Skip to content

TRUST & POLICIES

Data Handling

Last updated: April 15, 2026

On this page
  1. Document storage
  2. Voice recordings
  3. Email communications
  4. Protected health information (PHI)
  5. Payment data
  6. Analytics & telemetry
  7. Third-party sub-processors
  8. Data export & deletion

Document storage

  • Documents you upload (bills, invoices, screenshots) live in Supabase Storage
  • Stored in your own folder, RLS-protected
  • Accessible only via signed URLs valid for 1 hour
  • Encrypted at rest (AES-256)
  • You can download or delete any document any time

Voice recordings

  • Calls placed on your behalf are recorded for quality and dispute resolution
  • Stored encrypted in Supabase Storage
  • Accessible to you, the assigned Mumm operator (if any), and admins (audit-logged)
  • You can request deletion any time after the negotiation closes
  • Recordings purged automatically 7 years after the negotiation closes (legal retention)

Email communications

  • Emails sent on your behalf use a Mumm-controlled address (negotiation+{id}@mail.trymumm.com)
  • Replies route back to your negotiation thread
  • Stored encrypted in the database, accessible per RLS
  • Available in your dashboard under each negotiation
  • Retained 7 years after negotiation closes

Protected health information (PHI)

  • We handle PHI under HIPAA where applicable
  • Stored in encrypted PHI-flagged columns
  • Access logged separately from non-PHI data
  • Sub-processors that touch PHI (Anthropic, Supabase, Stripe) have BAAs in place
  • We do not use PHI for analytics, marketing, or model training
  • We do not share PHI with any third party except the merchant of the bill itself or with your explicit consent

Payment data

  • Card numbers never touch our servers
  • Stripe-tokenized references stored
  • Bank account details (for ACH) tokenized, not stored in cleartext
  • PCI-DSS handled by Stripe (Level 1)

Analytics & telemetry

  • We use PostHog for product analytics
  • Event names and properties only — no PII in event payloads
  • IP addresses anonymized (last octet stripped) before storage
  • You can opt out of all non-essential analytics in your account settings

Third-party sub-processors

A current list lives at /trust/sub-processors and is updated within 30 days of any change. Major sub-processors:

  • Vercel (hosting)
  • Supabase (database, storage, auth)
  • Stripe (payments)
  • Twilio (SMS, voice)
  • Resend (email)
  • Retell (voice agent)
  • Anthropic (LLM)
  • Sentry (error tracking)
  • Axiom (logging)
  • PostHog (analytics)

Data export & deletion

  • Export: account settings → data export → ZIP file with everything we have
  • Delete: account settings → delete account. Soft-deleted immediately (recoverable within 30 days). Hard-deleted after 30 days, except for records we are legally required to retain (financial records: 7 years; tax records: 7 years).
  • Specific deletion requests (single document, single negotiation): contact privacy@mumm.com