Privacy Policy, Karma Police
Version history
We maintain every published version of this policy on this site. This is the first published Privacy Policy.
Current: Version 1.0 — effective April 9, 2026.
Previous versions
None yet. When we publish a new policy, the prior version will be linked here (for example privacypolicy-v1.html).
CLASSIFICATION: LEGAL-CRITICAL — DRAFT
This is the first complete draft of the Mpalo Privacy Policy. It must be reviewed and approved by qualified privacy counsel before publication. Every [PLACEHOLDER] and [CONFIRM WITH COUNSEL] marker must be resolved before the policy goes live.
Companion documents: 3.2 Privacy Policy — Decision Record & Pre-Launch Legal Checklist · 3.1 Legal & Tax Risk Register
Privacy Policy
Effective date: April 9, 2026
Last updated: April 9, 2026
Version: 1.0
1. Who We Are
Mpalo Inc. is a Delaware Public Benefit Corporation. We build Palo Bloom — an AI memory infrastructure API that enables developers and AI agents to store, retrieve, and manage episodic memory. Our registered address is:
Mpalo Inc.
[PLACEHOLDER — registered agent address, Delaware]
For all privacy-related enquiries, contact us at: privacy@mpalo.com
Data Protection Officer: [PLACEHOLDER — DPO name and contact details to be inserted upon appointment. DPO appointment is a pre-launch requirement. See internal checklist 3.2.]
EU Representative under Article 27 GDPR: [CONFIRM WITH COUNSEL — if Mpalo does not have a formal EU establishment, an Article 27 representative must be appointed before processing EU resident data. If the founder's activities in Germany constitute an establishment under Article 3(1), this requirement does not apply and should be removed.]
2. Scope of This Policy
This Privacy Policy applies to personal data processed by Mpalo Inc. when acting as a data controller — that is, when we determine the purposes and means of processing. This includes:
- Visitors to mpalo.com and mind.mpalo.com
- Developers and organisations who register for and use the Palo Bloom API
- Users of the Mpalo browser extension
- Individuals who contact us directly
What this policy does not cover: When developers use the Palo Bloom API to store and manage their own end users' data, Mpalo processes that data as a data processor acting on the developer's instructions. That processing is governed by a separate Data Processing Agreement (DPA), not this policy. If you are an end user of a product built on Palo Bloom and have questions about how your data is handled, please contact the developer or company whose product you use.
BYOVS (Bring Your Own Vector Store) users who manage their own vector store infrastructure are independent data controllers for the data they store. Mpalo provides infrastructure tools in that context but does not determine the purposes of processing.
3. Personal Data We Collect
The personal data we collect depends on how you interact with our services. The table below sets out each category, its source, and the user groups it applies to.
| Data category | Description | Collected from |
|---|---|---|
| Account information | Name, email address, company name, billing address, payment details | Developers / API users registering for an account |
| API usage data | API call logs, request metadata, response times, error rates, usage volume | Developers / API users interacting with the API |
| Memory content | Text, structured data, and other content submitted via the API for storage as memory objects | Developers submitting data on behalf of their end users (processed as processor); direct API users (processed as controller) |
| Phone number | Phone number provided for account verification or two-factor authentication | Developers / API users who enable phone-based authentication |
| Location data | Approximate or precise location, if you explicitly opt in | Any user who affirmatively enables location-based memory features |
| Browser extension input | Text you type into supported chatbot interfaces while the extension is active | Browser extension users, only during active interaction |
| Website usage data | IP address, browser type, operating system, referring URL, pages visited, timestamps | All website visitors |
| Communications | Content of emails, support requests, or other direct communications with Mpalo | Anyone who contacts us |
| Cookie and preference data | Session identifiers, language preferences, consent records | All website visitors and logged-in users |
A note on sensitive data: The Mpalo browser extension intercepts content you type into chatbot interfaces. Chatbot conversations may incidentally contain sensitive personal information — including information about health, beliefs, relationships, or financial circumstances. We do not request or require sensitive data, but we acknowledge it may be present in memory content submitted via the API or extension. Where we determine that special category data under GDPR Article 9 is likely to be processed at scale, we will seek explicit consent or rely on Article 9(2)(a) as appropriate. [CONFIRM WITH COUNSEL — this triggers Article 9 obligations; confirm legal basis before launch.]
4. How We Use Your Data and Our Legal Basis
We process personal data only for the purposes set out below. For each purpose, we identify the legal basis under GDPR Article 6 (and Article 9 where applicable).
