Privacy Policy
Last updated: April 28, 2026
1. Information We Collect
Journal entries. Your journal text is encrypted at rest using Evervault end-to-end encryption before it touches our servers. It is decrypted only on our backend, only at the moment of an AI call, and only inside a single function invocation that does not persist plaintext.
Health data. With your explicit permission, MULIO reads Apple HealthKit fields (sleep, steps, HRV) to enrich your weekly intelligence reports. This data is never sold, never used for advertising, and never sent to DeepSeek.
Account information. Your Apple ID email and display name when you sign in with Apple, plus a Firebase user ID issued at first launch.
Profile fields. Onboarding fields you enter (role, industry, goals, language preference, declared dietary preferences and supplement stack). These are sent to DeepSeek alongside the relevant week’s journal text when generating reports or answering Ask MULIO questions.
Usage analytics. Anonymous, aggregate usage patterns to improve the app. No journal content is included in analytics.
2. How We Use Your Information
Generate your weekly intelligence reports, your seven-day This Week playbook, and your Ask MULIO consultation responses, via the DeepSeek V4 Pro language model (see §5).
Build cross-week semantic memory (via Mem0) so reports can reference longer-term patterns. Mem0 receives anonymized insights extracted by AI — never raw journal text.
Run web searches (via Exa) for research-backed citations in reports. Exa receives search queries derived from journal themes, never raw journal text.
Send push notifications for report delivery and This Week protocol blocks (via Firebase Cloud Messaging).
Manage your subscription (via Apple StoreKit; no card data ever touches our servers).
3. Data Encryption
All journal text and sensitive fields are encrypted at rest using Evervault before they reach our database. Evervault never sees plaintext — we send it ciphertext, and we receive ciphertext back. The plaintext exists only briefly on our backend, in memory, at the moment of an AI call.
All data in transit uses TLS 1.2 or higher. Firebase App Check is enabled to prevent unauthorized API access.
4. Third-Party Service Providers
MULIO uses the following third-party services to operate. Each service receives only the minimum data necessary to perform its function.
| Provider | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| DeepSeek Hangzhou DeepSeek Artificial Intelligence Co., Ltd. | Generates Weekly Reports, This Week playbooks, and Ask MULIO consultation responses. | Decrypted journal text for the week being analyzed; your profile (goals, role, industry, language preference, declared dietary preferences and supplement stack); the week’s diagnostician summary; and your question text for Ask MULIO. | cdn.deepseek.com… |
| Firebase / Google Cloud | Authentication, database, file storage, push notifications, cloud functions. | Firebase UID, encrypted journal entries, reports, subscription status, FCM tokens. | firebase.google.com… |
| Evervault | End-to-end encryption of sensitive journal data. | Encrypted ciphertext (Evervault never sees plaintext). | evervault.com/privacy |
| Exa | Web search for research-backed insights in reports. | Search queries derived from journal themes (no raw journal text). | exa.ai/privacy |
| Mem0 | Semantic memory for personalized long-term context. | Anonymized insights extracted by AI (no raw journal text), keyed by Firebase UID. | mem0.ai/privacy |
| Apple | Sign in with Apple, StoreKit subscriptions, HealthKit. | Apple ID (hashed), subscription transactions, health data (sleep, steps, HRV). | apple.com/privacy |
5. AI Models & Where Your Data Is Processed
MULIO’s AI features — the Sunday Weekly Report, the seven-day This Week playbook, and Ask MULIO consultation responses — are produced by an AI language model called DeepSeek V4 Pro, operated by Hangzhou DeepSeek Artificial Intelligence Co., Ltd. (“DeepSeek”). This section explains what that means for your data.
Where the model runs
DeepSeek is a Chinese AI company. The DeepSeek V4 Pro model runs on servers located in mainland China. DeepSeek’s published privacy policy states they “directly collect, process and store your Personal Data in People’s Republic of China.” When MULIO generates a report or answers an Ask MULIO question, the relevant inputs are sent from our backend (Google Cloud, in the United States) to DeepSeek’s API, which routes the request to a model running on Chinese infrastructure.
What is sent to DeepSeek, and what is not
- Sent:the week’s journal text (decrypted server-side immediately before the call), your profile fields you entered during onboarding (role, industry, goals, language preference), and any context that the report or question explicitly requires (e.g. last week’s diagnosis summary).
- Not sent: your name, your email address, your Apple ID, your Firebase user ID, your subscription billing information, your HealthKit data, your IP address, or any field MULIO does not explicitly include in the prompt. We send what the model needs to do its job and nothing else.
