Privacy Policy
Effective: May 2026
1. Who We Are
Muxbe is operated by Giorgi Kurtsikidze, Individual Entrepreneur (მცირე მეწარმე), registered in Georgia. Throughout this policy, "Muxbe," "we," "us," and "our" refer to this entity.
For privacy-related inquiries, contact us at privacy@muxbe.com.
2. Scope & Roles
This policy covers all data processed through the Muxbe platform. We act in two capacities:
- Data Controller — for account data we collect directly (user registration, authentication, platform usage analytics, and audit logs).
- Data Processor — for business data our customers upload, sync, or generate within their tenant workspace. In this context, the customer organization is the Controller, and Muxbe processes data on their behalf under their instructions.
Muxbe is not an EU-established company but serves customers in the EU and UK. We have designed our data practices with GDPR principles in mind and apply them consistently to all users regardless of location.
3. Data We Collect
3.1 Account Data
When you create a Muxbe account, we collect and store:
- Email address, display name, and profile photo (via our authentication system)
- Role, permissions, and tenant membership within your organization
- Login timestamps and last activity time
3.2 Customer Business Data
Customers upload, sync, or create the following data within their tenant workspaces. Muxbe processes this data as a Processor on behalf of the customer:
- Partner & deal records: partner names, geographic regions, traffic sources, commission terms, referral URLs, KPIs, tags, and status
- Partner contacts: email addresses, Telegram handles, Skype IDs, phone numbers
- Player data: external player IDs, casino user IDs, country, brand, signup and first-deposit dates, deposit totals, qualification flags, source URLs, device information, region, and campaign IDs (synced from the Customer's affiliate platform)
- Player personal information: email, first name, last name, nickname, visit IP address (stored in a separate, access-restricted collection)
- Financial data: deposits, first-time deposits, net gaming revenue, gross gaming revenue, wager amounts, CPA/RevShare income, bills, payments, and monthly commission calculations
- Invoices: uploaded PDF/image files, amounts, currencies, due dates, and payment types
- Retention & campaign data: campaign IDs, names, types, states, message delivery records, and engagement metrics (synced from the Customer's marketing automation platform)
- Sports intelligence: event IDs, sport, competition, teams, odds, and AI-generated promotional suggestions
3.3 Platform Usage Data
As users interact with Muxbe, the platform generates:
- Chat messages between team members (in channels, groups, and direct messages)
- Workspace boards and task records
- Internal notes attached to partners or deals
- Signals and alerts created by team members
- Audit logs containing: user email, display name, UID, public IP address, user agent string, and action details
3.4 AI Processing Data
Muxbe includes AI-powered features (including an AI assistant) delivered via a third-party AI service provider. When users interact with these features:
- Questions and conversation context are sent to the AI service provider's API
- AI tool call results may include deals, invoices, retention data, player data, and monitoring data from the customer's workspace
- AI interaction traces are stored in the database (question, conversation history, system prompt, tool arguments and results, final response)
- Recent AI chat history (last 50 messages) is stored in browser localStorage
3.5 Monitoring Data
For customers using the SERP monitoring feature:
- Configured keywords, geographic and device targeting, language settings
- Search engine results pages (SERP) data and crawled URLs/domains
- Extracted competitor information: casino names, positions, bonuses
4. Legal Bases for Processing
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Account data | Contract performance | Providing the service, authenticating users, managing access |
| Audit logs & security data | Legitimate interest | Security, fraud prevention, accountability |
| Customer business data | Processor basis (contract with customer) | Processing on behalf of the customer as Controller |
| AI processing data | Contract performance / Processor basis | Delivering AI assistant functionality as part of the service |
| Platform usage data | Contract performance | Enabling collaboration features (chat, boards, notes) |
| Monitoring data | Contract performance | Delivering competitive intelligence features |
5. Data Sharing & Subprocessors
We share data with third-party service providers only as necessary to deliver the Muxbe platform. We do not sell personal data. Subprocessors fall into the following categories:
| Category | Purpose | Data Involved |
|---|---|---|
| Cloud infrastructure & database | Hosting, database, authentication, file storage, serverless compute, scheduled tasks, secrets management, and logging | All platform data |
| AI services | AI-powered analysis and assistant features | User queries and relevant business data from the workspace |
| Frontend hosting & content delivery | Hosting and global delivery of the web application | Static assets; standard access logs (IP, user agent) |
| Transactional email delivery | Delivery of platform-generated emails (notifications, alerts, invitations) | Recipient email addresses, message content |
Muxbe additionally relies on a small number of operational service providers (such as sports data providers, search engine results data providers, and proxy infrastructure used by the monitoring crawler) that do not process personal data on behalf of customers — they handle queries about publicly available information only.
