This Privacy Policy (the “Policy”) explains how Mumi Co., a California corporation (“Company”, “we”, “us”, “our”) collects, uses, and discloses personal information through its website and its mobile application (collectively, the “Services”). Any capitalized terms that are not defined in this Policy are defined in our Terms of Service.
As explained further in this section, you will have the opportunity to provide us with certain personal information. In addition, we may collect certain personal information automatically through your use of the Services. The rest of this section provides a more detailed explanation of the personal information we collect, how we use that personal information, and our lawful bases for processing that personal information.
The following table identifies the specific purposes for which you may voluntarily disclose personal information to us, along with our lawful bases for processing that personal information.
| Category | Type of Personal Information | How we collect that information | Lawful Basis for Processing |
|---|---|---|---|
| Identifiers | Real name, Email Address | Directly from you or Third Party Information Providers (such as Google or Apple) | Your consent; Performance of a contract with you; Legal compliance; Necessary to protect your (or someone else’s) vital interests; Public interest; Our legitimate interest in providing our Services to you and conducting our business |
| Categories of personal information described in Cal. Civ. Code § 1798.80(e) | Real name, Email Address | Directly from you or Third Party Information Providers (such as Google or Apple) | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Characteristics of protected classifications (CA/federal law) | e.g. race, color, religion, sex, gender identity/expression, sexual orientation, marital status, medical condition, disability, military/veteran status. | Directly from you | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Biometric information | e.g., physiological, biological, or behavioral characteristics that can establish identity, such as DNA, fingerprints, faceprints, iris/retina scans, voiceprints, keystroke patterns, gait, or sleep/health/exercise data | Directly from you | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Internet or other electronic network activity information | e.g., browsing history, search history, and interaction with a website, application, or advertisement | Directly from you | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Education information | e.g., education level | Directly from you | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Inferences | e.g., preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitudes | Directly from you | Our goal is to create accurate content that benefits users. Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
| Conversational Data | Please see Section 2.2 below | Directly from you | Your consent; Performance of a contract with you; Our legitimate interest in providing our Services to you and conducting our business |
For the purposes of this Policy, “Conversational Data” means any information — including personal information — that you voluntarily provide through text, voice, or video interactions with the Services, whether in response to prompts, through open-ended conversation, or in completing exercises, activities, or other app features, including Challenges. This includes both structured responses (such as answering a survey provided by us) and unstructured content (such as free-form chat messages). Because these types of communications with the Services are open-ended, Conversational Data may contain information falling into multiple of the categories of personal information specified above, as well as any other type of data not identified above. In particular, Conversational Data may include your Sensitive Information (see Section 2.4 below). You are not required to provide this information to use the core features of the Services, but if you choose to share it, you acknowledge, agree, and consent to such data being collected, stored, and processed in accordance with this Privacy Policy.
As part of the Services, you may choose to complete structured tests or assessments, including onboarding questions, mood check-ins, and topic-specific assessments (for example, trauma, anxiety, OCD, stress, panic, or phobia tests). Your responses to these tests are collected and stored as part of your Conversational Data. We use this information to calculate scores, display results to you (for example, in charts or ranges), and recommend relevant sessions or resources within the Services. If you complete a test on the website, we may process your responses for the same purposes. If you choose to provide your email address when completing a test (for example, to receive a free session, create an account, or obtain additional information), we will use your email address only for the purpose disclosed at the time of collection, and we will only send you marketing communications if you have provided your separate, explicit consent where required by applicable law.
When you participate in a voice session with your Wellness Partner, your voice is processed in real time to generate a text transcript so that the session can continue or resume if interrupted. We do not record, retain, or store the underlying audio of your interactions. Only the text transcript is stored.
We use information that we collect about you or that you provide to us, including any personal data, to:
We may process information that is considered “special category” data under the GDPR and “sensitive personal information” under the CCPA/CPRA (collectively, your “Sensitive Information”). This may include information you voluntarily share about your mental health, wellness activities, moods, feelings, or other information you choose to disclose, including as part of your Conversational Data. We only process this type of information with your explicit consent (where required by law) and as necessary to provide the Services you request. You may withdraw your consent or request that we limit the use of your sensitive information at any time by emailing support@mumiworld.com (or by using an applicable settings/consent form where provided). Certain features may become unavailable if you do so. We do not use sensitive personal information for purposes such as marketing or profiling unless we have obtained your additional consent where required by law. In addition, we may use certain Sensitive Information (including your Conversational Data) to improve and develop our Services; provided we will do so only with your explicit consent where required by applicable law, and you can withdraw such consent at any time as described herein.
