MUTLE

Privacy Policy

Last updated: April 18, 2026

1. Scope

This Privacy Policy explains how BuzzChat Inc. ("BuzzChat", "Mutle", "we", "us", or "our") collects, uses, stores, discloses, and otherwise processes personal data in connection with Mutle.

This policy applies to website visitors, waitlist users, registered members, premium subscribers, TTN participants, developer applicants, support requestors, and, where relevant, non-users whose information is uploaded by users or collected from public professional sources for matching, anti-duplicate, enrichment, ghost-profile, or profile-claim workflows.

Where local law gives you additional rights or requires additional disclosures, those rights and disclosures apply in addition to this policy.

2. Personal Data We Collect

2.1 Information you provide directly

  • Account and profile data - name, email address, username, profile photo, role, headline, bio, company, industry, location, portfolio links, social handles, experience, education, interests, open-to preferences, recommendation details, and similar profile fields.
  • Waitlist and referral data - waitlist email, invite or referral codes, referrer information, invite-token history, queue status, and access status.
  • Verification data - work email verification details, phone verification state, LinkedIn URL, LinkedIn verification state, ID verification state, claimed profile signals, and related timestamps or review outcomes.
  • Content you submit - intro requests, intro notes, direct messages, posts, articles, comments, reactions, reports, support requests, safety appeals, and other content you send through the service.
  • Developer and app data - OAuth application names, descriptions, redirect URIs, client credentials metadata, app usage requests, and related developer account records.
  • Billing and payout data - selected plan, billing email, payment references, transaction status, limited processor customer data, payout method details, payout requests, and compliance information you provide in connection with TTN or payout features.

2.2 Contacts, imports, and matching data

  • Imported contacts - names, emails, phone numbers, organizations, titles, LinkedIn URLs, source metadata, and notes imported from Google Contacts, LinkedIn export files, CSV files, or manual entry.
  • Contact stub data - normalized contact records, deduped contact stubs, search terms, match state, matched user IDs, hashed email and phone identifiers, import-source details, and invite history.
  • Search and watch data - search terms, autocomplete events, search intent, saved search watches, recommendation events, and related discovery data.

2.3 Data created through use of the app

  • Graph and intro data - connection records, trust ratings, graph edges, path calculations, hop data, intro routing, intro outcomes, consent state, and relationship metadata.
  • Usage and device data - IP address, browser type, device type, operating system, timestamps, page visits, navigation events, session state, and similar telemetry.
  • Notification data - notification type, actor metadata, target path, related object ID, grouped keys, read state, and delivery context.
  • Safety and audit data - reports, moderation events, automated risk signals, throttles, restrictions, suspension records, export requests, deletion requests, and audit logs.

2.4 Data from third parties and public sources

  • Google account and Google Contacts data - if you sign in with Google or connect Google Contacts, we may receive your name, email, profile photo, and contact data within the scopes you grant.
  • LinkedIn file imports - if you upload a LinkedIn export, we process connection data from the file you provide. We do not describe this as a live LinkedIn account integration unless and until that exists.
  • Public professional data and enrichment data - we may collect or refresh public professional information such as name, headline, employer, summary, location, education, profile URLs, profile image, and similar professional details to support ghost-profile, claim, search, and matching features.
  • Payment processor data - transaction references, subscription status, currency, payment channel, next billing dates, and limited customer information from processors such as Paystack.

3. Data We Derive or Infer

We also create or infer data from other data we hold, including:

  • Trust, ranking, relevance, and path-quality signals.
  • Profile completeness, discoverability, and engagement signals.
  • Duplicate-account, spam, fraud, payout-risk, and abuse-risk signals.
  • Ghost-profile matching confidence, search demand, and claim eligibility.
  • Plan eligibility, feature access state, and usage-limit tracking.

Where these inferred signals relate to an identified or identifiable person, we treat them as personal data.

4. Sources of Personal Data

We collect personal data from the following sources:

  • Directly from you when you register, edit your profile, pay, message, post, appeal, or contact us.
  • From your connected services or uploaded files, such as Google Contacts or LinkedIn exports.
  • From other users who upload contacts, create intros, invite you, or interact with you on the graph.
  • From service providers that help us authenticate users, deliver email, process payments, or host infrastructure.
  • From public professional sources and enrichment providers used to support matching and ghost-profile workflows.
  • From automated systems that generate logs, security alerts, search analytics, or abuse signals.

