Privacy Policy — Mutumina

Section 01

Who We Are

Mutumina ("we", "us", "our") is a content distribution platform that enables users to write content via Telegram and automatically distribute it to connected social media platforms including LinkedIn, Facebook, X (Twitter), and Instagram.

We are the data controller for information collected through our service. If you have any questions about this policy or your data, you can reach us at privacy@mutumina.com.

Our core commitment: We collect only what is necessary to deliver the service. We do not sell your data, use it for advertising, or share it with third parties except to operate the service you signed up for.

Section 02

Data We Collect

We collect the following categories of information when you use Mutumina:

Category	What We Collect	Why
Account	Email address, name	Required
Telegram Identity	Telegram user ID, username	Required
Social Tokens	OAuth access tokens for connected platforms	Required
Content	Messages you send to the bot, attachments you share	Required
Publishing Logs	Post timestamps, platform responses, approval records	Required
Usage Data	Feature interactions, error logs, session data	Optional

What we do NOT collect: We do not collect your social media passwords. We never ask for them, and our integrations use OAuth — the same secure standard used by all major platforms.

Section 03

How We Use Your Data

We use the information we collect strictly to operate and improve Mutumina. Specifically:

To authenticate you and link your Telegram account to Mutumina
To receive, format, and distribute your content to connected social platforms
To send you approval previews and notifications via Telegram
To log publishing history so you can review what has been posted
To diagnose errors and improve reliability of the service
To send transactional emails (account notices, updates to this policy)

Human approval is fundamental to our model. Your content is never published without your explicit approval inside Telegram. This is not just a feature — it is a core architectural decision rooted in our HCADE (Human Centered Automation and Delivery Engine) framework.

Section 04

Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We only share data in the following limited circumstances:

Social platforms you connect — when you approve a post, we transmit your content to the platforms you have explicitly connected (LinkedIn, Facebook, X, Instagram). You control which platforms are connected at all times.
Infrastructure providers — we use cloud hosting and database providers to operate the service. These providers are bound by data processing agreements and may not use your data for any purpose other than providing services to us.
Legal requirements — we may disclose data if required by law, court order, or governmental authority, and where permitted, we will notify you.
Business transfers — in the event of a merger or acquisition, your data may transfer to a successor entity. We will notify you via email before any such transfer occurs.

Section 05

Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

Account data — retained until you delete your account
Content & publishing logs — retained for 24 months from creation, then automatically deleted
Social access tokens — retained until you disconnect a platform or delete your account, whichever comes first
Usage & error logs — retained for 90 days, then purged

When you delete your account, we permanently delete all associated personal data within 30 days, except where retention is required by law.

Section 06

Security

We take the security of your data seriously. Our measures include:

All data transmitted between your devices and our servers is encrypted via TLS
Social OAuth tokens are encrypted at rest using AES-256
Access to production systems is restricted to authorised personnel only
We conduct regular security reviews of our infrastructure
We do not store your social media passwords — ever

If you suspect unauthorised access to your account, please disconnect all connected platforms immediately from your account settings and contact us at security@mutumina.com.

Section 07

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honour all requests regardless of jurisdiction.

👁️

Access

Request a copy of all personal data we hold about you.

✏️

Correction

Ask us to correct any inaccurate or incomplete data.

🗑️

Deletion

Request permanent deletion of your account and all associated data.

📦

Portability

Receive your data in a structured, machine-readable format.

🚫

Objection

Object to processing of your data for certain purposes.

⏸️

Restriction

Request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, email us at privacy@mutumina.com. We will respond within 30 days.

Section 08

Cookies & Tracking

Mutumina uses a minimal number of cookies to operate the service:

Session cookies — essential for keeping you logged in. These expire when you close your browser.
Authentication cookies — used to maintain your secure session after login. These expire after 30 days of inactivity.

We do not use advertising cookies, tracking pixels, or third-party analytics that profile your behaviour across websites. We do not use Google Analytics or similar surveillance-based analytics tools.

We may use a privacy-respecting, self-hosted analytics tool to understand aggregate usage patterns (e.g., how many people use a feature). This data is never tied to individuals and is never shared.

Section 09

Third-Party Services

Mutumina integrates with the following external services. When you connect a platform, that platform's own privacy policy also applies to data you post through their API:

Telegram — used as the primary interface for content input and approval. Telegram Privacy Policy ↗
LinkedIn — content distribution (live at launch). LinkedIn Privacy Policy ↗
Facebook / Meta — content distribution (coming soon). Meta Privacy Policy ↗
X (Twitter) — content distribution (coming soon). X Privacy Policy ↗
Instagram — content distribution (coming soon). Instagram Privacy Policy ↗

You can disconnect any platform at any time from your account settings. Disconnecting revokes our access token and removes our ability to post on your behalf.

Section 10

Children's Privacy

Mutumina is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16 years of age.

If you believe a child under 16 has provided us with personal data, please contact us at privacy@mutumina.com and we will delete that information promptly.

Section 11

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify you via email at least 14 days before the changes take effect
In some cases, ask for your renewed consent where required by law

Your continued use of Mutumina after the effective date of any changes constitutes your acceptance of the updated policy.

Section 12

Contact Us

If you have any questions, concerns, or requests relating to this privacy policy or your personal data, please reach out:

Mutumina Privacy Team
Email: privacy@mutumina.com
Response time: within 30 days of receipt

For urgent security concerns, please email security@mutumina.com directly.