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing and operating the Palo Bloom API and platform | Account information, API usage data, memory content | Performance of contract — Article 6(1)(b) |
| Account management, billing, and payment processing | Account information, payment details | Performance of contract — Article 6(1)(b) |
| Sending transactional communications (account alerts, API status, security notices) | Email address | Performance of contract — Article 6(1)(b) |
| Security, fraud prevention, and abuse detection | Account information, API usage data, hashed phone number, IP address | Legitimate interests — Article 6(1)(f) — to protect the platform and our users from fraud and abuse |
| Maintaining and improving the platform | API usage data, website usage data | Legitimate interests — Article 6(1)(f) — to develop and improve our services |
| Responding to support requests and communications | Communications, account information | Legitimate interests — Article 6(1)(f) — to maintain effective customer support |
| Complying with legal obligations | Any data relevant to the obligation | Legal obligation — Article 6(1)(c) |
| Browser extension memory capture | Browser extension input | Consent — Article 6(1)(a) — obtained at first activation of the extension |
| Location-based memory enrichment | Location data | Consent — Article 6(1)(a) — explicit opt-in required; not collected by default |
| AI model training — EU users | Memory content, API usage data | Legitimate interests — Article 6(1)(f) — with unconditional opt-out right; opt-out is the default for EU users |
| AI model training — non-EU users | Memory content, API usage data | Consent — Article 6(1)(a) — explicit opt-in required; off by default |
| Data sharing across the full Mpalo product ecosystem | Memory content, usage data | Consent — Article 6(1)(a) — Tier 2 opt-in required; off by default |
Legitimate interest assessments: Where we rely on Article 6(1)(f) legitimate interests, we have conducted or will conduct a Legitimate Interest Assessment (LIA) before processing begins. If you wish to receive a summary of the LIA for a specific processing activity, contact us at privacy@mpalo.com.
5. AI Model Training
This section explains in detail how your data may be used to train Palo Bloom's AI models, and what happens to your data if it has been incorporated into model training.
5.1 Training defaults
If you are based in the EU or EEA: Your data will not be used to train our AI models unless you actively opt out of the legitimate interest basis we rely on. Opting out is straightforward — see Section 10 (Your Rights). You can also use the training toggle in your account settings. Opting out of training does not affect your ability to use Palo Bloom.
If you are based outside the EU or EEA: Your data will not be used to train our AI models unless you affirmatively opt in. The opt-in toggle is available in your account settings. You can withdraw opt-in at any time.
5.2 What "training" means
AI model training involves processing data to adjust the statistical parameters (sometimes called "weights") of a machine learning model. The model learns patterns from data; it does not store or retrieve discrete records the way a database does.
5.3 Important limitation: data in trained model weights
You should be aware of the following limitation before opting in to model training:
Once your data has been used to train a model, the influence of that data becomes embedded in the model's parameters. This is a technical characteristic of how machine learning models work. It is not possible to identify and remove the precise influence of a specific individual's data from trained model weights without retraining the model from scratch — a process that is technically complex and resource-intensive.
This means that if you later request deletion of your account or data, or if you withdraw consent or invoke your right to erasure under GDPR Article 17, we will:
- Delete your personal data from all databases, storage systems, and backups within the timelines described in Section 8
- Exclude your data from all future training runs
- Evaluate trained models for evidence of memorisation or regurgitation of personal data, and apply output filtering where necessary
- Provide you with a written summary of the steps taken upon request
However, we cannot guarantee complete removal of data influence from model weights already trained before your deletion request. We disclose this limitation transparently because we believe you are entitled to understand it before deciding whether to opt in.
We have assessed this limitation as part of our Data Protection Impact Assessment. [CONFIRM WITH COUNSEL — DPIA mandatory under German DSK list Item 11; must be completed before launch.]
6. Browser Extension
The Mpalo browser extension is a tool that enables AI memory functionality in third-party chatbot interfaces.
What the extension does
The extension activates on designated chatbot pages — including [PLACEHOLDER — list supported domains e.g. chat.openai.com, gemini.google.com — CONFIRM WITH ENGINEERING]. When you type input into a supported chatbot interface, the extension captures that input and transmits it to Palo Bloom's API for processing and storage as a memory object.
What the extension does not do
The extension does not operate in the background or collect data passively. It does not monitor your browsing activity, read content from pages you visit other than the supported chatbot interfaces, or collect data outside of your active interaction with a supported chatbot. [CONFIRM WITH ENGINEERING — verify this accurately describes the extension's technical scope before publication.]
Legal basis and consent
The extension's data capture constitutes access to information stored in or transmitted from your terminal equipment within the scope of the ePrivacy Directive (2002/58/EC), Article 5(3). Prior consent is required. We obtain this consent through a clear onboarding flow at first installation and activation. You can withdraw consent at any time by disabling or uninstalling the extension.
Third-party chatbot services
When you use a supported chatbot service, your interaction with that service — including content sent to and received from the chatbot — is also subject to that service's own privacy policy and terms of use. Mpalo is not responsible for the data practices of third-party chatbot providers. We encourage you to review their policies.
