Muneo Muneo
Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Muneo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our relationship protection service.

This policy applies to users worldwide, including the European Union, United States, and Canada. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

We collect information that you provide directly to us, including:

  • Account information: Name, email address, and profile picture from your Google or Microsoft account
  • Email data: Email metadata (sender, subject, date) and content to identify follow-ups and generate draft responses
  • Calendar data: Calendar events, attendees, and meeting details for meeting preparation features
  • Usage data: How you interact with our service, preferences, and settings

4. Google API Services

Muneo uses Google API Services to provide its core functionality for users who connect their Google account. We access the following Google user data:

Gmail Data (gmail.readonly)

We request read-only access to Gmail to identify email threads where you have received a message but have not yet replied. Specifically, we read the sender address, subject line, received date, and message snippet to surface follow-ups that need your attention. We access the full message body only when you explicitly open a thread inside Muneo. We never send, modify, or delete emails on your behalf. We store only the metadata (sender, subject, date, snippet) needed to display your follow-up list; full email bodies are processed in memory and not persisted.

Google Calendar Data (calendar.readonly)

We request read-only access to Google Calendar to show you upcoming meetings alongside relevant unanswered emails from the same attendees, so you can prepare before each call. We read event summaries, start/end times, and attendee email addresses. We never create, modify, or delete calendar events.

Google API Services User Data Policy: Limited Use Disclosure

Muneo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google user data is used only to provide and improve the Muneo features described above, not for any other purpose.
  • Google user data is not used for serving advertisements.
  • Google user data is not transferred to third parties except as necessary to provide Muneo's service (e.g., sending a message snippet to OpenAI or Anthropic to generate a draft reply), subject to these third parties agreeing to use the data solely to provide services to Muneo.
  • Google user data is not used by humans for purposes other than security review, compliance with applicable law, or with explicit user consent.

4b. Microsoft Graph API Services

Muneo uses Microsoft Graph API to provide its core functionality for users who connect their Microsoft account. We access the following Microsoft user data:

Outlook Mail Data

  • Read access (Mail.Read): We read your emails to detect which messages need follow-up responses and to provide context for AI-generated drafts

Outlook Calendar Data

  • Read access (Calendars.Read): We read your calendar to show upcoming meetings and identify attendees for meeting preparation

Microsoft Graph API: Muneo's use of Microsoft Graph API complies with Microsoft API Terms of Use. We only request the minimum permissions necessary to provide our services.

5. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide the Muneo service you signed up for
  • Consent (Article 6(1)(a)): For optional features like email and calendar access, which you can revoke at any time
  • Legitimate Interests (Article 6(1)(f)): For service improvement, security, and fraud prevention
  • Legal Obligation (Article 6(1)(c)): When required to comply with applicable laws

6. How We Use Your Information

We use the information we collect to:

  • Provide follow-up detection: Analyze emails to identify messages awaiting your response
  • Generate AI drafts: Create suggested responses based on email content and context
  • Meeting preparation: Show upcoming meetings with relevant email history for each attendee
  • Prioritize communications: Identify high-priority contacts to help you focus
  • Send notifications: Alert you about important follow-ups and upcoming meetings
  • Improve our service: Understand usage patterns to enhance Muneo

7. Automated Decision-Making

Muneo uses AI to automatically:

  • Prioritize emails: Our AI assigns priority levels (Critical, High, Medium, Low) based on sender relationship, content, and urgency
  • Detect follow-ups: Automatically identifies emails that require a response
  • Generate drafts: Creates suggested email responses

These automated processes do not have legal or similarly significant effects. You can always override AI decisions, edit drafts, or change priorities manually.

8. AI Processing and Third Parties

To provide AI-powered features, we use the following third-party AI services:

  • OpenAI: For analyzing email content and generating draft responses
  • Anthropic: As an alternative AI provider for content analysis

When processing your data through these services:

  • Data is transmitted securely via encrypted connections
  • Neither OpenAI nor Anthropic stores your data or uses it to train their models (per their API terms)
  • We only send the minimum data necessary for each specific feature

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence:

Canada ↔ EU/EEA Transfers

The European Commission has recognized Canada as providing an adequate level of data protection. Transfers between the EU and Canada do not require additional safeguards.

Canada ↔ US Transfers (AI Providers)

For transfers to US-based AI providers (OpenAI, Anthropic), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, combined with supplementary technical measures.

10. Data Sharing

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

We may share data only in these limited circumstances:

  • AI providers: As described above, for processing features you use
  • Service providers: Cloud hosting (for data storage), payment processors (for subscriptions)
  • Legal requirements: When required by law or to protect our rights

11. Data Security

We implement strong security measures to protect your data:

  • Encryption at rest: All email content is encrypted using AES encryption with per-user keys and cryptographic authentication
  • Encryption in transit: All data transfers use TLS 1.3
  • Access controls: Strict authentication and authorization for all data access
  • OAuth tokens: Stored encrypted, never exposed in logs or errors
  • Security audits: Regular security reviews and monitoring

12. Data Retention

We retain your personal data only for as long as necessary:

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: All data is permanently deleted within 30 days of account deletion
  • Email content cache: Cached for 24 hours for AI processing, then deleted
  • Usage logs: Retained for up to 90 days for debugging and improvements

13. Your Rights

Depending on your location, you have the following rights:

  • Access: Request a copy of all data we have about you
  • Correction: Request correction of inaccurate data
  • Deletion: Delete your account and all associated data
  • Portability: Export your data in a portable format
  • Restriction: Request we limit processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Revoke consent for optional processing at any time

To exercise these rights, visit your Settings page in Muneo or contact us at .

EU/EEA Residents: You have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL.

14. California Privacy Rights (CCPA/CPRA)

This section applies to California residents.

Categories of Personal Information

We collect the following categories of personal information:

  • Identifiers: Name, email address, account ID
  • Internet activity: Browsing history, search history, interaction with our service
  • Professional information: Business email content, calendar data
  • Inferences: Predictions about your preferences and behavior

Your California Rights

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of sale/sharing of personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell or Share

We do not sell or share your personal information as defined under the CCPA/CPRA. We do not engage in targeted advertising based on cross-context behavioral tracking.

15. Revoking Access

You can revoke Muneo's access to your accounts at any time:

Google Account

  1. Go to Google Account Permissions
  2. Find "Muneo" in the list of apps
  3. Click "Remove Access"

Microsoft Account

  1. Go to Microsoft Account App Permissions
  2. Find "Muneo" in the list of apps
  3. Click "Remove these permissions"

You can also disconnect integrations from within Muneo's Settings page.

16. Children's Privacy

Muneo is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

17. Cookies

We use cookies and similar technologies to operate our service. For detailed information, please see our Cookie Policy.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification for significant changes

19. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: