Last Updated: March 28, 2025
Introduction: Our Commitment to Your Privacy
Mpalo GmbH (hereinafter "Mpalo", "we", "us", or "our"), located in [Placeholder] , is dedicated to advancing the field of artificial intelligence through the development of innovative technologies, with a particular emphasis on creating AI with true humanlike episodic memory. At Mpalo, the protection of the privacy and personal data of our users is of paramount importance. We are steadfastly committed to upholding the principles of the General Data Protection Regulation (GDPR), ensuring that your personal information is treated with the utmost care and respect. This privacy policy serves to provide you with comprehensive information regarding how Mpalo collects, utilizes, processes, and safeguards the personal data of individuals who interact with our website, utilize our AI attachable Engines (Palo Engines), including through our browser extension, or otherwise engage with our services. Our ethical framework prioritizes user privacy, and we are committed to reinvesting our profits into research and development. Furthermore, we maintain a strong stance against using user data for training our general AI models without obtaining explicit consent, reflecting our dedication to a "people-over-profit" ethos.
Who We Are
Mpalo GmbH operates as the data controller responsible for the processing of personal data collected through our website and services. Our registered address is [**Your Street Address**], [**Your Postal Code**] [Placeholder Place], Germany. Should you have any inquiries or concerns regarding this privacy policy or our data processing practices, please refer to the "Contact Us" section provided below for our contact information.
What Personal Data We Collect
Mpalo may collect various types of personal data from users, depending on the nature of their interaction with our services. These categories of data are outlined below:
- User Content: This encompasses any text, images, or other data that users input when utilizing the Mpalo browser extension to interact with third-party chatbots, such as ChatGPT, Gemini, Claude, or DeepSeek. Similarly, this category includes any data inputted directly through any application programming interfaces (APIs) provided by Mpalo for its Palo Engines (Lite, Palo Bloom, DEEP, DEEP-Research). This information is fundamental to the operation of our services, enabling the AI to process and respond to user queries.
- Personalization Data: This refers to information related to user preferences, settings, and the history of interactions with Mpalo's services. This data is crucial for personalizing the user experience and enabling the "humanlike episodic memory" functionality that distinguishes our Palo Engines. By retaining information about past interactions, choices, and specific contexts, our AI can provide more relevant and context-aware responses.
- Website Usage Data: When users visit Mpalo's website, we may automatically collect certain technical information. This includes the user's Internet Protocol (IP) address, browser type, operating system, referring URLs, the specific pages visited on our site, and the dates and times of these visits. This data is essential for analyzing website traffic, understanding user behavior patterns, and ultimately improving the functionality and overall user experience of our website.
- Cookie Data: Our website utilizes cookies and similar tracking technologies to collect information about your Browse activities. The specific types of cookies we use, their respective purposes, and how users can manage their preferences are detailed in the dedicated "Cookie Policy" section of this document. This may include session cookies, persistent cookies, and potentially third-party cookies used for analytics or marketing purposes.
- Account Information: Should users choose to register for an account to access Mpalo's APIs or other specialized services, we collect personal identification information necessary for account management and service provision. This typically includes the user's name, email address, potentially company information, and payment details if applicable.
The Mpalo browser extension functions as an intermediary between the user and third-party chatbot services. When a user inputs text into the extension, this input is first processed by the Mpalo engine locally on the user's device (where applicable, depending on the engine's design) before being securely transmitted to the chosen third-party chatbot. This distinction is important for users to understand the flow of their data and the respective responsibilities of Mpalo and the third-party service provider.
How We Use Your Personal Data
Mpalo processes the collected personal data for several specific and legitimate purposes, as outlined below:
- To Provide and Improve Our Services: User Content and Personalization Data are essential for enabling the core functionality of our Palo Engines, including humanlike episodic memory. Website Usage Data helps us enhance performance and user experience.
- To Enable AI Memory and Personalization: Personalization Data, including interaction history, is used to develop and maintain the episodic memory capabilities, allowing for contextually relevant interactions.
- To Respond to User Inquiries and Provide Support: We use contact details, Account Information, and potentially Personalization Data to respond effectively to support requests or questions.
- To Ensure the Security and Integrity of Our Services: We process Website Usage Data and other technical information to monitor for and protect against unauthorized access, misuse, or security breaches.
- To Comply with Legal Obligations: We may process and disclose personal data to adhere to applicable laws, regulations, legal processes (like subpoenas), or governmental requests.
