Privacy Policy
Last updated January 3, 2025
Overview
This Privacy Policy (“Policy”) describes how Musubi, Inc. (“Musubi,” “we” or “us”) collects, uses, discloses, and otherwise processes the personal information when you visit our websites or the associated services or tools.
As a service provider and processor, Musubi provides software that assists online and social media businesses (our “Customers”) in content moderation decisions, as well as support for that software.
This policy does not apply to the “content” that is processed, stored, or hosted by our customers using Musubi Services for automated content moderation, fraud prevention, and/or other related purposes. This policy also does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy notice.
We receive and store personal information through Musubi API endpoints, through the Musubi Website (the “Website”) and through Musubi Admin Tools (the “Admin Tools”) passively or when you make inquiries about Musubi products or services. We do not collect Special Category or Sensitive Data through our Website except to the limited extent that it may be necessary in the context of online job applications.
In this Policy, “End Users” refers to individuals who use the platforms of Musubi’s customers and whose data is processed by Musubi on behalf of these customers. “Direct Users” are individuals who interact directly with Musubi, such as through our website or tools, and provide their personal information directly to us.
If you are a resident of California, please also refer to the CCPA Addendum (below). If you are a resident of the European Union, please also refer to the GDPR Addendum (below).
Children
We do not knowingly collect any personal information from children under the age of 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with personal information, we will delete it in accordance with applicable law.
In the event that we learn that we have collected personal data from an individual under age 13, we will use commercially reasonable efforts to delete that information from our database. Please contact us if you have any concerns. If you are a parent or guardian and you are aware that your child has provided personal data to the Services, please contact us so that we may remove such data.
Personal Information We Collect
We collect information that identifies, describes, or can reasonably be associated with you (“Personal Information”). Personal Information does not include publicly available information in government records or any data that has been deidentified, aggregated, or otherwise anonymized. Here are examples of the personal information we collect.
Examples of personal information about End Users to provide auto-moderation services:
- recently uploaded images / photos / videos
- text like username, title, profile description, tags
- account details like join date, number of posts, preferences, email address
- recent messages, posts, other written content
- recent actions: liking, blocking, and similar
- network and device info: IP Addresses, device info, phone #, coarse location information
- moderation and report records pertaining to the user on the platform
- risk scores: internal or external risk scores and related signals
Examples of personal information about Direct Users:
- Name;
- Contact information and communication details;
- Business job title, responsibilities, department and organization;
- Financial information if needed to take payment or fulfill contractual obligations or for related purposes, which we may share with our billing provider;
- If you have a Musubi account, we add any purchase information we collect, including details of the purchase and your business address, to your online account information.
Auto-moderation in Customer Environments
In some cases, the software runs in Customer environments, and may process Personal Information about their end users (“End Users”). In these instances, Musubi does not transmit, receive, or hold any End User Personal Information in its own servers. As the Customer runs the software, it processes End User data, and uses data for the purposes of detecting fraud and community guidelines violations. Musubi Software may transmit aggregated or anonymized data to our servers for the purpose of providing and improving our services. Examples are overall usage statistics for our software, error messages for troubleshooting, and patterns of fraudulent activity. Musubi does not have access to information collected by our Customers, except approved employees may access this data for troubleshooting, support, development, and improvement of its software only within the confines of a Customer cloud environment. Employee access is governed by our access policy, and employees are trained in security and privacy best practices before they have access.
Auto-moderation in Musubi’s Environment
In other cases, the software is hosted and operated within Musubi’s infrastructure. In this deployment model, Musubi ingests End User Personal Information from the Customer via an API or Admin Tool. This data may be used to train or fine-tune machine learning models and/or generate moderation predictions, which are then transmitted back to the Customer via an API or Admin Tool.
Musubi stores End User data on its servers only for the purposes of training, testing, and improving its machine learning models and moderation capabilities. This data may include usage data and patterns of fraudulent activity but is not retained beyond the time necessary to achieve these purposes. Aggregated and anonymized data may also be generated and stored for the ongoing improvement of Musubi’s services, such as identifying trends in fraudulent behavior or enhancing prediction accuracy.
