Privacy Policy

Effective Date: January 1, 2026

1. Introduction

Murmur AI, Inc. ("Murmur," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at teammurmur.com (the "Website") or use our organizational intelligence platform (the "Service").

Murmur is a privacy-first platform. We analyze only metadata from workplace tools—never message content, document bodies, or other private communications. This foundational principle guides everything we do.

Please read this Privacy Policy carefully. By accessing or using our Website or Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you register for an account or contact us, we collect:

• Name
• Email address
• Company name

2.2 Workplace Metadata (Service Data)

When your organization connects workplace tools to Murmur, we collect metadata only—never message content or document bodies. This includes:

• Communication metadata: timestamps, sender/recipient IDs, channel IDs, thread participation patterns, reaction counts
• Calendar metadata: meeting times, duration, attendee counts, recurring patterns
• Organizational data: team structures, department hierarchies, manager relationships
• Time-off data: PTO periods (to exclude from metrics)

We never collect or store: message content, email bodies, document text, file contents, meeting transcripts, or any other private communications.

2.3 Website Data

Our Website collects minimal data. We do not use analytics tracking. If you submit a contact form, we collect only the information you provide (typically email address).

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Generate team-level organizational health insights (never individual-level scoring)
• Communicate with you about your account, updates, and support
• Improve and develop new features
• Comply with legal obligations

4. Team-Level Aggregation

A core privacy principle of Murmur is that we provide insights at the team level only. We do not score, evaluate, or report on individual employees. All metrics are aggregated to protect individual privacy. Teams below minimum size thresholds are excluded from reporting.

5. Google API Services

Murmur's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Calendar to Murmur, we access only:

• Calendar event metadata (start time, end time, duration)
• Attendee counts and response status
• Recurring event patterns
• Free/busy status

We do not access: event titles, descriptions, attachments, email content, Google Drive files, or any other Google services beyond Calendar metadata.

Limited Use Disclosure: Murmur's use of Google Calendar data is limited to providing and improving the organizational health insights described in this policy. Specifically:

• We do not use Google data for advertising purposes
• We do not sell Google data to third parties
• We do not use Google data for purposes unrelated to the Service
• Human access to Google data is limited to debugging and support, and only when you provide consent

6. How We Share Your Information

6. How We Share Your Information

We do not sell your personal information. We may share information with:

• Service Providers: Third-party vendors who help us operate our Service (see Section 7)
• Your Organization: Authorized administrators within your organization can access team-level insights
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Service Providers (Sub-processors)

We use the following third-party service providers to operate our Service:

• Supabase: Database hosting and authentication
• Vercel: Website and application hosting
• Anthropic: AI-powered narrative generation (metadata only, no message content)
• Formspree: Contact form processing

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS) and at rest (AES-256)
• OAuth token encryption using AES-256-GCM
• Row-level security for multi-tenant data isolation
• Role-based access controls
• Regular security assessments

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Data Retention

We retain your information as follows:

• Account data: Retained while your account is active and for 30 days after cancellation
• Workplace metadata: Retained while your organization's account is active and for 30 days after cancellation
• Aggregated insights: Historical trend data is deleted with your account

You may request deletion of your data at any time by contacting us at info@teammurmur.com.

10. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information
• Portability: Request a portable copy of your data
• Opt-out: Opt out of certain data processing

To exercise these rights, contact us at info@teammurmur.com. We will respond within 30 days.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights. You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share information. You also have the right to request deletion and to opt out of the sale of personal information. We do not sell personal information.

To exercise your California privacy rights, contact us at info@teammurmur.com.

12. Cookies and Tracking

Our Website uses minimal cookies necessary for basic functionality (such as session management). We do not use advertising cookies, marketing trackers, or third-party analytics. We do not track your browsing activity across other websites.

13. Third-Party Links

Our Website and Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

14. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

15. International Data Transfers

Murmur AI, Inc. is based in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Website and updating the "Effective Date" above. Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Murmur AI, Inc.
Email: info@teammurmur.com
Website: gomurmur.com