Muhkoo Logo Muhkoo
  • How It Works
  • Pricing
  • Updates
  • GitHub
  • Get Started
Legal

Privacy Policy

Last updated: July 4, 2026 · Effective: July 4, 2026

Summary. Muhkoo is built to know as little about you as possible. Your account uses zero-knowledge authentication, so we never receive or store your password. Your messages, files, and stored data are end-to-end encrypted on your device, so Muhkoo is server-blind and cannot read them. This policy explains the limited information we do process to run the service.

Contents

  1. Scope & who we are
  2. Information we collect
  3. Encryption & server-blindness
  4. How we use information
  5. Legal bases
  6. How we share information
  7. Data retention
  8. Security
  9. Your rights & choices
  10. International transfers
  11. Cookies & analytics
  12. Children
  13. Developers & end users
  14. Changes
  15. Contact

1Scope & who we are

This Privacy Policy explains how Muhkoo Inc. (“Muhkoo,” “we,” “us”) collects, uses, and shares information when you visit muhkoo.com, use the Muhkoo platform, SDK, developer portal, and hosted applications, or otherwise interact with our services (together, the “Services”).

Muhkoo is a developer platform. Where you use an application built by a developer on Muhkoo, that developer is the controller of the personal data you provide to their app; see Developers & end users below.

2Information we collect

Account & identity

Muhkoo authentication is zero-knowledge. When you create an account we store a username and a cryptographic commitment derived on your device. We never receive or store your password, and we cannot derive it. If you enable recovery factors (recovery email, passkey, recovery phrase, or Google sign-in), we store only the minimum metadata needed to support them (for example, a masked email hint or a passkey credential reference), not the secret itself.

Your content (end-to-end encrypted)

Messages, spaces, key/value records, and files you store through Muhkoo are encrypted on your device before they reach us. We store only ciphertext and the minimal operational metadata required to route and deliver it (for example, timestamps, message/shard sizes, content-addressed hashes, and delivery status). We cannot read the contents.

Developer account & usage

If you register as a developer, we process your app configuration (names, slugs, allowed origins, redirect URIs), API key metadata, and usage metrics (such as request counts, storage bytes, message counts, and AI inference units) that we use to operate and bill your account.

Billing

Payments are processed by Stripe. We receive billing status, subscription and plan information, and limited transaction metadata. We do not store your full card number or bank details; those are handled by Stripe under its own privacy policy.

Website & communications

On our marketing website we use analytics (see Cookies & analytics). If you join a waitlist or contact us, we collect the email address and any details you provide in order to respond and, where you have opted in, to send you product updates.

Technical & log data

Like most online services, our infrastructure automatically records technical data such as IP address, approximate location, device and browser type, and request logs. This is used for security, abuse prevention, debugging, and reliability.

3Encryption & server-blindness

Muhkoo is designed so that we cannot access your encrypted content. Encryption and decryption keys are derived from your identity and held on your devices; they are not shared with our servers in a form we can use. A direct consequence: if you lose your account credentials and every recovery factor, we cannot recover your encrypted data for you. Please keep your recovery options up to date.

4How we use information

  • Provide, maintain, secure, and improve the Services;
  • Authenticate you and protect accounts;
  • Route and deliver encrypted content and real-time messages;
  • Meter usage and process billing for developer accounts;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Communicate with you about the Services, including service and security notices;
  • With your consent, send product updates and marketing;
  • Comply with legal obligations and enforce our terms.

5Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Services); legitimate interests (to secure, operate, and improve the Services, and to prevent abuse); consent (for marketing and non-essential cookies, which you can withdraw at any time); and legal obligation (to comply with applicable law).

6How we share information

We do not sell your personal information. We share limited information with:

  • Service providers / sub-processors who help us run the Services, including payment processing (Stripe), transactional and marketing email (SendGrid), CRM/waitlist (HubSpot), product analytics (Google Analytics), and third-party cloud infrastructure and edge-network providers that host and deliver the Services. These providers act on our instructions under contract.
  • Legal & safety: where reasonably necessary to comply with law, respond to lawful requests, or protect the rights, safety, and property of Muhkoo, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

Because your content is end-to-end encrypted, information we could disclose in response to a legal request is generally limited to account and operational metadata, not the contents of your messages or files.

7Data retention

We keep information for as long as your account is active and as needed to provide the Services, then for a limited period as required to comply with legal, tax, accounting, security, and dispute-resolution obligations. Encrypted content is retained per the applicable app's configuration; deleted content and unreferenced encrypted shards are removed after a retention window. You may request deletion of your account as described below.

8Security

We use encryption in transit and at rest, zero-knowledge authentication, end-to-end encryption of user content, access controls, and monitoring. No system is perfectly secure, but our architecture is designed to minimize the data that could ever be exposed. If we become aware of a breach affecting your personal data, we will notify you and regulators as required by law.

9Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of “sale” or “sharing” (we do not sell or share personal information as those terms are defined). To exercise any right, contact us at privacy@muhkoo.com. We will not discriminate against you for exercising your rights. You can opt out of marketing emails at any time via the unsubscribe link.

10International transfers

We operate on a globally distributed edge network, so your information may be processed in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

11Cookies & analytics

Our marketing website uses Google Analytics (GA4) to understand aggregate traffic and improve the site. These analytics may set cookies or similar identifiers. Essential cookies/local storage are used to run the Services (for example, to keep you signed in). You can control cookies through your browser settings; blocking some may affect functionality.

12Children

The Services are not directed to children under 13 (or the minimum age of digital consent in your jurisdiction), and we do not knowingly collect their personal information. If you believe a child has provided us personal information, contact us and we will delete it.

13Developers & end users

Applications built on Muhkoo are operated by independent developers. When you use such an app, the developer is responsible for its own data practices and privacy notice, and Muhkoo processes data on the developer's behalf as a processor for the app's content. If you have a question about a specific app, please contact that app's developer. This policy governs Muhkoo's own website, platform, and developer services.

14Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

15Contact us

Questions about this policy or your personal information? Contact:

Muhkoo Inc.
Privacy: privacy@muhkoo.com
General: hello@muhkoo.com
Muhkoo Muhkoo

Edge platform for secure, real-time apps: zero-knowledge auth, end-to-end encryption, and server-blind storage.

Product

  • Pricing
  • Estimator
  • Roadmap
  • Changelog

Developers

  • Docs
  • GitHub
  • npm

Legal

  • Privacy Policy
  • Terms of Service
  • Security
  • Contact

© 2026 Muhkoo. All rights reserved.

Muhkoo™ is a trademark of Muhkoo Inc.