Access to this data is limited to approved Musubi employees, who may access it for troubleshooting, support, and software development purposes. All access is governed by Musubi’s access policy and is monitored to ensure compliance with security and privacy best practices, including SOC2 standards. Employees receive comprehensive training in these best practices prior to being granted access to End User data.
Notwithstanding the foregoing, Musubi may store and process End User data on its servers for up to 30 days, or as specified in the contract with each Customer, to provide and improve its services. For more details, please see the Data Processing Addendum below.
Visiting Our Site or Admin Tools
If you are a Direct User, the Personal Information we have collected directly from you may include:
Identifiers
We collect your IP address, device ID, and other online identifiers;
Internet or Network Activity Information
We collect your history of interactions with our website, including domain name, page views, a date/time stamp, browser type, device type, internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information; Geolocation Information. We may be able to infer your general location based on your IP address; and Audio, Electronic, and Similar Information.
We use this information to help us run our site securely and enable basic functions like page loading or navigation. Some cookies we use help us analyze how you interact with our site, including which items you may view or consider. This data enables us to improve our site’s look, feel, and performance. For more information, see our Cookie Policy (below).
The chat feature of our website may be provided by a person or an AI agent. We recommend that you avoid adding Personal Information to this feature except as necessary. Any Personal Information you provide in chat will be handled according to this Privacy Policy’s section on Contacting Customer Service.
Contacting Customer Service
If you contact customer service for questions, comments, or feedback, we collect the following Personal Information:
- Identifiers. This includes your name and contact information, which may be your email address and/or phone number depending on whether you contact us online or over the phone;
- Commercial Information. This includes your order history if you made a purchase;
- Audio, Electronic, and Similar Information. We collect voice and video recordings if you call us or send us video content;
- Employment Information. If you are a Customer, we may collect the name of your employer and your job title; and
- Other Information You Provide. We collect your comments and other details about your request for customer support.
We use this information to respond to your request for customer support. We take your comments and feedback seriously and may use this information to improve our quality assurance and training.
Making a Purchase
If you purchase any of our services, we may collect the following Personal Information to process your payments and fulfill your orders:
- Personal Identifiers. This includes your name, phone number, email address, and mailing address;
- Commercial Information. This includes transaction information and your order history;
- Financial Information. This includes your payment method and billing address; and
- Company Information. If you are a Customer, we may collect the name of your company, job title and contact information.
Joining our Mailing List
If you join our mailing list, we collect your email address from you to provide you with information about products, events, or promotional opportunities that may interest you. You can unsubscribe by clicking the “Unsubscribe” link at the bottom of any email.
Interacting with Us on Social Media
If you follow or friend us on any social networking platforms, such as X, Facebook, LinkedIn, and Instagram, both Musubi and/or the social media platform may collect Personal Information about you, including:
- Personal Identifiers. This includes the username or handle you use for that social media platform;
- Content You Post. We may collect content you share or post on our pages or threads; and
- Social Media Contacts. Depending on your privacy settings, we may collect your contacts, followers, or friends on that social media platform.
We use the information we receive through social media to enhance our social media presence, improve our products, and deliver relevant information about promotional opportunities, marketing materials, or other incentives. We do not control and are not responsible for how social media platforms use the information they may collect about you when you use social media. Instead, you should look to the social media platform’s privacy policy and terms to understand their practices or control your choices.
Special note about Personal Information collected when you apply for employment
You may submit Personal Information through our Website to be considered for employment. Such data includes your name, your address, your phone number, your email address, job preferences, experience, desired salary, relocation preferences, work authorization, security clearance, education, job skills and other information contained on your resume or curriculum vitae. Musubi uses this information solely for consideration of your candidacy for employment, to communicate with you, and to generate related correspondence, including offer letters and employment agreements. This data may also be used, subject to applicable local laws, to conduct necessary background checks for compliance and other employment related purposes. Finally, Musubi retains such data as legally permitted, such as when necessary to address your employment interest or otherwise process your application.
