Privacy Policy

Mufal, Inc. (“Mufal”, “we”, “us”, or “our”) operates the Mufal desktop application and related services. We are committed to protecting your personal information and your right to privacy.

If you have questions about this policy, contact us at [email protected].

Account data: When you register, we collect your email address, user identifier, authentication tokens, and encrypted credentials.

Audio and voice data: When recording is active and you have given in-app permission for AI data processing, Mufal captures microphone audio on your device and streams it to AssemblyAI for speech-to-text transcription.

Transcript and meeting data: Mufal stores transcript text, timestamps, speaker labels, meeting titles, summaries, follow-up email drafts, chat history, project assignments, modes, and saved notes on your device. If cloud sync is enabled or you manually sync, this data is sent to Mufal Cloud under your account.

AI request data: When you use Ask Mufal, AI summaries, AI-generated titles, or AI follow-up email drafting, Mufal sends the relevant transcript text, your prompts, prior chat messages, selected model name, and any optional images you attach to OpenRouter so an AI model can generate a response.

Usage data: We collect basic operational information such as app version, platform, usage counters, sync status, and quota usage. We do not use meeting content for advertising.

Billing data: Payment is processed by Stripe. We store only your Stripe customer ID; we never see or store full card numbers.

We use your data solely to:

• Provide and improve the Mufal service
• Authenticate you and maintain your session
• Transcribe microphone audio into text when recording is active
• Generate AI answers, summaries, titles, and follow-up drafts when you request them
• Sync your meeting data across your devices
• Send transactional emails (billing, security alerts)
• Detect and prevent abuse or fraud

We do not use your meeting content to train AI models. We do not sell your data to third parties.

We share personal data only with trusted sub-processors necessary to operate the service and only for the purposes described in this policy:

AssemblyAI — receives microphone audio and transcription metadata to provide real-time speech-to-text transcription.
OpenRouter and selected model providers — receive transcript text, prompts, chat history, selected model name, and optional attached images to generate AI responses, summaries, titles, and follow-up drafts.
Neon — stores account configuration, synced sessions, transcripts, summaries, and related cloud data.
Stripe — processes payments and billing events for web and desktop services.

All sub-processors are required to provide the same or equivalent protection for personal data and to process data only as needed to provide their services. We do not sell personal data and we do not share meeting content for advertising.

In the iOS app, Mufal asks for permission before sending personal data to third-party AI services. The consent screen identifies that microphone audio is sent to AssemblyAI, transcripts/prompts/images are sent to OpenRouter and selected model providers, and synced sessions are sent to Mufal Cloud. You can refuse or revoke this permission in the app. If permission is not granted, recording transcription and AI features that require third-party processing are disabled.

Session data is retained until you delete it from your account. You may delete individual sessions at any time from within the app. On account deletion, all associated data is permanently removed within 30 days.

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data (right to erasure)
• Export your data in machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time

To exercise these rights, email [email protected].

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest for stored session data, and regular security audits. Mufal is SOC 2 Type 1 and SOC 2 Type 2 compliant.

Mufal is not directed at persons under 16 years of age. We do not knowingly collect personal data from children.

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use after notice constitutes acceptance.

Mufal, Inc.
[email protected]