In addition, customers may configure their own integrations with third-party platforms — for example, their affiliate management platform or a marketing automation platform. These are customer-directed integrations using the customer's own credentials, and the customer is responsible for its own relationship and contractual arrangements with those providers.
The current named list of specific subprocessors is provided privately to Customers under contract and is available on request at legal@muxbe.com. See the Subprocessors page for more detail.
6. International Data Transfers
Muxbe is operated from Georgia. Data may be transferred to and processed in the following regions, depending on the subprocessor category:
- United States — primary cloud infrastructure, AI services, transactional email delivery, and frontend hosting.
- European Union — endpoints of the Customer's marketing automation platform, where the Customer has configured EU endpoints.
- Global CDN — edge nodes for static asset delivery.
Where data is transferred outside the EEA/UK, we rely on standard contractual clauses (SCCs) incorporated into our agreements with subprocessors, or equivalent safeguards recognized under applicable data protection law.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Retained while the account is active; deleted upon account or tenant deletion |
| Player daily statistics | Auto-pruned after 365 days |
| Stopped retention campaigns | Auto-pruned after 400 days |
| Chat messages | Soft-deleted when removed by user (marked as deleted, not physically removed immediately) |
| AI interaction traces | Retained until manually cleared or tenant deletion |
| Audit logs | Retained for the lifetime of the tenant |
| All tenant data | Permanently deleted upon tenant deletion (including all user profiles, business data, and authentication accounts) |
8. Cookies & Local Storage
Muxbe does not use third-party analytics, advertising pixels, or marketing cookies. We do not deploy Google Analytics, Microsoft Clarity, Meta Pixel, or similar tracking technologies.
The platform uses browser storage as follows:
localStorage
- Remembered login email (convenience feature)
- AI chat history (last 50 messages, stored locally in your browser)
- UI preferences: command palette recent searches, chat panel last view, changelog dismissal version
sessionStorage
- Active tenant selection for superadmin users
- Report filter handoff between pages
Authentication persistence
The authentication system uses browser persistence (IndexedDB/localStorage) internally to maintain authentication state. This is a functional requirement for keeping users logged in and is not used for tracking.
9. Data Security
We implement security measures appropriate to the nature of the data processed:
- All data in transit is encrypted via TLS
- Data at rest is encrypted by our cloud infrastructure provider's default encryption
- Access to customer data is restricted by role-based access control (RBAC) enforced at both application and database rule levels
- Sensitive collections (player PII, partner contacts) are stored in separate, access-restricted database paths
- Secrets and API keys are managed through a managed secrets vault, not in source code or environment variables
- Audit logs record user actions with IP address and user agent for accountability
- Authentication uses email/password credentials and short-lived tokens validated on every API call
For more details, see our Security page.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Restriction — request that we limit processing of your data
- Portability — request your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
To exercise any of these rights, contact privacy@muxbe.com. We will respond within 30 days.
11. AI-Specific Disclosures
Muxbe's AI features rely on a third-party AI service provider's API. Important details:
- Data sent to the AI service provider includes your question, conversation context, and relevant workspace data retrieved by AI tool calls
- The AI service provider's data usage policy applies to data transmitted to its API; Muxbe uses that API under terms that do not permit Customer Data to be used to train models, and does not opt into any program that would allow such use
- AI responses are generated by machine learning models and may contain inaccuracies
- AI interaction traces (prompts, tool calls, responses) are stored in the Muxbe database for debugging and service improvement within the customer's tenant
- AI chat history stored in your browser's localStorage can be cleared by you at any time
12. Children's Privacy
Muxbe is a B2B platform intended for use by business professionals. We do not knowingly collect data from individuals under 18 years of age. If you believe a minor has provided data through our platform, contact privacy@muxbe.com.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Effective" date at the top of this page and, where appropriate, notify customers via email or in-app notification.
14. Contact
For questions about this Privacy Policy or our data practices:
- Email: privacy@muxbe.com
- Entity: Giorgi Kurtsikidze, Individual Entrepreneur (მცირე მეწარმე)
- Jurisdiction: Georgia