Special note about Personal Information our Customers provide about their End Users for troubleshooting and customer support
We rely on our Customers to inform their End Users about Personal Information shared with us. This information may be in the form of a help desk ticket or other identifiers necessary to troubleshoot an issue in our system. It can include information like a Customer-specific Unique Identifier, a name, email address, IP address, phone number or other contact info, and a customer support conversation history describing the issue. We retain this information long enough to be sure the issue is resolved and then we delete it. We do not share it with third parties. Please refer to our Customer’s Privacy Policy and you may also refer to our Data Processing Addendum (below) for more information.
How We Use Your Personal Information
We collect and process Personal Information for the purposes and on the legal bases identified below.
For End Users or Direct Users, we use this information in order to:
- Provide direct Musubi Services: We process Personal Information provided by Customers to enable auto-moderation services. For example, a combination of message content, geolocation, and account age may be used to flag an account as fraudulent by a trained machine learning model. In other cases, a piece of content may be compared to a pre-defined content policy to determine if it complies with that policy by a Large Language Model (LLM);
- Provide the administration of Musubi Services: We base our processing of your Personal Information on contracts and our legitimate interests to operate and administer the Musubi Services. For example, to process transactions with you, authenticate you when you log in, provide customer support, allow you to share knowledge about the Musubi Services with us and our support community, and operate and maintain the Musubi Services;
- Promote the security of the Musubi Services: We process your Personal Information by tracking use of the Musubi Services, creating aggregated, non-personal information, verifying accounts and activity, monitoring suspicious or fraudulent activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest and as required by law and our contracts with Customers in promoting the safety and security of the Musubi Services, systems, and applications and in protecting our rights and the rights of others;
- To improve and develop the Musubi Services: We use your Personal Information to identify trends, usage, activity patterns, and areas for integration and improvement of the Musubi Services so that we continually improve the Musubi Services, including adding new features or capabilities that make the Musubi Services smarter, faster, secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Musubi Services, as described in our contracts, or where we seek your consent;
- To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use Personal Information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business; and
- With your consent: We use Personal Information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Musubi Services with your permission.
Only for Direct Users, we may also use your information in order to:
- To communicate with you about the Musubi Services: We may send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to perform our contracts and in reliance on our legitimate interests in administering the Musubi Services. These communications are considered part of the Musubi Services and in most cases you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings;
- Send you marketing communications: We will process your personal information to send you marketing information, product recommendations, events, promotions, contests, and other non-transactional communications (e.g., emails, telemarketing calls, SMS or push notifications) about us in accordance with your marketing preferences and to the extent you have provided your prior consent;
How We Share Personal Information
If you are either an End User or a Direct User, we may share Personal Information we collect for the purposes described below:
- Services and Support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
- Analytics and Improvement. To better understand how you access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations, to develop services and features, and for internal quality control and training purposes.
- In Support of Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or as part of a financing, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain Personal Information as necessary prior to the completion of such a transfer, such as to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for the transfer.
- Compliance, Governance, and Legal Requirements. We may disclose information to comply with legal obligations and respond to legal processes and related proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. We may also disclose information, including Personal Information, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
- Security and Protection of Rights. To protect the Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; to protect our rights, those of stakeholders and any third party; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.
We may disclose and make available Personal Information, for the purposes described above, to the following parties:
- Vendors and Service Providers. We may disclose Personal Information we collect to our service providers, processors, agents, and others who perform functions on our behalf. These vendors may include, for example, analytics providers, marketing firms, data processing services, consultants, payment processors, auditors, and legal counsel.
