Privacy Policy
Last updated: December 24, 2025
1. Data Controller
The data controller responsible for your personal data is:
Piotr CiechowiczSchmohlstr. 2
13086 Berlin, Germany
Email: privacy@murmurd.com
2. Data We Collect
2.1 Account Data
When you register, we collect:
- Name and email address
- Password (encrypted)
- Profile picture (optional)
- Timezone preference
- Slack user ID (if connected)
2.2 Organization Data
For organization accounts:
- Organization name
- Division and team structures
- Member roles and relationships
- Billing information
2.3 Usage Data
When you use Murmurd:
- Check-in responses
- Escalation reports
- Priority records
- Interaction timestamps
2.4 Technical Data
Automatically collected:
- IP address
- Browser type and version
- Device information
- Access logs
3. Legal Basis for Processing
We process your data under the following legal bases (Article 6 GDPR):
| Data Type | Legal Basis |
|---|---|
| Account data | Contract performance |
| Usage data | Contract performance |
| AI processing | Legitimate interest |
| Marketing | Consent |
| Analytics | Legitimate interest |
4. How We Use Your Data
We use your data to:
- Provide and maintain the Service
- Send check-in prompts and reminders
- Generate AI-powered summaries
- Route escalations to appropriate team members
- Process payments
- Send transactional communications
- Improve our Service
- Comply with legal obligations
5. AI Processing
5.1 AI Summaries
Your check-in responses may be processed by AI to generate weekly summaries. This processing:
- Uses only data within your organization
- Excludes items marked as confidential
- Is performed by third-party AI providers
- Does not train AI models on your data
5.2 AI Provider Options
You can choose from multiple AI providers:
- OpenAI (US-based)
- Anthropic (US-based)
- Your own API key (Bring Your Own Key)
6. Data Sharing
6.1 Within Your Organization
Your data is visible to:
- Team members (for team-visible items)
- Managers (for escalations and summaries)
- Organization admins (for all organization data)
6.2 Service Providers
We share data with:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | US/EU |
| Slack | Messaging integration | US |
| Mailgun | Email delivery | EU |
| Railway | Hosting | EU |
| AI Providers | Summary generation | US |
6.3 Legal Requirements
We may disclose data when required by law or to protect our rights.
7. International Transfers
Some of our service providers are located outside the EU. We ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Additional technical measures
8. Data Retention
We retain your data for:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| Check-ins | 2 years |
| Escalations | 2 years |
| Priorities | 2 years |
| AI Summaries | 1 year |
| Audit logs | 3 years |
After termination, your data is deleted within 30 days unless legally required to retain it.
9. Your Rights
Under GDPR, you have the right to:
9.1 Access
Request a copy of your personal data.
9.2 Rectification
Correct inaccurate or incomplete data.
9.3 Erasure
Request deletion of your data (“right to be forgotten”).
9.4 Restriction
Request limitation of processing in certain circumstances.
9.5 Portability
Receive your data in a structured, machine-readable format.
9.6 Object
Object to processing based on legitimate interest.
9.7 Withdraw Consent
Withdraw consent at any time where processing is based on consent.
To exercise these rights, contact privacy@murmurd.com.
10. Cookies and Tracking
10.1 Cookie Consent
When you first visit our website, you will see a cookie consent banner. You can choose to:
- Accept All: Enable analytics cookies for a better experience
- Decline: Only essential cookies will be used
You can change your preference at any time by clearing your browser’s local storage and revisiting the site.
10.2 Essential Cookies
We use essential cookies for:
- Authentication
- Session management
- Security features
- Cookie consent preferences (stored in localStorage)
These cookies are strictly necessary and do not require consent.
10.3 Analytics Cookies (Consent Required)
If you consent, we use Google Analytics 4 to understand how our website is used. Google Analytics:
- Sets cookies including
_ga,_ga_*, and_gid - Collects anonymized IP addresses (IP anonymization is enabled)
- Tracks page views, session duration, and user interactions
- Is subject to Google’s Privacy Policy
If you decline cookies, Google Analytics is not loaded and no analytics cookies are set.
10.4 Third-Party Cookies
Our integrations (Slack, etc.) may set their own cookies subject to their privacy policies.
11. Data Security
We protect your data through:
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Regular security audits
- Access controls and logging
- Employee security training
12. Children’s Privacy
Murmurd is not intended for users under 18. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or in-app notice.
14. Complaints
If you believe we have violated your privacy rights, you may file a complaint with:
- Our Data Protection Officer: dpo@murmurd.com
- Your local data protection authority (in Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit)
15. Contact
For privacy-related questions:
- Email: privacy@murmurd.com
- Address: See our Impressum