Privacy Policy

Effective Date: April 1, 2026
Last Updated: June 13, 2026

1. Introduction

This Privacy Policy describes how MF0 (mf-lab) ("Service", "we", "us", or "our") collects, uses, and protects your information when you use our platform.

By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide

Account Information (if applicable)
Name, email address, login credentials, authentication data
User Content
Messages, prompts, responses, uploaded files (images, documents, audio), and any data you submit through the Service
Feedback and Communications
Messages sent to support, bug reports, or feedback submissions

2.2 Automatically Collected Technical Data

Once per day per authenticated session, we collect the following technical data. This collection is based on our legitimate interest in improving service quality and security. It does not require cookie consent.

IP address — used to determine approximate country of origin and detect anomalies
Time zone — browser-reported; used to verify geographic consistency
VPN / proxy detection — best-effort heuristic comparing IP-based timezone with browser timezone; no external tracking service is used
Interface language — the language selected by the user in the app settings
Operating system — detected from the browser User-Agent string (e.g. Windows, macOS, Android, iOS)
Device type — mobile or desktop, detected from the User-Agent
Screen resolution and color depth — used to optimise the interface
CPU core count — reported by the browser via navigator.hardwareConcurrency
Available RAM — reported by the browser via navigator.deviceMemory (rounded value, in GB)
Network connection type — reported by the browser (e.g. 4g, wifi), where available
Referral source — the page the user came from (document.referrer), if any

This data is stored in our database and is not shared with advertising networks. It is used exclusively to understand how the platform is used and to improve reliability and performance.

2.3 Usage Data

Interaction Data — features used, session activity, AI model selections
Log Data — timestamps, request metadata

2.4 Local Storage and Project Data

MF0 is designed with local-first principles:

Conversations, memory graph data, and project data may be stored locally on your device
Some data may also be stored in a configured database (SQLite or PostgreSQL) depending on deployment settings
Media files (e.g., images) may be stored on disk in local storage paths

3. How We Use Information

We use information to:

Provide and operate the Service
Process AI requests and return outputs
Maintain conversation history and memory systems
Enable analytics (usage, token estimates, cost calculations)
Improve functionality and performance
Detect and prevent abuse, fraud, or security issues
Respond to user inquiries and support requests

4. AI Processing and Third-Party Providers

The Service may send your Input to third-party AI providers (e.g., language model APIs) to generate Output.

Requests are routed via a server-side proxy
API keys are not exposed to the client
Third-party providers may process your data according to their own policies

We are not responsible for how third-party services handle your data.

5. Analytics and Usage Tracking

We collect and store usage-related data such as:

Model usage (tokens, requests, providers)
Estimated cost calculations
Feature usage metrics

This data is used for:

Displaying analytics dashboards
Improving system performance
Internal monitoring

6. Data Sharing

We do not sell your personal data.

We may share data only in the following cases:

With service providers (hosting, infrastructure, authentication)
With AI providers to process requests
To comply with legal obligations
To protect rights, safety, and security

7. Data Retention

We retain data:

As long as necessary to provide the Service
Until you delete it (where deletion is supported)
As required for legal or security purposes

You may:

Delete conversations
Clear project data and caches
Remove stored files and attachments

8. Your Rights and Controls

Depending on your location, you may have the right to:

Access your data
Correct your data
Delete your data
Export your data
Restrict processing

You can manage your data via:

Application settings
Local storage controls
Account deletion (if applicable)

9. Security

We implement reasonable technical and organizational measures to protect your data.

However:

No system is completely secure
You are responsible for safeguarding your own access and environment

10. Children

The Service is not intended for children under 13.

We do not knowingly collect data from children under this age.

11. International Data Transfers

Your data may be processed in different jurisdictions depending on:

Server location
Third-party providers

We apply appropriate safeguards where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

We will update the "Last Updated" date and provide notice if changes are material.

13. Contact

For questions or requests related to this Privacy Policy:

[email protected]