Document storage
- Documents you upload (bills, invoices, screenshots) live in Supabase Storage
- Stored in your own folder, RLS-protected
- Accessible only via signed URLs valid for 1 hour
- Encrypted at rest (AES-256)
- You can download or delete any document any time
Voice recordings
- Calls placed on your behalf are recorded for quality and dispute resolution
- Stored encrypted in Supabase Storage
- Accessible to you, the assigned Mumm operator (if any), and admins (audit-logged)
- You can request deletion any time after the negotiation closes
- Recordings purged automatically 7 years after the negotiation closes (legal retention)
Email communications
- Emails sent on your behalf use a Mumm-controlled address (negotiation+{id}@mail.trymumm.com)
- Replies route back to your negotiation thread
- Stored encrypted in the database, accessible per RLS
- Available in your dashboard under each negotiation
- Retained 7 years after negotiation closes
Protected health information (PHI)
- We handle PHI under HIPAA where applicable
- Stored in encrypted PHI-flagged columns
- Access logged separately from non-PHI data
- Sub-processors that touch PHI (Anthropic, Supabase, Stripe) have BAAs in place
- We do not use PHI for analytics, marketing, or model training
- We do not share PHI with any third party except the merchant of the bill itself or with your explicit consent
Payment data
- Card numbers never touch our servers
- Stripe-tokenized references stored
- Bank account details (for ACH) tokenized, not stored in cleartext
- PCI-DSS handled by Stripe (Level 1)
Analytics & telemetry
- We use PostHog for product analytics
- Event names and properties only — no PII in event payloads
- IP addresses anonymized (last octet stripped) before storage
- You can opt out of all non-essential analytics in your account settings
Third-party sub-processors
A current list lives at /trust/sub-processors and is updated within 30 days of any change. Major sub-processors:
- Vercel (hosting)
- Supabase (database, storage, auth)
- Stripe (payments)
- Twilio (SMS, voice)
- Resend (email)
- Retell (voice agent)
- Anthropic (LLM)
- Sentry (error tracking)
- Axiom (logging)
- PostHog (analytics)
Data export & deletion
- Export: account settings → data export → ZIP file with everything we have
- Delete: account settings → delete account. Soft-deleted immediately (recoverable within 30 days). Hard-deleted after 30 days, except for records we are legally required to retain (financial records: 7 years; tax records: 7 years).
- Specific deletion requests (single document, single negotiation): contact privacy@mumm.com