Privacy Policy

Preamble

MWM SAS is a French simplified joint stock company with its headquarters located at 1, Cours de l'Île Seguin, 92100, Boulogne-Billancourt, France, and registered in the Nanterre trade and company register under number 513 627 299.

This Privacy Policy (the "Policy") outlines how MWM SAS ("MWM," "we," or "us") collects, uses, shares, and otherwise processes personal information from users, including developers, entrepreneurs, and visitors ("User", "you", or "your") of our website, platform, and services (collectively, our "Services"). By using our Services, you acknowledge this Policy. If you do not agree with the terms of this Policy, please discontinue your use of our Services. Existing users with contractual obligations should contact us to discuss applicable terms.

MWM is very mindful and committed to respect your private life, the security and the confidentiality of personal data relating to you which is defined by the regulation applicable to you as "Personal Data". We are committed to ensuring compliance with applicable privacy laws in the United States (including all applicable state privacy statutes), European Economic Area, United Kingdom, Switzerland, and Canada.

MWM reserves the right to update or revise this Privacy Policy to reflect changes in our practices, legal requirements, or the Services themselves. We will post any revised Policy at https://mwm.ai/privacy-policy.html and indicate the "Effective" date at the top of the document.

If you have any questions or request, feel free to contact us by email at contact@mwm.io.

If you wish to contact our data protection officer (DPO) regarding the handling of your personal data and/or to exercise your rights, feel free to contact us at dpo@mwm.io and detail your request.

1. Personal Information We Process

For purposes of this Privacy Policy, "Personal Data" (or "Personal Information" under certain U.S. laws) means information that identifies, relates to an identified or identifiable natural person or is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual or household.

Personal Data may include, for example: name, email address, billing address, IP address, device identifiers, account login information, authentication tokens, support communications, and certain usage logs.

"Customer Content" means the content you submit to, generate with, or store in the Services (including prompts/Inputs, code/Outputs, Projects, assets, and build artifacts). Customer Content may include Personal Data if you choose to include it.

"Usage Data" means information about how the Services are accessed and used (for example: timestamps, features used, build events, crash/error logs, performance metrics, and security logs). Usage Data may constitute Personal Data depending on the context and is handled in accordance with this Policy.

MWM does not intentionally collect special-category or sensitive Personal Data, such as biometric identifiers, health information, or precise geolocation, and instructs customers not to upload such information. This definition will be interpreted to include any equivalent term under other privacy laws that come into force during the life of this Policy.

2. Data Collection & Use

Information You Provide Directly. When you create an account, participate in a referral/affiliate program, purchase a subscription, open a support ticket, or otherwise use our Services, you may supply personal data such as account information (e.g., name, email address, password, authentication factors); profile and workspace information (e.g., organization name, settings); support and communications content (e.g., messages sent to us); app store workflow information you choose to provide to enable publishing (e.g., developer account identifiers, app metadata), as applicable.

Payment Information. Payments are processed by our payment processor (e.g., Stripe). MWM does not store full payment card details. We receive limited billing information such as your billing name, billing address, subscription status, and transaction identifiers to manage your subscription, invoicing, and accounting. See Stripe's privacy policy for details on how they handle your card details and transaction data.

Customer Content. To provide the Services, we process and store Customer Content within your workspace, including prompts/Inputs, generated code/Outputs, Projects (including version history where available), and build artifacts. You control what you submit and what you store in your workspace.

Information Automatically Collected. When you use the Services, we automatically collect certain technical and usage information, such as IP address, device/browser type, operating system, log data, timestamps, pages/screens viewed, and error and performance logs. We use this information to operate the Services, secure them, prevent abuse, meter usage, troubleshoot issues, and improve reliability.

Usage & Analytics. We record how you engage with key features (e.g., prompts submitted, code generated, build events). If you authorize a third-party integration, MWM accesses only the minimum data required to provide that integration and processes it under the same terms as other Personal Data. As part of our Services, our platform may act as a proxy to connect your applications to third-party AI providers, including OpenAI, Google Gemini, Anthropic. Your inputs (e.g., prompts, queries) and related data are transmitted to these providers for processing and response generation. These transmissions occur on a pass-through basis and MWM does not use Customer Content to train or fine-tune AI models. By using our Services, you consent to such transfers under the privacy policies of Anthropic, OpenAI, and Google. We do not control these providers' data practices, and you are responsible for reviewing their policies.

Children Data. MWM Services are not intended for individuals under the age of eighteen (18), and we do not knowingly collect or solicit personal data from anyone under this age. By using our Services, you represent that you are at least 18 years old or the age of majority in your jurisdiction. If we discover that we have collected personal data from a minor without verifiable parental consent, we will promptly delete that information. If you believe we may have collected such data, please contact us at privacy@mwm.io.

We process Personal Data for the following purposes:

• to provide, operate, and maintain the Services (including builds and publication workflows);
• to create and manage accounts and subscriptions;
• to meter usage and prevent fraud/abuse;
• to provide customer support and communicate with you;
• to improve the performance, functionality, and security of the Services (including through de-identified and aggregated analytics);
• to comply with legal obligations (including accounting, tax, and sanctions/export control compliance); and
• with your consent, to send marketing communications and to use non-essential cookies and similar technologies.

