Privacy Policy

Mufal, Inc. (“Mufal”, “we”, “us”, or “our”) operates the Mufal desktop application and related services. We are committed to protecting your personal information and your right to privacy.

If you have questions about this policy, contact us at [email protected].

Account data: When you register, we collect your email address and encrypted credentials.

Audio data: When recording is active, we process microphone audio in real time for transcription purposes. Audio is streamed directly to AssemblyAI and is not stored on our servers unless you explicitly save a session.

Session data: Transcripts and AI-generated notes from your meetings, stored on your device and optionally synced to our cloud under your account.

Usage data: Basic telemetry such as app version, OS type, and feature usage frequency — never linked to the content of your meetings.

Billing data: Payment is processed by Stripe. We store only your Stripe customer ID; we never see or store full card numbers.

We use your data solely to:

• Provide and improve the Mufal service
• Authenticate you and maintain your session
• Sync your meeting data across your devices
• Send transactional emails (billing, security alerts)
• Detect and prevent abuse or fraud

We do not use your meeting content to train AI models. We do not sell your data to third parties.

We share data only with trusted sub-processors necessary to operate the service:

AssemblyAI — real-time speech-to-text transcription
OpenRouter / OpenAI — AI response generation
Neon — cloud database storage
Stripe — payment processing

All sub-processors are contractually bound to process data only as instructed and are prohibited from using your data for their own purposes.

Session data is retained until you delete it from your account. You may delete individual sessions at any time from within the app. On account deletion, all associated data is permanently removed within 30 days.

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data (right to erasure)
• Export your data in machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time

To exercise these rights, email [email protected].

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest for stored session data, and regular security audits. Mufal is SOC 2 Type 1 and SOC 2 Type 2 compliant.

Mufal is not directed at persons under 16 years of age. We do not knowingly collect personal data from children.

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use after notice constitutes acceptance.

Mufal, Inc.
[email protected]