- Others as Permitted by Applicable Law. We may also disclose Personal Information to third parties to the extent required by applicable law and legal or contractual obligations. This may include regulators, government entities, law enforcement as required by law or legal process, as well as potential and actual acquirors, business partners or financiers and their employees, representatives, and counsel. We may also disclose Personal Information to lenders, auditors, and third-party advisors, including attorneys and consultants.
Third-Party Data Sharing and Legal Obligations
In addition to the privacy commitments we make to users, these service providers have their own legal obligations to maintain the privacy of your personal information. In general, the following entities are third parties with whom we share personal information in the ordinary course of business:
We may also share personal data with unlisted third parties for the purposes of delivering services, marketing, security, product development and process improvement. We may also share personal information with law enforcement, government agencies and parties to legal proceedings, but only when we have received a lawful request for personal information that cannot be declined.
Cookies and Tracking Technologies
Please review our Cookie Notice.
Retention of Your Personal Information
We maintain Personal Information only as long as necessary, for the purpose or purposes (i) for which it was collected; (ii) of performing or fulfilling contractual obligations; (iii) of complying with law; and/or (iv) of responding to legal actions.
Your Rights
Consistent with applicable law, you may exercise the rights described in this section. Please note that some of the rights may vary depending on your country, province, or state of residence.
The Right to Opt Out of Cookies and Sale/Sharing Using Online Tracking Technologies
Our use of online tracking technologies on our website may be considered a “sale” / “sharing” under applicable law. This could include basic Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity, Geolocation Data, and Commercial Data.
- If we are sharing any of this information with third parties, visitors to our website can opt out of being tracked by these third parties by clicking the cookie banner at the bottom of our website and selecting their preferences.
- If we use any targeted advertising, Residents of Colorado, Connecticut, and Virginia can opt out targeted advertising by clicking the cookie banner at the bottom of our website and selecting the appropriate preferences.
- Categories of third parties to whom Personal Information was disclosed that may be considered “sale”/ “sharing” include advertisers and marketing partners, data analytics providers, and social media networks.
The Right to Accessing, Correcting, and Deleting Personal Information
You may have the right to request access to and receive details about the Personal Information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your Personal Information.
You may submit a request by contacting privacy@musubilabs.ai.
If Services are hosted by Musubi on behalf of our Customers, we will comply with deletion requests submitted to Customers.
Appealing Requests
If you are a Colorado, Connecticut, or Virginia resident, you may appeal our decision to your request regarding your Personal Information. To do so, please contact us at privacy@musubilabs.ai. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
Identity Verification
For us to process some requests, we will need to verify your identity to confirm that the request came from you. We may contact you by phone or e-mail to verify your request. Depending on your request, we will ask for information such as your name, an e-mail address, or a phone number.
Authorized Agent
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access or delete your Personal Information. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
If you have been designated as an authorized agent to submit a request on behalf of another customer, you must make the appropriate selection when you submit a Request.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to this Policy
We may revise this Policy from time to time as necessary to ensure it is accurate, complete and up-to-date. Notice of the revised policy will be provided by its posting to our Website. The revised version will indicate its effective date. Whenever you visit our Website we recommend you check the effective date to determine if the posted version has been changed since you last visited.
Links to Other Websites
We may link to third-party sites and services, or otherwise display third-party content through our Website. When you link to another website, you are subject to that website’s privacy and data collection policies and practices. We have no responsibility or liability for these independent policies or actions and are not responsible for the privacy practices or the content of any such websites. Please note that these other sites may place their own cookies, collect data, or solicit Personal Information, and we encourage you to review their policies before engaging with these third-party sites.
How to Contact Us
If you have any questions about this Privacy Policy or our Service, please contact us at privacy@musubilabs.ai.
CCPA ADDENDUM
With regard to data collected via the Website and the Admin tools, you and Musubi both agree to do our respective parts to comply with the California Consumer Privacy Act (CCPA) and its regulations, consistent with our role as a “service provider” or a “business”, and not as a “third party”, with regard to such data, as such terms are defined in the CCPA.
