Legal

The paperwork, in plain sight.

Every document starts with a plain-words summary, then the full text. Questions about any of it: hello@macromuffin.ai.

Data & AI

Last updated: 3 July 2026 · A plain-English statement; the Privacy policy and DPA are the binding documents

In plain words

  • On Pro and Studio, you can run AI on your own provider keys.
  • We don’t use your work to train our own models.
  • Every AI decision is logged so both you and regulators can see exactly what happened.

Which models do the work

Macromuffin routes each task to a model tier suited to its stakes: routine work runs on fast, inexpensive models; high-stakes work (regulatory writing, sensitive code) runs on stronger ones. On Pro and Studio you can bring your own model API keys, and those requests run on your own provider account at your provider’s prices. Your keys are envelope-encrypted per business, never logged in plaintext, and revocable in one click.

Where it happens

AI processing is carried out by third-party model providers, which may be located in the United States or other countries. A per-business choice of processing region is planned but not available in this version; where processing happens outside the UK/EEA, we rely on the transfer safeguards set out in our Privacy policy and DPA.

Training

We don’t use your content or your customers’ data to train our own models. AI processing is performed by third-party providers under their own terms, which govern how they handle the requests we send.

The trail

Every agent decision is logged with its model, tier, cost, data provenance, and the exact change made, and you can read it in plain English or full technical detail inside the product. This per-decision logging is also our foundation for EU AI Act technical documentation (Annex IV): a documentation stub ships at launch, and the full Annex IV programme will be operational before 2 August 2026, when the relevant obligations begin.

Human control

Public or money-moving actions wait for your approval by default; autonomy is granted by you, per category, and is always revocable. Statutory filings and sensitive code paths require your explicit confirmation no matter what. Reversible autonomous actions carry rollback records.

Security, briefly

AES-256 at rest, TLS 1.3 in transit, a single gated and logged pathway for every external action, browser automation only on properties you’ve authorised, full export and deletion from Settings → Data. SOC 2 Type II is targeted post-launch. Sub-processor list: /legal/subprocessors.