Your journal text is encrypted at rest in our database (via Evervault). It is decrypted only on our backend, only at the moment of an AI call, and only inside a single function invocation that does not persist plaintext.
Jurisdictional implications
Data processed by DeepSeek is subject to applicable laws of the People’s Republic of China, which include the Cybersecurity Law (2017), the Data Security Law (2021), and the Personal Information Protection Law (2021). Under these laws, Chinese authorities may, in certain circumstances, request access to data processed within China. We are not in a position to limit such requests beyond DeepSeek’s published privacy commitments. If you are uncomfortable with this, please do not use MULIO, and existing users may delete their account at any time via Settings → Data & Privacy → Delete Account.
Why we made this choice
We chose DeepSeek V4 Pro for two reasons: (1) the model produces substantially more useful coaching responses for our domain (longitudinal behavioral analysis, ADHD-shaped protocols, evidence synthesis) than the alternatives we evaluated, at our quality bar; and (2) the cost is roughly 1/20th of equivalent-quality U.S.-hosted models, which lets us keep the daily journal feature free and the subscription priced at $14.99/month rather than $40+. We considered the privacy trade-off and decided to disclose it transparently rather than hide it.
How DeepSeek handles your data
DeepSeek’s published privacy policy is the source of truth for retention, model training, and your rights as a user. Please read it directly at cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html. Two points worth pulling out, accurate at the time of writing:
- Retention. DeepSeek’s policy states they “retain Personal Data for as long as necessary to provide our Services” and that account-tied data is kept “for as long as you have an account.” DeepSeek does not publish a specific retention duration in days for API request data. Deleting your MULIO account does not, by itself, delete prior request data already on DeepSeek’s servers — but it does ensure no further requests are made on your behalf.
- Model training. DeepSeek’s policy describes using collected data “to improve and develop the Services and to train and improve our technology, such as our machine learning models and algorithms.” DeepSeek offers a user-level opt-out from training. Whether MULIO’s specific API calls are subject to training depends on DeepSeek’s API contract terms; if you have a strong preference, the safest path is account deletion.
If DeepSeek changes its data-handling commitments in a way that materially affects MULIO’s data flow, we will update this section and notify subscribers via the in-app changelog.
Anthropic SDK, not Anthropic the company
A technical note for the curious: MULIO’s backend uses an open-source SDK published by Anthropic to communicate with DeepSeek’s API, because DeepSeek’s API speaks the same wire format. Anthropic the company is not in our data path. Your journal text never touches Anthropic’s servers. The SDK is a translation layer, no different from any other HTTP client.
6. Data Retention
| Data type | Retention period | Notes |
|---|---|---|
| Journal entries (encrypted) | Until account deletion | Stored in Firestore with Evervault encryption. |
| Intelligence reports | Until account deletion | Generated weekly/monthly, stored in Firestore. |
| Health snapshots | Until account deletion | Aggregated weekly from HealthKit. |
| Mem0 memories | Until account deletion | Deleted via Mem0 API on account deletion. |
| Data export files | 24 hours | Auto-deleted from Firebase Storage. |
| Anti-abuse identifier | Indefinite | A non-reversible SHA-256 hash of your Apple ID is retained after account deletion to prevent abuse of the free consultation offer. This hash cannot be used to identify you. |
7. GDPR Rights
If you are located in the European Economic Area (EEA), you have the right to:
- Accessyour personal data (Settings → Privacy → Export Data).
- Erasureof your personal data (Settings → Account → Delete Account).
- Portability of your data in machine-readable format (JSON export).
- Restrictionof processing — contact support@mulio.ai.
- Objectto processing — contact support@mulio.ai.
- Lodge a complaint with your local data protection authority.
Data export is available once every 24 hours. Account deletion removes all data from our systems within 30 days, with the exception of the anti-abuse identifier described in §6.
8. Children’s Privacy (COPPA)
MULIO is not intended for children under 13. We do not knowingly collect personal information from children under 13. An age verification gate is presented on first use.
9. Security
- End-to-end encryption via Evervault for journal entries.
- Firebase App Check to prevent unauthorized API access.
- Sign in with Apple for secure, private authentication.
- TLS 1.2+ for all data in transit.
- All MULIO infrastructure is hosted in the United States (Google Cloud, Firebase). The only data flow that leaves the U.S. is the AI call to DeepSeek (mainland China), described in §5.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through the in-app changelog and via email to subscribers. The “Last updated” date at the top of this page reflects the most recent revision.
11. Contact
For privacy inquiries (access, deletion, restriction, objection, portability), contact support@mulio.ai. For general support, contact support@mulio.ai.
MULIO is published by Exitroom101 LLC, United States.