MWM does not engage in automated decision-making that produces legal or similarly significant effects on individuals (GDPR Art 22). We collect only the personal data necessary for these purposes and retain only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law (as defined further below). You can exercise your opt-out or objection rights to certain processing activities.

3. Legal Ground for Data Collection

Performance of a Contract. We process your data to provide, maintain, and support the Services you have requested under our Terms of Service or other agreement with you.

Legitimate Interests. We use personal data to secure the platform, detect fraud, generate aggregate analytics, and improve AI features where these interests are not outweighed by your privacy rights.

Consent. We rely on your opt-in consent for non-essential cookies, marketing e-mails, and any other processing that requires consent under applicable law. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal Obligations. We retain and disclose information as necessary to comply with bookkeeping rules, export-control and sanctions regulations, court orders, or other legal duties.

Protection of Vital Interests. In rare cases, we may process data to protect an individual's vital interests, such as preventing serious harm or responding to an emergency.

4. Reasons for Use & Processing

We use personal information for the following business and commercial purposes:

• Service Delivery and Support: Providing and maintaining our platform, including code generation, debugging, and deployment.
• Service Integrity: Ensuring the security and integrity of our Services, including preventing fraud or unauthorized access.
• Service Improvement and Research: Improving reliability, safety, and product performance (e.g., debugging, quality monitoring, and feature improvement) primarily through de-identified or aggregated data. We do not use Customer Content to train or fine-tune AI models.
• Personalization: Tailoring our Services to your preferences, such as optimizing code generation based on your prompts.
• Product Updates and Limited Marketing: Sending product announcements and other communications you have opted to receive, and measuring their effectiveness. These are non-transferable and revocable; opt out of marketing via account settings.
• Business Continuity and Security: Safeguarding our business operations and proprietary data.
• Legal and Regulatory Compliance: Complying with export-control and sanctions regulations, court orders, and privacy laws in the United States, European Economic Area, United Kingdom, Switzerland, Canada, and other applicable jurisdictions.
• Auditing, Accounting, and Corporate Governance: Conducting audits, reporting, and corporate governance to ensure compliance and efficiency.
• Dispute Resolution and Legal Defense: Meeting legal and regulatory obligations in the United States, Canada, and other jurisdictions.

5. Sub-Processing

We use service providers that process Personal Data on our behalf to help us operate cloud hosting and infrastructure, payment processing, analytics, error monitoring, customer support tooling, email delivery, and security/fraud prevention. These providers are authorized to process Personal Data only as necessary to provide services to us and are subject to contractual confidentiality and security obligations.

Examples (non-exhaustive): cloud infrastructure providers (e.g., Google Cloud), payment processors (e.g., Stripe), and customer support tooling (e.g., Zendesk), depending on the configuration of the Services.

If you publish an Application to an app store (such as Apple App Store or Google Play), that store processes certain information as an independent controller under its own terms and privacy practices. MWM is not responsible for the data practices of app stores.

We will provide information about key sub processors upon request and intend to publish a maintained list in a future version of this Policy.

6. International Transfers

MWM is established in France and may process Personal Data in the European Economic Area (EEA). However, because we operate globally, Personal Data may be transferred to, stored in, or processed in countries outside the EEA, UK, or Switzerland.

Where required by applicable law for transfers to countries that have not been deemed to provide an adequate level of protection, MWM relies on appropriate safeguards such as:

• the European Commission's Standard Contractual Clauses (SCCs) (Commission Decision 2021/914), as applicable; and/or
• the UK International Data Transfer Addendum / other UK-approved mechanisms, as applicable; and/or
• the Swiss addendum to the SCCs, as applicable.

MWM is not currently certified under the EU–US Data Privacy Framework for its own transfers. We will update this Policy if our reliance mechanisms change.

7. Log Data, Cookies, Other Tracking

MWM and our partners may use cookies, pixels, and similar technologies ("Cookies") to operate, secure, and analyse our Services. We use a consent banner to obtain your consent before setting non-essential Cookies. You can withdraw or change your choices at any time through the cookie settings mechanism made available on our website/app.

We aim to align cookie lifetimes with applicable regulatory guidance. For example, where audience measurement cookies are configured to qualify for a CNIL exemption, their lifetime is limited to a maximum of thirteen (13) months, after which they are deleted or irreversibly anonymized.