5. How We Use Personal Data

We use personal data for the following purposes:

  • Provide the service - create accounts, manage profiles, operate the graph, process introductions, enable messaging, display posts, run search, and power the features you request.
  • Run contact and matching workflows - import contacts, normalize and deduplicate them, match them to existing users, create contact stubs, support invites, and maintain ghost-profile or claim flows.
  • Verify identity and account integrity - evaluate work email, phone, LinkedIn, ID, payout, anti-duplicate, and account standing signals.
  • Process subscriptions and payouts - initialize billing, verify transactions, maintain subscription status, calculate plan access, process TTN or payout flows, and reduce payment abuse.
  • Communicate with you - send transactional emails, notifications, waitlist updates, support replies, appeal responses, security notices, and legal notices.
  • Secure Mutle - detect fraud, spam, scraping, identity abuse, suspicious imports, manipulated graph activity, payment misuse, and other violations.
  • Improve the product - debug, test, measure usage, improve help content, understand feature adoption, and refine matching or discovery quality.
  • Comply with law and enforce our terms - maintain records, respond to legal requests, investigate complaints, defend claims, and enforce our policies.

6. Legal Bases for Processing

If you are in the EEA, UK, Switzerland, or another jurisdiction requiring a lawful basis, we rely on:

  • Contract - where processing is necessary to provide Mutle, including account creation, profile management, introductions, messaging, billing, and support.
  • Legitimate interests - where processing is needed to secure the service, improve matching, maintain graph integrity, prevent abuse, develop features, or support business operations in a proportionate way.
  • Consent - where we ask for permission, such as connecting certain external sources or enabling optional communications or device permissions.
  • Legal obligation - where processing is required for tax, accounting, sanctions, payments, consumer-law, or law-enforcement compliance.

7. AI and Automated Processing

Mutle may use AI-assisted and automated systems to answer support questions, rank support content, score trust paths, support search and suggestions, detect abuse, throttle risky activity, or route cases for review.

If you use AI support features, your prompt, the support context selected for that query, and related system output may be processed to generate an answer. If an external model provider is enabled for that feature, the relevant query and retrieved support context may be sent to that provider to produce the response.

We may also use automated systems to flag duplicate accounts, risky imports, spam, payout abuse, or policy violations. Some decisions are fully automated, some are advisory, and some are reviewed by humans. Automated systems may affect ranking, rate limits, feature access, visibility, enforcement, or appeal handling.

8. How Information Appears to Other Users

What other users can see depends on your settings, your relationship to them, the feature being used, and the workflow involved. For example:

  • Your profile data may be visible based on your discoverability and visibility settings.
  • Your connections or graph position may be shown according to the graph feature and your settings.
  • Intro context may be shared with the parties involved in that intro path.
  • Messages are visible to conversation participants and to us only where needed for support, safety, or legal reasons.
  • Posts, articles, and comments may be visible according to their audience or publication settings.
  • Trust scores you assign are internal product signals and are not necessarily shown to the person you score.

9. When We Share Personal Data

We share personal data only in the following categories of circumstances:

9.1 With other users

We share profile data, intro context, messages, posts, graph information, and notifications with other users where necessary for the service and consistent with the settings and workflow involved.

9.2 With service providers and subprocessors

We use providers that process data on our behalf, including:

  • Google, Firebase, and Google Cloud - authentication, hosting, databases, storage, and related infrastructure.
  • Resend - transactional email delivery.
  • Paystack - subscription billing, payment verification, and related payment processing.
  • Google APIs - Google sign-in and Google Contacts access when you choose to connect them.
  • Google Generative AI or similar model providers - AI-assisted support or similar product features when enabled.
  • Enrichment providers such as EnrichLayer - public and professional profile enrichment used in ghost-profile and matching workflows.
  • Sanity - content management for certain editorial or marketing content.

9.3 For legal, safety, and business reasons

We may disclose data when we believe disclosure is necessary to comply with law, respond to lawful requests, protect users or the public, enforce our terms, investigate abuse, prevent fraud or payment loss, or complete a financing, merger, acquisition, reorganization, or asset sale.

10. Google API and Google Contacts Data

If you connect Google Contacts, we access the contact data necessary to provide the feature you invoke, such as importing contacts, matching them, maintaining sync state, and letting you manage invite or connection workflows. We do not use Google Contacts data for advertising.

You can disconnect Google Contacts. Where the app offers it, you can also choose to delete imported contact stubs when disconnecting or separately purge your contact stubs from within the product.

