Privacy Overview

Privacy Policy

Muum AI provides AI-powered advertising and marketing tools. This policy explains what data we collect, how we use it, how we share it — including with the Meta (Facebook / Instagram) Marketing API — and the rights you have over your data.

Last updated: July 6, 2026

Information We Collect

Account and contact information
Name, email address, company name, billing details, and authentication identifiers you provide when you create an account or contact us.
Usage data
How you interact with the product — pages viewed, features used, actions taken, device and browser metadata, and diagnostic logs used to operate and improve the service.
Advertising performance data
Metrics returned by connected ad platforms (impressions, clicks, spend, reach, conversions, and campaign / ad set / creative configuration) used to build, manage, and report on your campaigns.
Customer-provided lead and content data
Lead records, audience inputs, creative assets, and campaign copy you upload or generate inside the product. You remain the controller of this data.

Meta (Facebook / Instagram) Marketing API

When you connect your Meta advertising account, Muum AI uses the Meta Marketing API to create and manage advertising campaigns on your behalf. We only access your Meta data after you explicitly authorize the connection, and we use it solely to deliver the advertising features you request — not for any unrelated purpose.

Data exchanged with Meta:
  • Ad account, business, and page identifiers you authorize us to connect.
  • Campaign, ad set, and ad creative configuration (objectives, budgets, targeting parameters, headlines, descriptions, media).
  • Access tokens issued through Meta Login, used only to call the Marketing API on your behalf.

Purpose of the integration: to create, launch, edit, pause, and report on advertising campaigns you configure within Muum AI. We do not sell your Meta data or use it for advertising unrelated to your own campaigns. Our use of information received from Meta APIs adheres to the Meta Platform Terms, including limitations on further use and transfer.

You can disconnect the Meta integration at any time from your Muum AI integration settings, or by removing Muum AI from your Facebook account's Business Integrations. Disconnecting immediately stops all future access to your Meta data.

How We Store and Share Data

Your data is stored on access-controlled cloud infrastructure with encryption in transit. We apply data minimization, owner-scoped access, and purposeful retention. We do not sell your personal data. We share data only with the service providers below, and only to the extent needed to operate the service:

Meta Platforms (Facebook / Instagram) — Marketing API
Create, launch, manage, and report on advertising campaigns you configure.
Cloud hosting and database providers
Host the application and securely store your data.
AI and content-generation providers
Generate ad copy, creative, and recommendations from the inputs you supply.
Payment and billing processors
Process subscription payments; we do not store full card numbers.

Your Rights

  • Access — request a copy of the personal data we hold about you.
  • Deletion — request that we delete your account data and any data we obtained from Meta on your behalf.
  • Correction — ask us to fix inaccurate or incomplete data.
  • Disconnect — revoke the Meta connection at any time from your integration settings or from your Facebook account settings, which stops all future data access.

To exercise any of these rights, email privacy@muum.ai. We respond to verified requests within 30 days.

What We Process

Capture: Name, Email, Phone, Conversation answers, UTM / session metadata. Purpose: Lead capture and qualification.

Operational storage: Lead profile, Conversation metadata, Domain-only timeline payloads. Purpose: Sales follow-up, routing, analytics, and customer support.

Delivery and integrations: Qualified lead payload, Contact details, Offer / attribution metadata. Purpose: Deliver leads to the customer-owned systems.

Observability and access review: Field names accessed, Hashed client IP, User agent, Purpose metadata. Purpose: Trace sensitive data access without re-storing raw PII.

Retention and Deletion

Lead records
Retention: Until customer deletion, contract termination, or subject erasure request.
Deletion path: Owner-initiated deletion or GDPR/KVKK erasure workflow.
Timeline events
Retention: Short-lived / minimized payload footprint.
Deletion path: Redaction on erasure flow plus TTL-oriented cleanup policy.
Knowledge-base sources
Retention: Until source removal by owner.
Deletion path: Owner delete action with cascading source cleanup.
Security access logs
Retention: 180 days rolling window.
Deletion path: Scheduled cleanup job or manual archival policy.

Logging and Redaction

email
Rule: mask
Preserve debugging utility without exposing the full identifier.
phone
Rule: mask
Phone numbers are direct contact identifiers and should never appear raw in logs.
message|notes|content
Rule: truncate
Free-text fields can accidentally contain sensitive data.
ip
Rule: hash
IP addresses are personal data in many regimes and should not be stored raw for access review.
customFields
Rule: keep-minimal
User-defined payloads can contain unexpected sensitive categories.

Contact

Questions about this policy or your data? Contact us at privacy@muum.ai.