We deploy four types of Cookies:

• Essential Cookies support core functions such as sign-in, session routing, fraud prevention, and consent storage. These are set on the basis of legitimate interests / contract performance and do not require consent.
• Analytics & Performance Cookies measure feature adoption, diagnose errors, track user interactions, and improve service performance. We use proprietary analytics and third-party services (including Google Analytics) for these purposes. We obtain prior consent for these Cookies in the EEA/UK/CH and honor CPRA "opt-out" signals in the United States.
• Functional Cookies remember your preferences (language, theme, layout) and are configurable in the in-product "Cookie Settings" panel.
• Marketing Cookies enable conversion tracking and campaign measurement through third-party services including Tiktok, Facebook/Meta, Reddit, LinkedIn, and Google Ads. That also includes cookies used as part of the Affiliates Program. While we use these cookies to measure the effectiveness of our marketing efforts, we do not "sell" or "share" Customer Personal Data for cross-context behavioral advertising as defined under applicable privacy laws. These cookies require consent in the EEA/UK/CH and respect opt-out preferences in other jurisdictions.

Disabling non-essential Cookies will not affect core functionality but may limit analytics-based improvements.

8. How Do We Protect Your Personal Data

MWM is committed to protecting your personal information and maintaining its accuracy. We implement reasonable industry standard safeguards, including:

• Data in Transit: All traffic between your browser or API client and our servers is protected with industry standard end-to-end encryption.
• Data Storage: Database encryption with secure key management and pseudonymize or anonymize data, where feasible.
• Access Controls: Role-based access and regular reviews to ensure only authorized staff can view your data.
• System Resilience: Continuous backups with industry-standard recovery objectives designed to minimize downtime and data loss.
• Security Monitoring: Real-time logging and monitoring to detect suspicious activity.
• Staff & Vendor Oversight: All employees sign confidentiality agreements, and receive yearly security training; sub-processors are contractually bound to equivalent protections.
• Your Role: Please keep your account credentials confidential and let us know if any of your information is incorrect so we can update it.

MWM keeps a record of processing activities in line with GDPR Article 30(2) and performs regular risk assessments to adapt these measures as threats evolve. If you believe your account information is inaccurate, contact us and we will correct it promptly.

We implement reasonable security measures (e.g., encryption in transit/rest, access controls) to protect your personal data, but our Services rely on third-party providers. We cannot guarantee uninterrupted availability, security, or performance of these providers, and data interruptions, delays, or losses may occur due to their actions or events beyond our control (including force majeure). We use commercially reasonable efforts to notify you of material security incidents involving your data but disclaim liability for third-party failures.

9. Information Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law, including:

• Providing and improving our Services.
• Complying with legal and regulatory obligations.
• Resolving disputes or enforcing agreements.

To cancel your account or request data deletion, contact us at privacy@mwm.io; we comply with applicable laws (e.g., GDPR erasure rights). We retain Personal Data only as needed to provide the Services, with deletion available upon request (subject to backups and legal holds).

10. Applicable Law – Disputes

This Policy is governed by the laws of France.

In accordance with the Applicable Regulations, you have the rights to access, rectify your Personal Data as collected and have them deleted. Under the conditions of the Applicable Regulations, you also benefit from the rights to request the limitation of the processing, the portability of your Personal Data, and the right to object to processing for reasons pertaining to your personal situation when the processing is based on MWM's legitimate interest. You can also communicate instructions about the fate of your Personal Data in the event of your death.

You can also, at any time, and without reason, object to the processing of your Personal Data for the purposes of direct marketing.

You can exercise these rights with MWM by sending your request accompanied by a copy of an identity document by email to the following email address: privacy@mwm.io or by mail, writing to the following address: MWM, 1, Cours de l'Île Seguin, 92100, Boulogne Billancourt, France.

In any case, you may, at any time, submit a claim to the CNIL or your competent national authority (depending on your place of residence).

11. U.S. State Privacy Disclosures (Including California)

Personal Information. Depending on how you use the Services, we may collect the following categories of Personal Information:

• Identifiers (e.g., name, email address, IP address, online identifiers);
• Commercial information (e.g., subscription status);
• Internet or other electronic network activity (e.g., log data, usage events);
• Approximate geolocation (derived from IP address);
• Customer Content to the extent it contains Personal Information (e.g., if you include personal data in prompts or Projects).

We do not intentionally collect sensitive personal information (as defined by certain U.S. laws) and we ask you not to provide it.

Purposes. We collect and use Personal Information for the purposes described in Section 2, including providing the Services, security, fraud prevention, customer support, analytics, and marketing (where permitted).

Sale; Share; Targeted Advertising. We do not sell Personal Information for money. However, certain marketing and analytics tools may involve "sharing" Personal Information for cross-context behavioral advertising under some state laws. Where required by law, you may opt out of such sharing/targeted advertising through our cookie settings or by contacting us at privacy@mwm.io. We honor opt-out preference signals where required by law, such as the Global Privacy Control (GPC).

Your Rights. Depending on your state of residence, you may have rights to (i) access and obtain a copy of your Personal Information; (ii) correct inaccurate Personal Information; (iii) delete Personal Information; (iv) opt out of targeted advertising, profiling, or certain disclosures; and (v) appeal a denial of your request (where applicable).

Exercising Rights. You (or your authorized agent, where permitted) may submit requests by emailing privacy@mwm.io. We may need to verify your identity and request additional information to process your request. We will respond within the timeframe required by applicable law.

Non-Discrimination. We will not discriminate against you for exercising your privacy rights.