7. Sharing Your Data
Mpalo does not sell your personal data. We do not share your personal data with third parties for their own marketing purposes. We share data only in the following circumstances.
7.1 Sub-processors
We use third-party service providers (sub-processors) to operate our platform. These providers process personal data on our behalf under contractual obligations that require them to protect your data and process it only for the purposes we specify. Our current sub-processors are:
| Sub-processor | Location | Purpose | Transfer mechanism |
|---|---|---|---|
| Stripe, Inc. | USA | Payment processing and billing | EU–US Data Privacy Framework; SCCs as fallback |
| Twilio Inc. / SendGrid | USA | Transactional email delivery and SMS communications | EU–US Data Privacy Framework; SCCs as fallback |
| Cloudflare, Inc. | USA | Content delivery, DDoS protection, DNS | EU–US Data Privacy Framework; SCCs as fallback |
| Redis Ltd. | [CONFIRM WITH ENGINEERING — Redis deployment location] | In-memory caching and session data | [CONFIRM — transfer mechanism if applicable] |
| [Cloud infrastructure provider] | [PLACEHOLDER — to be confirmed before launch] | Primary application hosting and data storage | [PLACEHOLDER — DPA and transfer mechanism to be confirmed] |
An up-to-date list of sub-processors is maintained at mpalo.com/legal/sub-processors. We will provide 30 days' advance notice of any new sub-processor or material change to an existing sub-processor. Registered users will be notified by email.
7.2 Legal compliance and safety
We may disclose personal data to law enforcement, government bodies, or courts where we are legally required to do so, or where we have a good-faith belief that disclosure is necessary to protect the rights, safety, or property of Mpalo, our users, or others.
7.3 Business transfers
If Mpalo is involved in a merger, acquisition, asset sale, or reorganisation, personal data may be transferred to the acquiring entity. We will notify affected users and ensure the acquiring entity is bound by equivalent data protection commitments.
7.4 Pillar data sharing — two-tier consent model
Mpalo is building a broader product ecosystem that may in the future include additional products and services beyond Palo Bloom (collectively, the "Mpalo ecosystem").
Tier 1 (default): Your data is used exclusively within Palo Bloom. It is not shared with other Mpalo products or used for purposes outside of the Palo Bloom service. This is the default and applies unless you actively choose Tier 2.
Tier 2 (opt-in only): If you choose to opt in, your data may be shared across the broader Mpalo ecosystem as additional products become available. This opt-in is separate from all other consent events. You can withdraw at any time via your account settings. Tier 2 opt-in does not change your Tier 1 settings or any other consent.
8. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose for which it was collected, and in accordance with our legal obligations.
| Data category | Retention period |
|---|---|
| Account information | Duration of account plus [PLACEHOLDER — e.g. 3 years] for legal and accounting obligations |
| Memory content | Until you delete it, or until account deletion — whichever comes first |
| API usage logs | [PLACEHOLDER — e.g. 12 months rolling] |
| Website usage data | [PLACEHOLDER — e.g. 12 months rolling] |
| Hashed phone numbers | [CONFIRM WITH COUNSEL — current decision is indefinite retention on legitimate interest grounds for fraud prevention. Counsel must confirm this is defensible against GDPR Article 5(1)(e) storage limitation or specify a maximum period.] |
| Backup copies | Purged within 30 days of a valid deletion request |
| Consent records | Life of account plus 3 years after account closure |
| Communications and support records | [PLACEHOLDER — e.g. 3 years from last interaction] |
Deletion requests: When you request deletion of your account or any personal data, we will action the deletion in our live systems promptly. Backup copies are purged within 30 days. We will confirm completion in writing upon request.
Trained model weights: As described in Section 5.3, data incorporated into trained model weights cannot be fully deleted. We will take all available mitigation steps and provide a written summary upon request.
9. International Data Transfers
Mpalo Inc. is a US-incorporated entity. If you are located in the EU or EEA, your personal data may be transferred to and processed in the United States or other countries outside the EEA.
Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place. For transfers to our US-based sub-processors, we rely on:
- EU–US Data Privacy Framework (DPF): Where the sub-processor is certified under the DPF
- Standard Contractual Clauses (SCCs): The European Commission's 2021 SCCs, as a supplementary or standalone transfer mechanism
For each sub-processor, the applicable transfer mechanism is indicated in the sub-processor table in Section 7.1. A Transfer Impact Assessment (TIA) has been or will be conducted for each transfer before live data processing begins. [CONFIRM WITH COUNSEL — confirm TIAs are completed before launch.]
If you have questions about the specific safeguards applicable to a particular transfer, contact us at privacy@mpalo.com.
