Privacy Policy

Effective date: March 1, 2026 · Last updated: March 24, 2026

This Privacy Policy describes how m8n ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the m8n platform and related services. We are committed to protecting your privacy and handling your data with transparency.

1. Information We Collect

Account Information: When you create an account, we collect your email address, display name, and workspace name. If you sign up for a paid plan, payment information is processed directly by Stripe — we never see or store your card number.

Usage Data: When you use the platform, we collect decision logs, outcome data, blueprint configurations, and usage metrics necessary to operate the service. This includes API request metadata (timestamps, endpoints, response codes) but not the content of your AI model responses unless you explicitly log them.

Technical Data: We collect standard server access logs including IP addresses, browser user agents, and referring URLs. These are retained for 30 days for security and debugging purposes.

2. How We Use Your Data

• Service Operation: To operate, maintain, and improve the m8n platform, including decision processing, outcome tracking, and blueprint management
• Payment Processing: To process payments via Stripe (we never store your card details directly)
• Communications: To send transactional emails (account confirmation, billing receipts, security alerts). We do not send marketing emails unless you opt in
• Customer Support: To respond to your inquiries and provide technical assistance
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Analytics: To understand platform usage patterns and improve the service. We do not use third-party analytics trackers

3. Data Isolation

m8n is built with tenant isolation at the infrastructure level. Your decision data, learning patterns, and blueprint configurations are stored in your isolated workspace. We do not use your data to train models for other customers. Each workspace's learning data is exclusively theirs.

4. Data Storage and Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Sensitive fields such as API keys are additionally encrypted with per-tenant vault keys. Database backups are encrypted and stored in geographically redundant locations.

We implement role-based access controls, audit logging for all administrative actions, and regular security reviews of our infrastructure.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

• Stripe: For payment processing, governed by Stripe's Privacy Policy
• Cloud Infrastructure: Our hosting providers, bound by data processing agreements
• AI Model Providers: When your blueprints invoke external AI models (Claude, Gemini, etc.), the prompts you configure are sent to those providers. Each provider has their own data handling policies. Local Ollama models keep all data on your infrastructure

We may disclose information if required by law, court order, or to protect the safety of our users.

6. Data Retention

Your data is retained for the duration of your active account. Upon account cancellation:

• Account data is retained for 30 days (in case you want to reactivate)
• After 30 days, all account data, decision logs, and learning data are permanently deleted
• You may request immediate deletion at any time by emailing privacy@m8n.app
• Billing records are retained for 7 years as required by tax regulations

7. Your Rights

You have the right to:

• Access your personal data and request a copy in a portable format
• Correct inaccurate or incomplete personal data
• Delete your account and all associated data
• Export your decision logs, outcomes, and blueprint configurations
• Withdraw consent for non-essential data processing
• Object to processing of your personal data for specific purposes
• Lodge a complaint with a supervisory authority (for EU/EEA residents)

To exercise any of these rights, contact us at privacy@m8n.app. We will respond within 30 days.

8. Cookies

We use essential session cookies to keep you authenticated. These cookies are strictly necessary for the platform to function and cannot be opted out of while using the service.

We do not use third-party tracking cookies, advertising cookies, or analytics trackers. We do not participate in any ad networks or cross-site tracking.

9. International Transfers

Our servers are located in the United States and Europe. If you access the platform from outside these regions, your data may be transferred internationally. We ensure appropriate safeguards are in place for all international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

The m8n platform is a business service not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@m8n.app and we will promptly delete it.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related questions, data requests, or concerns:

• Email: privacy@m8n.app
• General inquiries: Contact page

For more about how m8n works, visit our about page or explore the documentation.