LEGAL DOCUMENTS

Privacy Policy

Last updated: July 9, 2025

Acceptance of These Privacy Policy

1. Introduction

Welcome to Mues AI, the agentic AI platform that revolutionizes how users interact with software through natural language delegation. This Privacy Policy explains how ProducterHQ OÜ ("we," "us," or "our"), operating as Mues AI, collects, uses, processes, and protects your personal information when you use our Services.

1.1 Legal Framework

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR) EU 2016/679

• Estonian Personal Data Protection Act (PDPA)

• Estonian Data Protection Implementation Act

• Other applicable data protection laws in jurisdictions where we operate

1.2 Data Controller Information

Data Controller: ProducterHQ OÜ
Registration Number: 16539847
Registered Address: Tiiu tn 12/322, Kesklinna linnaosa, 10135 Tallinn, Harju maakond
Website: https://mues.ai/
Contact: privacy@mues.ai

2. Information We Collect

2.1 Personal Information You Provide

Account Information:

• Name (first and last)

• Email address

• Password (encrypted)

• Company/organization name

• Professional title

Profile Information:

• Account preferences and settings

• User interface customizations

• Language preferences

• Notification settings

Payment Information:

• Billing address

• Payment method details (processed securely through Stripe)

• Transaction history

• Subscription details

2.2 AI Interaction Data

Conversation History:

• All communications with AI agents

• Task delegation requests and instructions

• User queries and AI responses

• Feedback provided through our platform

Usage Analytics:

• Feature utilization patterns

• Task completion rates

• AI agent performance metrics

• User journey mapping data

2.3 Automatically Collected Information

Technical Data:

• IP address and geographic location

• Device information (type, operating system, browser)

• Connection details (ISP, network type)

• Session duration and timestamps

Performance Data:

• Error logs and diagnostic information

• System performance metrics

• Response times and latency data

• Security event logs

3. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

3.1 Contract Performance

• Providing AI agent services

• Processing subscription payments

• Managing user accounts

• Delivering customer support

3.2 Legitimate Interests

• Improving AI agent performance and accuracy

• Ensuring platform security and fraud prevention

• Conducting analytics for service optimization

• Developing new features and capabilities

3.3 Consent

• Marketing communications

• Optional feature participation

• Data sharing for research purposes

• Cookie preferences beyond essential cookies

3.4 Legal Obligations

• Compliance with Estonian company law

• Tax reporting and accounting requirements

• Regulatory compliance obligations

• Law enforcement requests

4. How We Use Your Information

4.1 Core Service Delivery

AI Agent Operations:

• Real-time processing of task delegation requests

• Natural language understanding and response generation

• Task execution and completion tracking

• Contextual assistance and recommendations

Platform Functionality:

• User authentication and authorization

• Account management and billing

• Performance monitoring and optimization

• Error detection and resolution

4.2 Service Improvement

AI Model Enhancement:

• Training safety and accuracy classifiers

• Improving natural language processing capabilities

• Developing new AI agent functionalities

• Optimizing response quality and relevance

User Experience Optimization:

• Analyzing usage patterns and preferences

• Personalizing AI agent interactions

• Streamlining user workflows

• Enhancing platform accessibility

4.3 Business Operations

Security and Compliance:

• Fraud detection and prevention

• Security incident response

• Regulatory compliance monitoring

• Audit trail maintenance

Customer Support:

• Resolving technical issues

• Providing usage guidance

• Processing account-related requests

• Gathering feedback for improvements

5. AI-Specific Processing Details

5.1 Agentic AI Transparency

Our AI agents operate with varying degrees of autonomy to complete user-delegated tasks.

We ensure transparency through:

Decision-Making Processes:

• Clear documentation of AI agent capabilities and limitations

• Explanation of how tasks are interpreted and executed

• Transparency about AI model training and data sources

• Regular updates on AI system improvements

Human Oversight:

• Human review of AI agent decisions for quality assurance

• Escalation protocols for complex or sensitive tasks

• User control over AI agent behavior and preferences

• Ability to modify or cancel AI agent actions

5.2 Real-Time Processing

All AI interactions are processed in real-time without permanent storage of conversation content, except as specified in our data retention policies. This includes:

• Immediate processing of user requests

• Temporary caching for session continuity

• Automatic deletion of temporary processing data

• Secure transmission of all communications

5.3 AI Training and Improvement

We use aggregated and anonymized data to improve our AI agents:

• Model performance optimization

• Safety classifier training

• Bias detection and mitigation

• Quality assurance improvements

Important: Individual user conversations are not used for AI training unless explicitly consented to by the user.

