Legal

Privacy Policy

Last updated: 2026-04-27

Contents
  1. Principles
  2. Data we collect
  3. Data we DON'T collect
  4. How we use data
  5. End-to-end encryption
  6. Sharing with third parties
  7. Cookies & Tracking
  8. Your rights
  9. Storage & deletion
  10. Children
  11. Policy changes
  12. Contact

Privacy is a core feature of Mupl — not a compliance checkbox. This document spells out exactly what we collect, why, where it lives, and how you control your data. Applies to both the iOS app and web companion at mupl.notadi.app.

01Principles

Mupl operates on 4 immutable principles:

  1. Minimal collection: only data essential to operating the service.
  2. Local-first: data lives on your device by default. Cloud is optional backup.
  3. Zero-knowledge: server stores ciphertext it cannot decrypt. Lose your key = lose readability, even from us.
  4. No data selling: we never sell, lease, or trade your data — not even anonymized.

Mupl complies with Vietnam Decree 13/2023/NĐ-CP on Personal Data Protection. For EU users, we follow the spirit of GDPR (same rights: access, rectification, erasure, portability).

02Data we collect

Mupl collects 3 categories of data, each for a specific purpose:

2.1. Account

  • Email + OAuth provider (Apple Sign-In, Google, or email/password). For authentication and account-related contact.
  • Mupl ID (server-generated UUID). Internal data linkage.
  • Account creation date + last sign-in. For Profile display and anomaly detection.

2.2. Device

  • Device ID (UUID stable per install). For managing signed-in devices in Settings.
  • Device name + model + OS version (e.g. "iPhone 15 Pro, iOS 18.2"). Displayed in device list for recognition.
  • App version. Required for technical support and data migration.

2.3. Music + metadata (encrypted)

  • Audio blobs: mp3/flac/m4a files you upload. Currently stored as plaintext on S3 (will move to ciphertext — see section 5).
  • Metadata ciphertext: titles, artists, albums, playlists, durations — ALL encrypted XSalsa20-Poly1305 on your device before leaving. Server sees ciphertext + nonce, can't decrypt.
  • Storage usage: total bytes used / quota. Aggregate, not content.

03Data we DON'T collect

For clarity, here's what Mupl never collects:

  • Listening history — what songs, when, how long, completed or skipped. No "Wrapped Year-in-Review".
  • App usage patterns — what time, what days, from where (location).
  • Location — Mupl doesn't request GPS. IP addresses used briefly for rate-limiting only, no long-term logging.
  • Contacts, Photos, Calendar, Microphone — Mupl doesn't request these permissions.
  • Messages, voice commands, biometric data.
  • Recommendation history: Mupl has no recommendation engine. If we ever add suggestions, they'll run 100% on-device — no signals to server.

04How we use data

Data is used only for these purposes:

  • Authenticate you on sign-in (email + OAuth provider).
  • Sync music library across your devices (ciphertext + metadata).
  • Display device list + allow remote revocation.
  • Calculate storage usage and apply tier quotas (Free/Pro/Lifetime).
  • Contact you about account issues or security incidents (via registered email).
  • Comply with valid legal requests from authorities.

We don't use data to:

  • Show ads (Mupl has no ads).
  • Train AI models.
  • Build behavior profiles, recommendations, or personalized content.
  • Sell or share with third parties.

05End-to-end encryption

When you create an encryption passphrase, Mupl derives a master key via Argon2id — a memory-hard KDF resistant to GPU brute-force. The master key only exists on your device (iOS Keychain with Secure Enclave where available).

All metadata (titles, artists, playlists) is encrypted XSalsa20-Poly1305 with the master key BEFORE leaving your device. Each entry uses a random 24-byte nonce. Server stores ciphertext + nonce, can't read.

Mupl has no "forgot password" for the master key. Forgetting = losing decryption capability for cloud metadata. This is the trade-off of zero-knowledge — we have no recovery path because we have no key.

06Sharing with third parties

Mupl shares data only with 3 technical service providers, each for a specific purpose:

  • Firebase Authentication (Google) — authenticates Apple/Google OAuth + email/password. Firebase receives email + provider ID. Doesn't receive music metadata.
  • S3-compatible storage (CleVai/Vcloud HCMC) — stores audio blobs + encrypted metadata. Provider sees opaque bytes, can't decrypt.
  • Mixpanel (analytics) — only anonymous UX events (screen view, button tap), never with track names/artists. Opt-out 1-click in Settings.

We don't share with: advertisers, data brokers, social media, AI training companies.

Legal requests: If authorities issue valid requests, we'll provide minimum-scope data — and that data is also ciphertext. Mupl can't decrypt metadata even if compelled.

07Cookies & Tracking

The website mupl.notadi.app uses:

  • Session cookie (HttpOnly + Secure + SameSite=Lax) — keeps you signed in. Expires after 72 hours of inactivity.
  • localStorage — stores Mupl JWT + Device ID. Data lives only in your browser, not auto-sent.

We don't use:

  • Google Analytics, Facebook Pixel, or other tracking pixels.
  • Third-party advertising cookies.
  • Cross-site or browser fingerprinting.

The iOS app doesn't use IDFA. Mupl doesn't request App Tracking Transparency.

08Your rights

Under VN Decree 13/2023 and GDPR, you have these rights over your personal data:

  • Right to access: request a copy of all data Mupl holds about you. We'll send via email within 7 business days.
  • Right to rectification: update email, device names anytime in Settings.
  • Right to erasure: permanently delete account in Profile → "Delete account". All blobs + metadata + user row removed. Irreversible.
  • Right to portability: export music + metadata in standard formats (mp3/flac + JSON) by copying the mupl/audio/ folder out of iPhone via Files.app or AirDrop.
  • Right to withdraw consent: opt out of Mixpanel analytics 1-click in Settings → Privacy.
  • Right to complain: contact Vietnam's Cybersecurity and High-Tech Crime Prevention Department (A05) — Ministry of Public Security.

09Storage & deletion

Your data is stored in Vietnamese datacenters (Vcloud HCMC) — not transferred abroad.

  • Active accounts: data retained indefinitely until you delete the account or stay inactive 24+ months.
  • Inactive 24+ months: we email a warning 30 days ahead, then permanently delete if no response.
  • After account deletion: blobs + metadata ciphertext deleted immediately. S3 backup lifecycle takes 30 days before complete erasure — technical S3 versioning.
  • Access logs: rotated after 90 days.

10Children

Mupl isn't directed at children under 13 and doesn't knowingly collect their data. If you're a parent who discovers your child registered, email privacy@mupl.notadi.app — we'll delete the account and all associated data within 7 days.

11Policy changes

When we update this policy, the "Last updated" date at the top changes. Material changes (new third parties, data use changes) will be emailed 30 days before taking effect so you can review and decide.

Past versions available on request — email privacy@mupl.notadi.app.

12Contact

Questions, concerns, or rights enforcement requests per section 8:

Reply within 7 business days for any request.