact us using the details below. We will respond within the timeframes required by applicable law.

10. Cookies

We use a single, essential session cookie to keep you signed in. We do not use advertising or third-party tracking cookies. This cookie is required for the Service to function.

11. Uploaded content and third parties

Markup hosts and renders HTML authored by you or generated by AI tools. We render this content in a sandbox to protect you and other users, but we do not author, endorse, or vet uploaded content. Please do not upload other people’s personal data without a lawful basis to do so.

12. Children

The Service is not directed to children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date, and material changes will be communicated where appropriate.

14. Contact

For questions or requests about this Policy or your personal data, contact us at info@sprout.ph. Operator: Sprout Solutions Phil., Inc., 9th Floor, North Tower, Rockwell Business Center, Sheridan St. corner United St., Mandaluyong City, Metro Manila, Philippines 1550.

15. Governing law

This Policy is governed by and construed in accordance with the laws of Singapore.