Privacy Policy
Effective date: May 7, 2026
This Privacy Policy explains how Murmo ("Murmo", "we", "us", or "our") collects, uses, stores, and shares information when you use the Murmo mobile application (the "App"), an AI-powered audio generation service for relaxation content. By creating an account or using the App, you agree to the practices described below.
1. Who We Are
Murmo is operated as an independent service. The App is intended for adult users (18+) who wish to generate AI-assisted audio content for personal use. If you have any questions about this policy or how your data is handled, you can contact us at the address listed in the "Contact Us" section at the end of this document.
2. Scope
This policy applies to information processed through the Murmo App and its backend services. It does not apply to third-party services that you may access independently, even if they are referenced or used by Murmo to deliver functionality. Where a third party processes your data on our behalf, the relevant providers are listed in Section 5.
3. Information We Collect
3.1 Information you provide
- Account information: your email address and password. Passwords are never stored in plain text; they are stored as cryptographic hashes by our authentication provider.
- Generation prompts: the text you submit to generate audio content. Prompts are processed to produce a script and corresponding audio output.
- Generated content: audio files produced from your prompts, along with metadata such as generation parameters and timestamps. Content is associated with your user ID.
- Subscription and purchase data: records of in-app purchases and subscription status, processed through our subscription management provider.
3.2 Information we do not collect
The App does not collect precise location data, contacts, photos, microphone input, or camera input. The App does not request access to device identifiers beyond what is technically required by our authentication and subscription providers, and it does not include third-party analytics or advertising SDKs.
3.3 Payment information
Payment card details and billing information are handled exclusively by Google Play Billing. Murmo does not receive, store, or have access to your payment card data.
4. How We Use Your Information
We process the information described above for the following purposes:
- To create and authenticate your account.
- To generate the audio content you request, by passing your prompts and generated text to the AI service providers listed in Section 5.
- To store your generated audio so it remains available to you within the App.
- To process and validate subscriptions and in-app purchases.
- To respond to support requests and enforce our terms of service.
- To detect, prevent, and address fraud, abuse, or technical issues.
- To comply with legal obligations.
We do not use your personal data for advertising, profiling, or behavioral targeting, and we do not sell your personal data.
5. Third-Party Service Providers
To deliver the App's functionality, we share specific data with the following processors. Each provider is bound by its own terms and privacy commitments and processes your data only for the purposes described.
| Provider | Purpose | Data shared |
|---|---|---|
| Amazon Web Services (AWS) — Cognito, Lambda, DynamoDB, S3, SQS | Authentication, backend processing, storage of user records and generated audio | Email, password hash, user ID, prompts, generated audio files, generation metadata |
| Anthropic (Claude API) | Generation of ASMR scripts from your prompts | The text of your prompt and contextual data required for generation |
| Fish Audio | Text-to-speech synthesis of generated scripts | The script text produced from your prompt |
| RevenueCat | Subscription and in-app purchase management | An anonymized user identifier and subscription/purchase status (no payment card data) |
| Google Play Billing | Payment processing for in-app purchases and subscriptions | Payment and billing information you provide to Google |
We may also disclose information when required by law, legal process, or a valid governmental request, or where necessary to protect the rights, property, or safety of Murmo, its users, or the public.
6. Data Storage and International Transfers
Murmo's backend is hosted in the United States (AWS US East region). If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States and in any other country where our service providers operate. By using the App, you acknowledge this transfer.
For users located in the European Economic Area (EEA) or the United Kingdom, transfers of personal data outside those jurisdictions are made under appropriate safeguards, such as the European Commission's Standard Contractual Clauses, where applicable.
7. Data Retention
- Active accounts: we retain your account data, prompts, generated audio, and metadata for as long as your account remains active.
- Account deletion: when you delete your account, we delete your associated personal data from our active production systems within 30 days.
- Backups: residual copies may persist in encrypted backup systems for up to 90 days after deletion, after which they are overwritten or removed in the ordinary course.
- Legal retention: we may retain limited information for longer where required to comply with legal, accounting, or regulatory obligations, or to resolve disputes and enforce agreements.
8. Security
We use commercially reasonable technical and organizational measures to protect your data, including transport encryption (HTTPS/TLS), encryption at rest for stored audio and database records, hashed passwords, multi-factor authentication on administrative accounts, and least-privilege access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your Rights
9.1 General rights
Regardless of where you live, you can:
- Access the personal data associated with your account.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Export a copy of your data in a portable format.
To exercise any of these rights, contact us at the email listed in the "Contact Us" section. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on your request.
9.2 European Economic Area, United Kingdom, and Switzerland (GDPR)
If you are located in the EEA, the UK, or Switzerland, you have additional rights under the General Data Protection Regulation and equivalent local laws, including:
- The right to restrict or object to processing of your personal data.
- The right to withdraw consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- The right to lodge a complaint with your local supervisory authority.
Our legal bases for processing personal data are: performance of a contract (to provide the App you have signed up for), consent (where you have given it), our legitimate interests (such as securing the service and preventing abuse), and compliance with legal obligations.
9.3 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what categories of personal information we collect, use, and disclose.
- Request access to and deletion of your personal information.
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information.
- Limit the use of sensitive personal information.
- Be free from discrimination for exercising your rights.
Murmo does not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.
10. Children's Privacy
The App is intended for adults aged 18 and older. It is not directed to children, and we do not knowingly collect personal information from anyone under the age of 13 (in line with the U.S. Children's Online Privacy Protection Act) or under the age of 16 (in line with the GDPR's child-consent threshold in many EU member states). If you believe that a child has provided us with personal information, please contact us, and we will delete the information promptly upon verification.
11. Account Deletion
You can request deletion of your account at any time by contacting us at the email below. Upon deletion, your authentication records, prompts, generated audio, and associated metadata will be removed from our active systems within 30 days, subject to the backup retention window described in Section 7. Subscription records may be retained where required for tax, accounting, or legal compliance.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App, by email, or by another reasonable means before the changes take effect. The "Effective date" at the top of this page indicates when the current version became effective. Continued use of the App after the effective date of an updated policy constitutes acceptance of the changes.
13. Contact Us
If you have questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us:
Email: privacy@murmo.app
Subject line: Privacy Request