- For Internal Research and Development: We may use anonymized and aggregated data for internal R&D to refine AI models, improve efficiency, and research ethical AI practices (e.g., bias detection, privacy tech).
- For Training Our AI Models (With Explicit Consent Only): Mpalo places a strong emphasis on user privacy. User Content and Personalization Data will not be used for training our general AI models offered to other users or the public unless we have obtained your explicit, informed consent to do so. Any potential use of user data for training will be clearly communicated, and users will have the right to opt-in or opt-out.
Legal Basis for Processing Your Personal Data
Mpalo relies on several legal grounds under the GDPR to justify the processing of your personal data:
- Consent: For specific purposes like optional AI model training (as explicitly stated above) or non-essential cookies, based on your freely given, specific, informed, and unambiguous consent. You can withdraw consent at any time.
- Performance of a Contract: When processing is necessary to fulfill our contractual obligations to you, such as providing API access or managing your registered account and subscriptions, including the provision of AI Memory and Personalization features core to the Service.
- Legitimate Interests: For improving our services, internal R&D (using anonymized/aggregated data where possible), ensuring security, analyzing website usage, and responding to inquiries, provided your rights do not override these interests.
- Legal Obligation: When processing is necessary to comply with laws and regulations applicable to Mpalo GmbH.
Your Rights Under the GDPR
As a data subject under the GDPR, you have specific rights regarding your personal data:
- Right to Access: Request confirmation if your data is processed and access details about it.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions.
- Right to Restriction of Processing: Request limitation of processing in specific situations.
- Right to Object to Processing: Object to processing based on legitimate interests, on grounds relating to your particular situation.
- Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it elsewhere, where applicable.
- Right to Withdraw Consent: Withdraw previously given consent at any time (e.g., for marketing or optional training).
- Right to Lodge a Complaint with a Supervisory Authority: If you believe our processing infringes GDPR, you can complain to a data protection authority. The lead supervisory authority for Mpalo GmbH is likely the **Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)**. Contact details can be found on their official website.
To exercise any of these rights (except lodging a complaint, which is done directly with the authority), please contact us using the information provided in the "Contact Us" section below. We will respond to your request in accordanceance with the GDPR.
Data Security
Mpalo implements comprehensive technical and organizational measures to ensure the security and integrity of your personal data and protect it against unauthorized access, disclosure, alteration, or destruction. These measures include robust encryption (e.g., AES-256 for advanced models like Palo Large and DEEP, and industry-standard encryption for Mini and Palo models) for data at rest and in transit, firewalls, strict access controls based on roles and necessity, regular security audits, vulnerability scanning, and employee training on data protection. We adhere to principles of data minimization and use pseudonymization where feasible. Security measures are continuously reviewed and updated commensurate with the risks involved.
Data Retention
Mpalo retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations (e.g., tax, accounting), resolving disputes, and enforcing agreements. Retention periods vary:
- User Content & Personalization Data for AI memory may be retained while the user account is active or until the user requests deletion or uses the "forgetting" mode.
- Website Usage Data is typically retained for shorter periods (e.g., 12-24 months) for analytics.
- Account Information is retained while the account is active and for a period afterward as required by law or for legitimate business needs.
Sharing Your Personal Data
Mpalo does not sell or rent your personal data. We may share it with third parties only in the following circumstances:
- Service Providers: Engaging vendors and partners for hosting, payment processing, analytics, customer support tools, etc. These providers act as data processors, are contractually obligated to protect your data, and only receive data necessary for their function.
- Legal Authorities & Compliance: If required by law, court order, or governmental request, or if needed in good faith to protect rights, safety, or property (ours or others).
- Business Transfers: In case of a merger, acquisition, asset sale, or bankruptcy, data may be transferred to the new entity, which will be bound by this policy or provide notice of changes.
- Third-Party Chatbots (via Browser Extension): When using the Mpalo Browser Extension, your input processed by the Mpalo engine (e.g., Palo) is then sent *by you* (or by the extension acting on your explicit instruction) to the chosen third-party chatbot service (e.g., ChatGPT, Gemini). Data sent to these third-party services is governed by *their* respective privacy policies and terms of use. Mpalo does not control the data practices of these third-party services once the data has been transmitted to them. We encourage you to review the privacy policies of any third-party service you interact with.
- With Your Consent: We may share data with other third parties if we have your explicit consent to do so.
We remain committed to not disclosing your personal data to third parties for their direct marketing without your explicit consent.