Cooperation
Whenever it is feasible and legal to do so, both Musubi and You will give the other prompt notice of user rights requests, regulatory inquiries, and other communications under the California Consumer Privacy Act. Both sides agree to cooperate in good faith to respond to and honor such communications, and to meet other obligations under the California Consumer Privacy Act.
Prohibitions
Musubi may not:
- sell personal information collected from consumers covered by the CCPA disclosed to Musubi
- retain, use, or disclose such information (i) for any purpose other than for Musubi’s business operations, or (ii) outside of the direct business relationship between Musubi’s business customers and Musubi
- retain, use, or disclose such information for any purpose other than for the specific purpose of performing Musubi’s business; or retaining, using, or disclosing such information for a commercial purpose other than providing services as a service provider
- combine such personal information received from or on behalf of Musubi with such personal information received from or on behalf of any third party, or collected from Musubi’s customers’ own interaction with individuals or data subjects, except to perform a valid business purpose that is permitted by the CCPA
Certification
Musubi understands the restrictions in Prohibitions and will comply with them.
Minimization
Both You and Musubi agree to limit use of personal information covered by the CCPA to that reasonably necessary and proportionate to achieve the purpose of the Terms of Service, consistent with the meaning of “business purpose” under that law.
Subcontracting
Musubi agrees to ensure that each subcontractor that processes Your information covered by the California Consumer Privacy Act will also qualify as a “service provider”, and not as a “third party”, under that law.
Personal Information
Of the following categories of personal information:
- identifiers (such as contact information, government IDs, cookies, etc.),
- information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information),
- protected classification information (like race, gender, ethnicity, etc.),
- other information, including commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information, education information, biometrics, and inferences from the foregoing;
Musubi has collected and used for a business purpose such data within the last 12 months. Musubi has not sold any such data within the last 12 months, as of the date of this agreement. Musubi has disclosed such data as follows:
Direct Users
End Users
Musubi does not use or disclose sensitive Personal Information for purposes other than those permitted by law.
“Shine the Light” Law
We acknowledge that California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what Personal Information is disclosed to third parties for direct marketing purposes in the preceding calendar year. Musubi does not, without your consent, distribute your Personal Information that it collects to outside parties for their direct marketing, or any other purpose, except as provided for in this Policy.
Previously Submitted Information
To request access or changes to information previously submitted, please contact us at the address provided above (under the “How to Contact Us” heading).
Conflicts
If the terms of this addendum conflict with terms of the Terms of Service or Privacy Policy, the terms of this addendum take precedence.
GDPR / EU DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) supplements the Terms of Service and Privacy Policy (above), as updated from time to time.
Roles
Musubi is a processor and Musubi’s customers are controllers of the personal data contained within data submitted to Musubi by its customers, when such customers are acting as data controllers, including any special categories of personal data or sensitive data defined under law. Musubi may also be a controller with regard to information collected on its website.
When acting as a data processor, Musubi will only carry out instructions as permitted by the relevant data controller. If Musubi engages any sub-processors, Musubi will obtain written authorization from the data controller and ensure that the relevant data is protected by the same data protection obligations as used by Musubi.
Transferring Your data outside of the EU
The data mentioned in this document will be stored in the United States. We use Amazon Web Services, which is based in the US. Amazon is certified under the EU–US Data Privacy Framework. We may also use Google Cloud Platform. Google is certified under the EU–US Data Privacy Framework.
Your Rights as a Data Subject
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
You have a right to be informed about the processing of your personal data (and if you did not give it to us, information as to the source). This document provides that information, and you may contact us for additional information.
Right to rectification
With regard to data collected by Musubi, You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. The accuracy of your information is important to us. If you do not want us to use your Personal Information in the manner set out in this Privacy Policy, or need to advise us of any changes to your personal information, or would like any more information about the way in which we collect and use your Personal Information, please contact us at the above details.
With regard to data submitted to Musubi by a relevant data controller, You may make such requests as provided above to the relevant data controller.