10. Your Rights
If you are located in the EU or EEA, you have the following rights under GDPR. We will respond to all requests within one month, extendable by a further two months where the request is complex.
| Right | What it means | How to exercise it |
|---|---|---|
| Access (Article 15) | Request a copy of the personal data we hold about you and information about how we process it | Email privacy@mpalo.com or use the export function in your account settings |
| Rectification (Article 16) | Request correction of inaccurate or incomplete data | Email privacy@mpalo.com or edit directly in your account settings |
| Erasure (Article 17) | Request deletion of your personal data | Account settings, or email privacy@mpalo.com. Note: deletion from trained model weights is subject to the limitation described in Section 5.3. |
| Restriction (Article 18) | Request that we limit how we use your data while a dispute is resolved | Email privacy@mpalo.com |
| Portability (Article 20) | Receive your data in a structured, machine-readable format (JSON) | Account settings — export function |
| Object (Article 21) | Object to processing based on legitimate interests, including AI model training | Account settings — training toggle, or email privacy@mpalo.com. Objection to training is an absolute right and will be honoured without requiring justification. |
| Withdraw consent | Withdraw any consent you have given at any time | Account settings toggles, or email privacy@mpalo.com. Withdrawal does not affect the lawfulness of processing before withdrawal. |
| Lodge a complaint | Complain to a supervisory authority | [CONFIRM WITH COUNSEL — insert the correct Landesdatenschutzbeauftragte for the founder's German state of residence. BfDI is NOT the correct authority for a private-sector company. This must be confirmed before launch.] |
You may also lodge a complaint with the supervisory authority in your EU Member State of habitual residence, place of work, or place of the alleged infringement under Article 77 GDPR.
To exercise any right, contact: privacy@mpalo.com. We may ask you to verify your identity before fulfilling a request.
11. Children's Privacy
Mpalo's services are not directed at or intended for use by persons under 16 years of age. We do not knowingly collect personal data from anyone under 16. Age is verified at account creation. If you believe a person under 16 has provided us with personal data, please contact privacy@mpalo.com and we will delete it promptly.
12. Cookies
Mpalo uses only the following categories of cookies. We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. This commitment is permanent — any future introduction of non-essential cookies would require a policy amendment and fresh consent from all users.
| Cookie | Category | Purpose | Duration |
|---|---|---|---|
| Session identifier | Strictly necessary | Maintains your login session | Session |
| CSRF token | Strictly necessary | Protects against cross-site request forgery | Session / 1 year |
| Consent record | Preference | Records your cookie consent choices | 1 year |
| Language preference | Preference | Remembers your preferred language | 1 year |
Strictly necessary cookies do not require your consent as they are essential for the website to function.
Preference cookies require your consent. You can manage your preferences via the cookie settings panel [PLACEHOLDER — link to cookie settings panel] or via your browser settings.
13. Data Security
We implement technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Encryption of personal data at rest
- Encryption of personal data in transit (TLS)
- Role-based access controls limiting data access to authorised personnel
- Regular security assessments and vulnerability scanning
- Employee training on data protection obligations
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34.
14. Data Protection Impact Assessment
Mpalo has conducted a Data Protection Impact Assessment (DPIA) under GDPR Article 35 for its core AI memory processing activities. [PLACEHOLDER — replace with confirmation that DPIA has been completed, and the date. DPIA is legally mandatory under German DSK list Item 11 before launch — this is a hard pre-launch gate.]
The DPIA examined the risks associated with: episodic memory storage and retrieval; browser extension data capture; AI model training on personal data; and large-scale processing of potentially sensitive conversational data. The DPIA identified and documented mitigation measures, which are reflected in this policy and in Mpalo's internal security and governance practices.
15. Changes to This Policy
We may update this Privacy Policy from time to time. All changes are logged in our public changelog at mind.mpalo.com/privacy.
Material changes — defined as: new categories of data collected; new sub-processors; changes to retention periods; changes to the legal basis for any processing; changes to user rights mechanisms — will be communicated to all registered users by email at least 30 days before the change takes effect. You will have the opportunity to review the change and, where the change relates to consent-based processing, to withdraw consent before the change applies to your data.
Non-material changes — including typographical corrections, formatting updates, and contact detail changes — will be reflected in the changelog without advance notice.
16. Contact
For any questions about this Privacy Policy, to exercise your data protection rights, or to raise a concern about how we handle your data:
Email: privacy@mpalo.com
Postal address:
Mpalo Inc. — Data Privacy
[PLACEHOLDER — registered address]
Data Protection Officer: [PLACEHOLDER — name and contact details upon appointment]
We aim to respond to all privacy enquiries within 5 business days and to complete substantive responses to rights requests within one month.