Privacy Policy

Effective: January 16, 2026

Your Right to Privacy

Your privacy and security are the highest priority in every decision we make. You may revoke your consent by canceling your account at any time. Your use of our service is governed by our Terms of Use, including age requirements.

Changes to this Policy

Mudroom reserves the right to revise this policy at any time. Updates will be published at www.mudroom.co with in-app notifications requiring user consent for substantive changes.

Age and Consent Information

Our services are designed for users meeting minimum age requirements. Age verification relies on app store and platform verification. We do not collect government-issued identification or precise birthdates. Age information is used only for legal compliance, not marketing.

Collection and Use of Information About Mudroom Users

Personal Information is data that uniquely identifies individuals and is treated as confidential. Non-Personal Information is data that does not identify specific persons. Processing may occur where collected or in the United States.

Collection of Personal Information

Account creation may require: name, picture, email, social profiles, usernames, passwords, phone numbers, addresses, preferences, demographics, and location data.

Feedback collection stores: device, email, time, feedback text, logs, and screenshots.

Website forms collect personal data. Servers automatically record: IP address, previous page visited, browser type/settings, date/time, configuration data, language preferences, and cookie data.

Third-party analytics employ cookies tracking service usage and other websites.

Use of Personal Information

Personal information may be shared with third parties consistent with this policy's disclosures. Uses include:

• Product announcements (opt-out available)
• Service improvement and personalization
• Internal auditing and research
• Critical notices (cannot opt-out)
• Special programs administration
• Profile display per user preferences

Combined Personal/Non-Personal information is treated as Personal Information.

Collection and Use of Non-Personal Information

Mudroom may aggregate or de-identify data, removing individual association. Anonymized data is used to improve products.

Data Retention

Data is retained per user instructions and applicable law. Users may request deletion at policies@mudroom.co.

Backups are retained 30 days for disaster recovery with automatic purging. Log data is retained 30–186 days.

Updating or Requesting Your Information

Updates are available in-app or via policies@mudroom.co.

Technology Used to Collect Information

Methods include cookies, pixel tags, and web beacons that improve user experience (login persistence, preference storage). Classification as Personal/Non-Personal is determined by definitions, not collection method.

Third Party Relationships

Personal information may be shared with strategic partners and service providers for assistance. Third parties are verified for GDPR adherence.

Third-party sourced data from public sources may be used to improve product experience. Privacy Shield liability applies when agents process data inconsistently.

Use of YouTube API Services

YouTube API usage requires agreeing to the Google Privacy Policy. YouTube data is refreshed or deleted within 30 days per API policies.

Legal Requirements and Policy Enforcement

Disclosure may be required by law, legal process, litigation, or governmental requests for national security, law enforcement, or public importance. We attempt notification unless legally restricted.

Disclosure may also occur for service compliance, operational protection, and user protection. Information may be transferred upon reorganization, merger, or sale.

Links to External Websites

Third-party websites have separate policies. Mudroom is not responsible for linked sites.

Security

Users are responsible for password security. Industry-standard protections through administrative, technical, and physical measures guard against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction.

SSL encryption is used on Personal Information pages. Social media sharing makes information visible to others (user responsibility).

Reasonable security steps are taken but cannot guarantee prevention of illegal attacks. Breach notification is provided via email per our GDPR commitment with authority information provided.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Mudroom follows (not yet self-certified) Privacy Shield frameworks and principles regarding notice, choice, onward transfer, security, data integrity, access, and enforcement.

Your California Privacy Rights

The CCPA provides California consumers rights to: know details about collected information, delete personal information, opt-out of "sales," and avoid discrimination.

Requests may be submitted to policies@mudroom.co and verified via account information; government ID may be required. Authorized agents may exercise rights on consumer behalf.

Mudroom does not sell personal information without providing opt-out rights.

Privacy Policy Inquiries and Dispute Resolution

The FTC has investigatory and enforcement authority. Unresolved concerns may be escalated to JAMS (independent third-party dispute resolution, U.S.-based, free investigation/assistance). Binding arbitration is available for residual complaints.

Operational Security

Team Background: Founder-led engineering with 10+ years managing petabytes of confidential data.

Infrastructure:

• Public cloud providers (Google Cloud Platform, Amazon Web Services) with highest security practices
• 24x7 onsite data center staff
• Firewalls, hardened Linux systems, conservative network configuration
• Secure VPNs encrypting network transmissions
• Prompt critical issue patching

A comprehensive Security Trust Policy governs the technical team. Staff access accounts only for troubleshooting and never request passwords. Full-disk encryption on staff computers. 1Password provided to all employees.

Financial Security

Credit card and billing information is stored securely via PCI-compliant payment services.

Passwords

Preference for OAuth authorization (industry standard, no password storage/transmission). Traditional username-password systems use encrypted password representation. Users are responsible for secure password creation and maintenance.

Responsible Disclosure

Security researchers may report concerns to policies@mudroom.co. Public key available upon request. Reasonable time is allowed before publication. Automated security tools/scanners are prohibited (risk of IP banning); data destruction and service interruption are forbidden.

Inquiries

Contact policies@mudroom.co for policy questions, data inquiries, and deletion requests.

Mudroom, Inc.
206 E Huron Street
Ann Arbor, MI 48103