Privacy policy

What we collect

We collect what you choose to put into Mycel: your conversations with Sero, the documents in your vault, and the settings you save. We also store your email address and a hashed password so you can sign in.

How we use it

We use your data to make the product work for you: filing your notes, recalling them in context, running automations you set up. We don't sell your data. We don't train models on your data.

Where it lives

Your vault is stored on Supabase Postgres in the US. When you chat with Sero, your messages are sent to Anthropic or OpenAI to generate the reply. They process the request and return an answer; they do not retain it for training under their standard API terms.

Subprocessors

We rely on a small set of trusted vendors to run Mycel. Each processes only what it needs to do its job:

• Supabase— database, authentication, and file storage (hosted in the United States).
• Anthropic and OpenAI— AI processing of the messages you send to Sero. Under their standard API terms they do not retain your data for training.
• Stripe— payment processing for paid plans. Card details go directly to Stripe; we never see or store them.
• Brevo— transactional email (sign-in, account, and billing notices).

Cookies and analytics

Strictly necessary cookies keep you signed in and the app working — these are always on. We also use a single privacy-respecting analytics cookie (Google Analytics) to understand how Mycel is used. That cookie only loads after you accept it in the consent banner; if you decline, no analytics cookie is set. You can change your mind at any time by clearing the cookie in your browser, which brings the banner back.

Your rights

You can export everything from Settings → Your data at any time. You can delete your account from Settings → Account. Deletion is permanent and removes your vault from our active stores within 30 days.

If you are in the EU, UK, or another region covered by the GDPR, you have the right to access, correct, export (portability), restrict, or delete your personal data, to object to certain processing, and to withdraw consent at any time. We act as the data controller for your account data; the subprocessors above act as our processors.

If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we collect, to access and delete it, to data portability, and to not be discriminated against for exercising those rights. We do not sell or share your personal information, so there is nothing to opt out of in that respect — but you still have the explicit right to opt out of any sale or sharing, and we honor it.

To exercise any of these rights, use the self-serve tools in Settings or email us at hello@martellosystems.com. We respond within 30 days.

Contact

Questions about privacy? Email hello@martellosystems.com.