Right to erasure (right to be ‘forgotten’)
With regard to data collected by Musubi, You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
- We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defense of legal claims.
With regard to data submitted to Musubi by a relevant data controller, You may make such requests as provided above to the relevant data controller.
Right to restrict processing and right to object to processing
With regard to data collected by Musubi, You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defense of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
With regard to data submitted to Musubi by a relevant data controller, You may make such requests as provided above to the relevant data controller.
Contact
The identity and contact details of the organization, its representative, and its Data Protection Officer are as follows: privacy@musubilabs.ai
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
Where any automated decision-making takes place, you have the right to express your point of view and to contest the decision with the respective data controller, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
- you have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.
Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our Services or as part of a contractual relationship we may have with you.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office in your jurisdiction.
DATA PROCESSING ADDENDUM
Musubi respects your privacy. Musubi provides a suite of digital trust and safety products and services (the “Musubi Services”) designed to help online and social media businesses (our “Customers”) automate content moderation and fraud prevention on their digital properties, such as their websites and mobile applications (“Customer Sites”).
In somecases, Customers self-host the software and Musubi does not have access to information collected by our Customers, except approved employees may access this data for troubleshooting, support, development, and improvement of its software only within the confines of a Customer cloud environment. Employee access is governed by our access policy, and employees are trained in security and privacy best practices before they have access.
In other cases, the software is hosted and operated within Musubi’s infrastructure. In this deployment model, Musubi ingests End User Personal Information from the Customer via an API. Musubi stores End User data on its servers no longer than 30 days for the purposes of training, testing, and improving its machine learning models and moderation capabilities. Such data is subject to this Data Processing Addendum (“DPA”).
Data Processing
Scope and Roles
This DPA applies when Customer Data is processed by Musubi. In this context, Musubi will act as processor to Customer, who can act either as controller or processor of Customer Data.
Customer Controls
If Musubi becomes aware that Customer Data is inaccurate or outdated, it will inform Customer without undue delay. Musubi will cooperate with Customer to erase or rectify inaccurate or outdated Customer Data.
Details of Data Processing
- Subject matter. The subject matter of the data processing under this DPA is Customer Data.
- Duration. The duration of the data processing will be no longer than is necessary for the purpose, as reasonably determined by Musubi from time to time. End User data is not stored for longer than 30 days.
- Purpose. The purpose of the data processing under this DPA is the direct delivery and/or enhancement of Musubi’s services. This may include training machine learning models and/or generating moderation predictions.
- Nature of the processing. Compute, storage and such other Services as determined by Musubi from time to time.
- Type of Customer Data. Customer Data uploaded to the Services under Customer’s Musubi accounts.
- Categories of data subjects. The data subjects may include Customer’s End Users.
Compliance with Laws
Each party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this DPA, including Applicable Data Protection Law.
Confidentiality of Customer Data
Musubi will not access or use, or disclose to any third party, any Customer Data, except, in each case, as necessary to maintain or provide the Services as described above, or as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). If a governmental body sends Musubi a demand for Customer Data, Musubi will attempt to redirect the governmental body to request that data directly from Customer. As part of this effort, Musubi may provide Customer’s basic contact information to the governmental body. If compelled to disclose Customer Data to a governmental body, then Musubi will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Musubi is legally prohibited from doing so.
Confidentiality Obligations of Musubi Personnel
Musubi restricts its personnel from processing Customer Data without authorization by Musubi. Musubi imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security.
Security of Data Processing
- Musubi has implemented and will maintain technical and organizational measures for the Musubi’s Services.
- Customer can elect to implement technical and organizational measures to protect Customer Data.
Sub-processing
Authorized Sub-processors
At least 30 days before Musubi engages a Sub-processor, Musubi will update the applicable website and provide Customer with a mechanism to obtain notice of that update.