Mutle's use and transfer to any other app of information received from Google APIs is intended to comply with the Google API Services User Data Policy, including the Limited Use requirements.

11. Ghost Profiles and Non-User Data

Mutle may maintain internal unclaimed or "ghost" profiles using imported contact signals, LinkedIn URLs, public professional information, and enrichment data. We use these profiles to improve search, matching, graph quality, claim workflows, and demand tracking.

A ghost profile may contain professional details such as name, headline, employer, location, profile image, education, public profile URL, hashed or direct contact points where available, and internal metrics such as import count or search count.

If you believe we hold a ghost profile about you, you may contact privacy@mutle.so to request access, correction, claim review, or deletion, subject to applicable law and our need to preserve fraud-prevention, graph-integrity, or legal records.

12. International Transfers

Mutle is operated from the United States and uses providers in multiple countries. Personal data may be transferred to and processed in countries outside your place of residence.

Where required by law, we rely on lawful transfer mechanisms such as Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

13. Cookies, Local Storage, and Similar Technologies

We use cookies, local storage, and similar technologies for:

  • Authentication and session continuity.
  • Security, rate limiting, and abuse prevention.
  • Remembering preferences and limited interface state.
  • First-party analytics, debugging, and performance diagnostics.

We do not say that we sell data to ad-tech companies or share personal data for cross-context behavioral advertising. If that changes in a way that requires new disclosures or consent, we will update this policy and provide any notices required by law.

14. Data Retention

We retain different categories of data for different periods depending on purpose and legal need.

  • Account and profile data - retained while your account is active and for a limited period after deletion or suspension as needed for recovery, disputes, fraud prevention, and legal compliance.
  • Deleted accounts - typically placed into a pending deletion state during the grace period described in our deletion policy, then deleted, anonymized, or isolated as appropriate.
  • Contact stubs and import data - retained while needed for your contact workflows unless you delete them, purge them, or disconnect and remove them where that control is available, subject to limited backups and legal retention.
  • Ghost-profile and enrichment data - retained while needed for matching, claim, graph-integrity, safety, and search purposes and may be refreshed over time.
  • Messages, intro, post, and audit records - retained as needed to operate the product, preserve records for participants, investigate abuse, resolve disputes, and comply with legal obligations.
  • Payment, tax, and security records - retained for as long as reasonably necessary to satisfy payment, accounting, tax, fraud-prevention, dispute-resolution, and legal obligations.

15. Security

We use technical and organizational measures designed to protect personal data, including encrypted transmission where appropriate, authentication controls, access restrictions, logging, and service-level safeguards around production systems.

No system is perfectly secure. If we become aware of a breach requiring notice under applicable law, we will provide notice as required.

16. Your Rights and Controls

Depending on your jurisdiction, you may have rights including:

  • Access to personal data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion or erasure, subject to exceptions.
  • Data portability.
  • Restriction of or objection to certain processing.
  • Withdrawal of consent where processing is based on consent.
  • Appeal or complaint rights under local law.

Depending on the feature, you may also be able to:

  • Edit your profile and privacy settings.
  • Manage notifications and certain email preferences.
  • Disconnect Google Contacts and optionally delete imported contact stubs.
  • Purge your contact stubs separately from deleting your account.
  • Request export of your account data.
  • Request account deletion.

To exercise formal rights, contact privacy@mutle.so. We may need to verify your identity before acting on a request.

17. California Privacy Notice

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended, including rights to know, access, correct, delete, limit certain uses of sensitive personal information, opt out of sale or sharing where applicable, and receive equal treatment for exercising your rights, subject to statutory exceptions.

We do not state that we sell personal information for money, and we do not state that we share personal information for cross-context behavioral advertising.

California residents may submit requests at privacy@mutle.so.

18. EEA, UK, Switzerland, and Similar Jurisdictions

If you are in the EEA, UK, or Switzerland, you may have rights under GDPR, UK GDPR, or similar laws, including the rights described above and the right to complain to your local supervisory authority.

19. Children

Mutle is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@mutle.so.

20. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we may provide notice by email, in-product notice, website notice, or other reasonable means. The "Last updated" date reflects the latest version.

21. Contact

For privacy questions or rights requests, contact:

BuzzChat Inc.
Privacy
1209 Orange Street
Wilmington, DE 19801
United States
privacy@mutle.so

For general support, contact support@mutle.so.

Terms of ServiceDeletion PolicyBack to Mutle