Whenever you interact with the Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” and pixel tag information, the type of device you’re using to access the Services, the amount of time spent on the Services, and the page or feature you requested. You can learn more about our use of cookies and related technologies in our Cookie Policy. We use the data we automatically collect from you to customize content for you based on your usage patterns and to improve the Services. We collect this information with your consent, to perform our contract with you, and for our legitimate interest of providing a smooth user experience. If we rely on your consent for the use of cookies (e.g., third-party advertisers), you can remove consent using provided settings where available.
We work with third-party advertising partners (e.g. Meta, Google, TikTok) who use cookies, SDKs, and similar technologies to collect information about your interactions with our Services and other websites or apps over time. This information may include device identifiers, browsing and usage activity, and other online activity information. We use this information to deliver personalized advertising, measure the effectiveness of our advertising campaigns, and retarget users with relevant ads. Under GDPR and similar laws, we rely on your consent to process this data for targeted advertising (you may withdraw consent at any time per available instructions/settings). Under the CCPA/CPRA, this activity may be considered “sharing” of personal information for cross-context behavioral advertising. California residents may opt out by visiting our “Do Not Sell or Share My Personal Information” link when available.
We employ personnel and engage other companies and people to perform tasks on our behalf and need to share your personal information with them to provide products or services to you. For example, certain data that we receive is stored on servers hosted by Google.
We use the OpenAI API (OpenAI, LLC) to enable certain features, such as generating responses and content within the Services. When you interact with these features, the Conversational Data you provide is sent to OpenAI for processing solely to generate the requested output. OpenAI acts as our service provider/data processor in accordance with our instructions. We do not permit OpenAI to use your information for their own purposes. For more information: openai.com/enterprise-privacy/. We may also share Conversational Data with third-party service providers who assist us in processing voice input and generating audio output for the Services (acting as processors under our instructions).
Through a pixel tag placed on our website, we may measure, optimize, and build audiences for our advertising campaigns on Facebook. We may see how users move between devices when accessing our website and Facebook, and we use this to ensure that our Facebook advertising is shown to users most likely to be interested by analyzing which content a user has viewed and interacted with on the website.
We use Google Analytics to understand how visitors engage with our Services. Learn more at: https://policies.google.com/technologies/partner-sites.
We may share information with our advertising partners for the purposes of targeted advertising and retargeting, as described in Section 2.
We may de-identify your personal information so that you are not identified as an individual, and share that information with third parties. We may also provide aggregate usage information to third parties (or allow these third parties to collect aggregate information of activity on our Services) to help understand usage and improve experiences.
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
We may access, read, preserve, and disclose information necessary to comply with governmental requests, law enforcement or court orders, or enforce/apply our Terms of Service and other agreements.
Because we do not have users under the age of 18, we do not sell or share the personal information of users under 16 years of age.
We may transfer the personal information of users from the European Economic Area, Switzerland, or United Kingdom to the United States. When doing so, we rely on adequacy decisions, data transfer agreements, or other legally compliant mechanisms for such transfers, including Standard Contractual Clauses. You can ask for a copy by contacting us as set out below.
We use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We also rely on safeguards provided by third-party providers we use to host, store, and process your personal information. However, no method is 100% secure.
You may access, edit, and delete your profile information via account settings (subject to backups/legal requirements and public content constraints). De-identified/aggregate data cannot be removed.
Contact us at support@mumiworld.com. If you authorize an agent, the agent may contact us at the same email with written authorization. We may verify identity/authority before processing. If you are not satisfied with a decision, you may appeal within 45 days at the same address; we will respond in writing within 45 days. If applicable and you remain unsatisfied, and if you reside in Virginia or Colorado, you may contact the Virginia Attorney General (oag.state.va.us, +1-804-786-2042) or the Colorado Attorney General (coag.gov, +1-720-508-6000).
We welcome the chance to address concerns. Depending on jurisdiction, you may have the right to make a complaint to your data protection supervisory authority if concerns remain after our review.
Subject to your right to request deletion in accordance with Section 6, we retain personal information as long as needed for your use of the Services, your approved receipt of marketing communications, our legal compliance, and to protect our or others’ interests.
We will honor your exercise of rights with respect to your personal information in accordance with Section 6. Apart from those rights, we do not respond to “Do Not Track” signals.
Children under the age of 13 are not permitted to use, access or register for the Services. We do not knowingly collect information from anyone under 13. If we learn that we have collected personal information from a child under 13, we will delete it as quickly as possible.
We may change this Policy from time to time. The date of the last modification will be posted at the beginning. It is your responsibility to check for updates. By continuing to use the Services, you agree to be bound by the modified Policy.
If you have any questions or concerns regarding this Policy, please email our data protection officer at support@mumiworld.com. For all other inquiries, contact support@mumiworld.com.