6. Third-Party Integrations

6.1 AI Service Providers

OpenAI:

• Powers core natural language processing

• Provides advanced reasoning capabilities

• Processes user queries in real-time

• Subject to OpenAI's data usage policies

Anthropic:

• Enhances AI reasoning and safety

• Provides Claude-based processing capabilities

• Ensures responsible AI behavior

• Governed by Anthropic's privacy practices

Google Gemini:

• Supports specialized AI functionalities

• Enables advanced language understanding

• Processes specific query types

• Follows Google's enterprise privacy standards

6.2 Payment Processing

Stripe:

• Processes all subscription payments

• Handles billing and invoicing

• Manages payment method security

• Maintains PCI DSS compliance

6.3 Data Sharing Limitations

Important Restrictions:

• Our AI agents cannot access your external software platforms

• No integration with third-party user accounts without explicit consent

• All processing occurs within our secure environment

• No data sharing with advertising or marketing networks

7. Data Retention and Deletion

7.1 Retention Periods

• Account Data: Retained while account is active + 1 year after closure

• Conversation History: Retained for 24 months for service improvement

• Payment Records: Retained for 7 years for accounting and legal compliance

• Usage Analytics: Aggregated data retained indefinitely; identifiable data deleted after 2 years

• Security Logs: Retained for 1 year for security monitoring and compliance

7.2 Automated Deletion

We implement automated systems to ensure timely data deletion:

• Daily review of retention schedules

• Automatic purging of expired data

• Secure deletion using industry-standard methods

• Verification of deletion completion

7.3 Data Portability

Users can request export of their data in machine-readable format, including:

• Account information and preferences

• Conversation history (subject to retention periods)

• Usage statistics and analytics

• Payment and subscription records

8. International Data Transfers

8.1 Transfer Mechanisms

As a global service, we transfer data internationally using appropriate safeguards:

Adequacy Decisions:

• Transfers to countries with EU adequacy decisions

• Automatic compliance with equivalent protection standards

Standard Contractual Clauses:

• EU-approved contractual terms with third-party processors

• Binding data protection obligations

• Regular compliance monitoring

Certification Programs:

• Partners with recognized privacy certifications

• Ongoing compliance verification

• Third-party audit requirements

8.2 Specific Transfer Scenarios

• United States: Data processed by OpenAI and Anthropic under Standard Contractual Clauses

• Other Jurisdictions: Case-by-case assessment with appropriate safeguards

9. Your Rights Under GDPR

9.1 Individual Rights

Right of Access:

• Request copies of your personal data

• Information about processing purposes and legal basis

• Details of data recipients and retention periods

Right to Rectification:

• Correct inaccurate personal data

• Complete incomplete personal data

• Update outdated information

Right to Erasure:

• Request deletion of personal data

• Withdraw consent for processing

• Exercise "right to be forgotten"

Right to Restriction:

• Limit processing of your data

• Suspend processing pending verification

• Maintain data without processing

Right to Data Portability:

• Receive data in structured, machine-readable format

• Transfer data to another controller

• Direct data transfer where technically feasible

Right to Object:

• Object to processing based on legitimate interests

• Opt-out of direct marketing

• Object to automated decision-making

9.2 Exercising Your Rights

To exercise any of these rights:

• Email: privacy@mues.ai

• Subject Line: "Data Subject Rights Request"

• Include: Your name, email address, and specific request

• Verification: We may request identity verification

• Response Time: Within 30 days of verified request

10. Security Measures

10.1 Technical Safeguards

Encryption:

• TLS 1.3 for data in transit

• AES256 encryption for data at rest

• End-to-end encryption for sensitive communications

• Regular encryption key rotation

Access Controls:

• Multi-factor authentication for all accounts

• Role-based access control (RBAC)

• Principle of least privilege

• Regular access reviews and updates

Infrastructure Security:

• Enterprise-grade cloud hosting

• Network segmentation and firewalls

• Intrusion detection and prevention

• Continuous security monitoring

10.2 Organizational Measures

Staff Training:

• Regular privacy and security training

• Clear data handling procedures

• Incident response protocols

• Confidentiality agreements

Third-Party Management:

• Due diligence on all service providers

• Contractual data protection requirements

• Regular security assessments

• Incident notification procedures

10.3 AI-Specific Security

Model Security:

