Privacy Policy

1. Introduction

Welcome to Muj. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our TARIC classification platform. We are committed to GDPR compliance and maintaining a privacy-first approach during our beta testing phase and beyond.

2. What Data We Collect

We collect and process the following types of data to provide and improve our service:

• Account Data: Email address (collected through Supabase authentication)
• Technical Data: IP address, browser type and version, device information, operating system
• Usage Data: Search queries, TARIC codes viewed, features used, navigation patterns
• Chat Data: Chat conversations and messages (stored indefinitely and linked to your account)
• Analytics Data: Privacy-focused usage metrics collected through Umami Analytics (user ID only, no email)
• Payment Data: Not currently collected during beta (Stripe integration planned for future paid plans)

3. How We Use Your Data

We use your personal data for the following purposes:

• Provide TARIC search and AI-powered classification services
• Maintain and display your chat conversation history
• Improve AI model performance and search accuracy based on usage patterns
• Send service-related notifications and important updates
• Analyze usage patterns to improve the product and user experience
• Gather beta testing feedback and guide product development
• Ensure service security and prevent abuse
• Comply with legal obligations and respond to lawful requests

4. Data Sharing & Third Parties

We NEVER sell your data to third parties. We only share data with essential service providers necessary to operate Muj:

5. AI Data Processing

When you use our AI chat features, your messages and search queries are sent to third-party AI providers (OpenAI and Google) for processing. Important points about AI data processing:

• Your email address and user identifier are NOT shared with AI providers
• Only your message content is sent for processing, not your personal information
• AI providers may process data according to their own privacy policies
• We recommend reviewing OpenAI's privacy policy at https://openai.com/privacy
• We recommend reviewing Google's privacy policy at https://policies.google.com/privacy
• AI providers may use aggregated, anonymized data to improve their models

6. Chat History & Data Retention

Important information about how we store and retain your data:

• Chat conversations are stored indefinitely and linked to your account
• You can view all your past conversations at any time through your account dashboard and delete them if needed
• Search queries and TARIC codes you view are logged to improve search relevance
• You can request deletion of your data at any time by exercising your GDPR rights
• Upon account deletion, all your personal data is permanently removed from our systems within 30 days
• Some data may be retained in backup systems for up to 90 days for disaster recovery purposes

7. Cookies & Tracking

We use cookies and similar technologies to provide and improve our service:

• Authentication Cookies: Required for secure login through Supabase (essential for service operation)
• Session Cookies: Maintain your logged-in state and preferences across pages
• You can manage cookies through your browser settings, but some features may not work without essential cookies
• We do not use advertising or tracking cookies from third-party ad networks

8. Your Privacy Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data. Contact us at labas@muj.lt to exercise any of these rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Deletion: Request permanent deletion of your account and all associated data
• Right to Data Portability: Download your data in a machine-readable format (JSON)
• Right to Object: Opt-out of certain data processing activities
• Right to Restrict Processing: Request temporary suspension of data processing
• Right to Withdraw Consent: Revoke permissions for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
• Encryption at Rest: Your data is encrypted in the Supabase database using AES-256 encryption
• Access Controls: Strict authentication and authorization controls limit who can access your data
• Regular Monitoring: Continuous security monitoring for suspicious activity and potential threats
• Security Updates: Regular updates to dependencies and security patches
• Limited Access: Only essential personnel have access to personal data on a need-to-know basis

10. International Data Transfers

Your data may be processed in different locations around the world:

• Supabase: Primarily hosted on EU servers for GDPR compliance
• OpenAI: Data processed on US servers with appropriate GDPR safeguards in place
• Google: Global infrastructure with data centers worldwide
• We use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EU
• All data processors are contractually required to maintain GDPR-compliant data protection standards

11. Children's Privacy

Muj is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child, please contact us immediately at labas@muj.lt.

12. Anonymous Data Collection

Most of our analytics and improvement efforts rely on anonymous, aggregated data:

• Umami Analytics collects usage patterns with minimal user identification (Supabase user ID only, no email or PII)
• We use privacy-first, open-source analytics that respects user privacy by design
• Search query patterns are analyzed to improve search relevance while protecting your identity
• Usage patterns help us prioritize feature development without compromising your privacy
• Analytics data is stored securely and is NEVER shared with advertising networks or third parties

13. Changes to Privacy Policy

We may update this Privacy Policy as we develop new features or change our practices. When we make changes:

• Material changes will be announced via email to registered users
• The 'Last Updated' date at the top of this policy will be revised
• For significant changes, we may require you to review and accept the updated policy
• Continued use of the service after changes constitutes acceptance of the updated policy
• We will maintain previous versions of this policy for your reference

14. Contact Information

If you have questions about this Privacy Policy, want to exercise your GDPR rights, or have privacy concerns, please contact us:

• Privacy Questions: labas@muj.lt
• GDPR Data Requests: labas@muj.lt
• Response Time: We aim to respond to all inquiries within 2-3 business days
• GDPR requests will be processed within 30 days as required by law