nav.links.legal
Privacy Policy
This Privacy Policy explains in simple terms how we handle personal data when you use m-pathy.
Last updated: 11 January 2026
1. Controller
The controller responsible for data processing in connection with m-pathy is: NAAL UG (limited liability) Maria-Theresia-Str. 11 81675 Munich, Germany E-mail: support@m-pathy.ai
2. Privacy by design
m-pathy follows privacy by design and by default. β’ Data is processed only when necessary β’ Processing scope and duration are minimised β’ No implicit user profiles are created Privacy is enforced architecturally, not situationally.
3. Categories of data
Depending on usage, the following categories of data may be involved: β’ account and contact data (if actively provided), β’ technical usage data (security and stability only), β’ payment data (processed by external providers), β’ user prompts and responses (technical processing only). Prompt content is not used for profiling, advertising, behavioural analysis, or training.
4. Local processing and storage
Prompt content is processed locally or transiently and is not permanently stored on servers in identifiable or reconstructable form.
5. Local archive and context injection
m-pathy allows users to store selected content locally in an archive. Users may explicitly select archived items and inject them into a new chat. β’ operates exclusively on local storage, β’ requires deliberate user action, β’ injected context is fully visible, β’ no automatic or implicit memory exists.
6. Verification and Triketon
When users verify content (e.g. news articles), m-pathy uses Triketon. β’ content is transmitted to the server solely for verification, β’ a cryptographic truth hash is computed, β’ a public verification key is generated or associated, β’ the original content is not stored, β’ only hash, public key, and minimal technical metadata are retained. Stored data does not allow reconstruction of the original content.
7. Prompt normalisation and drift prevention
Before execution, MAIOS 2.0 analyses prompts. If a prompt is structurally ambiguous, inconsistent, or drift-prone, the system may restructure the phrasing. β’ user intent is preserved, β’ only structure and safety clarity are adjusted, β’ no prompt is stored, β’ no learning or profiling occurs.
8. Local storage and devices
All user-generated content is stored exclusively in local storage on the userβs device. β’ local storage is persistent until deleted by the user, β’ deleting local storage results in irreversible data loss, β’ no server-side backups exist. Each device receives a distinct public key. Data is isolated per device.