• Protection against adversarial attacks

• Input validation and sanitization

• Output monitoring and filtering

• Model access controls

Data Protection:

• Secure processing pipelines

• Temporary data handling protocols

• Automated data purging

• Privacy-preserving techniques

11. Children's Privacy

11.1 Age Restrictions

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11.2 Parental Controls

If you believe we have collected information from a child:

• Contact us immediately at privacy@mues.ai

• We will investigate and delete the information

• We will implement additional safeguards if necessary

12. Cookies and Tracking

12.1 Cookie Types

Essential Cookies:

• Authentication and session management

• Security and fraud prevention

• Basic functionality enablement

Analytics Cookies:

• Usage pattern analysis

• Performance monitoring

• Service improvement insights

12.2 Cookie Management

You can control cookies through:

• Browser settings and preferences

• Our cookie consent interface

• Third-party opt-out tools

• Account privacy settings

13. Marketing Communications

13.1 Communication Types

With your consent, we may send:

• Product updates and feature announcements

• Educational content about AI

• Industry insights and best practices

• Special offers and promotions

13.2 Opt-Out Options

Email Communications:

• Unsubscribe link in all marketing emails

• Account settings preferences

• Direct request to privacy@mues.ai

Legal Basis: All marketing communications are based on explicit consent or legitimate interests with easy opt-out options.

14. Data Breach Response

14.1 Incident Response Plan

Detection and Assessment:

• Continuous monitoring for security incidents

• Rapid incident classification and response

• Impact assessment and containment measures

Notification Requirements:

• Supervisory authority notification within 72 hours (if high risk)

• Individual notification without undue delay (if high risk)

• Detailed incident documentation and reporting

14.2 User Communication

In case of a data breach affecting your information:

• Direct notification via email

• Clear explanation of what happened

• Steps we're taking to address the issue

• Recommended actions for your protection

15. Business Transfers

15.1 Merger or Acquisition

In the event of a merger, acquisition, or sale of assets:

• Personal data may be transferred to the new entity

• This Privacy Policy will continue to apply

• Users will be notified of any material changes

• Additional consent may be required for new processing

15.2 Bankruptcy or Liquidation

If ProducterHQ OÜ ceases operations:

• Personal data will be deleted or transferred with appropriate safeguards

• Users will receive advance notice

• Data protection obligations will continue

• Supervisory authorities will be notified

16. Updates to This Policy

16.1 Change Notification

We may update this Privacy Policy to reflect:

• Changes in our processing activities

• New legal requirements

• Enhanced security measures

• Improved transparency practices

16.2 User Communication

Notification Methods:

• Email notification to all users

• In-app notifications and alerts

• Website banner announcements

• Account dashboard notifications

Effective Date: Changes take effect 30 days after notification, unless immediate compliance is required by law.

17. Contact Information

17.1 Privacy Inquiries

Primary Contact:

• Email: privacy@mues.ai

• Subject Line: Include "Privacy Inquiry" for fastest response

• Response Time: Within 48 hours for general inquiries

17.2 Data Protection Officer

Currently, we do not have a designated Data Protection Officer. All privacy matters are handled by our privacy team at privacy@mues.ai.

17.3 Company Information

ProducterHQ OÜ

• Website: https://mues.ai/

• General Contact: hi@mues.ai

• Business Address: Tiiu tn 12/322, Kesklinna linnaosa, 10135 Tallinn, Harju maakond

• Registration: Estonian Company Registry

17.4 Regulatory Contacts

Estonian Data Protection Inspectorate:

• Website: http://www.aki.ee/

• Email: info@aki.ee

• Phone: 372 627 4135

• Address: Tatari 39, 10134 Tallinn, Estonia

18. Conclusion

This Privacy Policy reflects our commitment to protecting your personal information while delivering innovative AI-powered services. We believe in transparency, user control, and responsible data stewardship.

As agentic AI technology continues to evolve, we remain committed to:

• Implementing privacy by design principles

• Maintaining the highest security standards

• Ensuring transparent AI operations

• Respecting user rights and preferences

• Complying with all applicable laws and regulations

For any questions about this Privacy Policy or our privacy practices, please contact us at privacy@mues.ai. We're here to help you understand how we protect your information and ensure your privacy rights are respected.

This Privacy Policy is effective as of July 9, 2025, and applies to all users of Mues AI services operated by ProducterHQ OÜ.

FAQ