Children's Privacy
Mpalo's services are not directed at or intended for use by children under the age of 16. We do not knowingly collect personal data from individuals under 16. If you believe a child under 16 has provided us with personal data without verifiable parental consent, please contact us immediately using the details below. If we become aware of such collection, we will take steps to delete the information promptly.
Cookie Policy
What are Cookies?
Cookies are small text files stored on your device (computer, phone) when you visit websites. They help websites function, remember preferences, analyze usage, and sometimes deliver targeted ads. Similar technologies like local storage or pixels may also be used.
How We Use Cookies
Mpalo uses cookies and similar technologies for:
- Strictly Necessary Cookies: Essential for website operation (e.g., maintaining login sessions, security, managing cookie consent). Consent is not typically required for these.
- Analytics Cookies: Help us understand how visitors use our site (e.g., which pages are popular, error rates) to improve performance. We use tools like Google Analytics. Your explicit consent is required for these cookies.
- Functional Cookies: Remember your choices (e.g., language preference, consent status for other cookies) for a more personalized experience. Your explicit consent is required for these cookies.
- Marketing Cookies (If Applicable): Used to track Browse activity across websites to show relevant ads. We will clearly indicate if/when these are used and always require your explicit consent. Currently, Mpalo does not actively deploy third-party marketing cookies for advertising purposes, but this may change in the future with clear notice and consent options.
Types of Cookies We Use
Here's an overview of potential cookies (actual cookies may vary):
| Cookie Name | Category | Purpose | Duration | Provider |
|---|---|---|---|---|
sessionid (example) |
Strictly Necessary | Maintains user login session. | Session | Mpalo |
csrftoken (example) |
Strictly Necessary | Protects against cross-site request forgery. | 1 year | Mpalo |
_ga |
Analytics | Google Analytics: Distinguishes users for traffic analysis. | 2 years | |
_gid |
Analytics | Google Analytics: Distinguishes users. | 24 hours | |
cookie_consent_status (example) |
Functional | Remembers user's cookie consent choices. | 1 year | Mpalo |
mpalo_session (example) |
Strictly Necessary | Manages user session for logged-in services. | Session | Mpalo |
mpalo_csrf_token (example) |
Strictly Necessary | Helps prevent cross-site request forgery attacks. | Session / 1 Year | Mpalo |
lang_pref (example) |
Functional | Remembers user's preferred language. | 1 year | Mpalo |
_fbp (example, if used) |
Marketing | Facebook Pixel: Used for ad tracking and optimization. | 3 months | Facebook (Meta) |
Session cookies expire when you close your browser. Persistent cookies remain until their expiry date or you delete them.
Managing Your Cookie Preferences
You can manage non-essential cookies via our cookie consent banner/tool (if implemented). You can also control cookies through your browser settings. Find instructions here:
Note that disabling strictly necessary cookies may prevent the website from functioning correctly. Disabling other cookies might affect your experience (e.g., preferences won't be remembered).
Third-Party Websites and Services
Our services, particularly the browser extension, interact with third-party platforms (e.g., ChatGPT, Gemini). This privacy policy applies *only* to data processed by Mpalo. When data is sent to a third party (either by our service acting on your behalf, or by you directly via the extension), it becomes subject to that third party's privacy policy and terms. We are not responsible for their data practices. Please review their policies.
Updates to This Privacy Policy
We may update this policy periodically to reflect changes in our practices, technology, or legal requirements. Significant changes will be communicated via a notice on our website, email (for registered users), or other appropriate means. Please review this policy regularly. The "Last Updated" date at the top indicates the latest revision. Continued use of our services after updates constitutes acceptance of the revised policy.
Definitions used in this Privacy Policy (such as AI Memory, Personalization Data, User Content, AI Output, Browser Extension, AI Models, Third-Party Services, Classified Technology) have the same meaning as defined in our Terms of Use, unless otherwise specified herein.
Contact Us
If you have questions, concerns, or wish to exercise your data protection rights, please contact us:
Mpalo GmbH
Attn: Data Privacy
[**Your Street Address**]
[**Your Postal Code**] [Placeholder Place]
Germany
Email: privacy@mpalo.ai
If Mpalo appoints a Data Protection Officer (DPO), their specific contact details will be provided here.
Conclusion
This policy outlines Mpalo's commitment to protecting user data under GDPR, covering collection, use, rights, security, and more. We emphasize transparency regarding our services, including the browser extension and third-party interactions, and our ethical stance on data use, particularly for AI training. We strive to uphold high data privacy standards. Please contact us with any questions.