Sub-processor Obligations
Where Musubi authorizes a Sub-processor as described in Section 6.1:
- Musubi will restrict the Sub-processor’s access to Customer Data only to what is necessary to provide or maintain the Services in accordance with the Documentation, and Musubi will prohibit the Sub-processor from accessing Customer Data for any other purpose;
- Musubi will enter into a written agreement with the Sub-processor and, to the extent that the Sub-processor performs the same data processing services provided by Musubi under this DPA, Musubi will impose on the Sub-processor the same contractual obligations that Musubi has under this DPA; and
- Musubi will remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Musubi to breach any of Musubi’s obligations under this DPA.
Musubi Assistance with Data Subject Requests
If a data subject makes a request to Musubi, Musubi will promptly forward such request to Customer once Musubi has identified that the request is from a data subject for whom Customer is responsible.
Security Incident Notification
Security Incident
Musubi will (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident, and (b) take appropriate measures to address the Security Incident, including measures to mitigate any adverse effects resulting from the Security Incident.
Musubi Assistance
To enable Customer to notify a Security Incident to supervisory authorities or data subjects (as applicable), Musubi will cooperate with and assist Customer by including in the notification under Section 9.1(a) such information about the Security Incident as Musubi is able to disclose to Customer, taking into account the nature of the processing, the information available to Musubi, and any restrictions on disclosing the information, such as confidentiality.
Unsuccessful Security Incidents
- An unsuccessful Security Incident will not be subject to this Section 7. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of Musubi’s equipment or facilities storing Customer Data, and could include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents; and
- Musubi’s obligation to report or respond to a Security Incident is not and will not be construed as an acknowledgement by Musubi of any fault or liability of Musubi with respect to the Security Incident.
Communication
Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means Musubi selects, including via email.
Notification Obligations
If Musubi notifies Customer of a Security Incident, or Customer otherwise becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data, Customer will be responsible for (a) determining if there is any resulting notification or other obligation under Applicable Data Protection Law and (b) taking necessary action to comply with those obligations.
Transfers of Personal Data
Regions
Musubi will not transfer Customer Data from the geographical region where such data is stored, except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or valid and binding order of a governmental body.
Application of Standard Contractual Clauses
Subject to Section 12.3, the Standard Contractual Clauses will only apply to Customer Data subject to the GDPR that is transferred, either directly or via onward transfer, to any Third Country (each a “Data Transfer”).
- When Customer is acting as a controller, the Controller-to-Processor Clauses will apply to a Data Transfer.
- When Customer is acting as a processor, the Processor-to-Processor Clauses will apply to a Data Transfer. Taking into account the nature of the processing, Customer agrees that it is unlikely that Musubi will know the identity of Customer’s controllers because Musubi has no direct relationship with Customer’s controllers and therefore, Customer will fulfil Musubi’s obligations to Customer’s controllers under the Processor-to-Processor Clauses.
Alternative Transfer Mechanism
The Standard Contractual Clauses will not apply to a Data Transfer if Musubi has adopted Binding Corporate Rules for Processors or an alternative recognized compliance standard for lawful Data Transfers.
Return or Deletion of Customer Data
Musubi will return or delete Customer Data when Customer requests such return or deletion.
Definitions
Unless otherwise defined in the Agreement, all capitalized terms used in this DPA will have the meanings given to them below:
“Applicable Data Protection Law” means all laws and regulations applicable to and binding on the processing of Customer Data by a party, including, as
“Binding Corporate Rules” has the meaning given to it in the GDPR.
“controller” has the meaning given to it in the GDPR.
“Controller-to-Processor Clauses” means the standard contractual clauses between controllers and processors for Data Transfers, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
“Customer Data” means the Personal Data that is uploaded to the Services under Customer’s Musubi accounts.
“EEA” means the European Economic Area.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” means personal data, personal information, personally identifiable information or other equivalent term (each as defined in Applicable Data Protection Law).
“processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” will be interpreted accordingly.
“processor” has the meaning given to it in the GDPR.
“Processor-to-Processor Clauses” means the standard contractual clauses between processors for Data Transfers, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
“Security Incident” means a breach of Musubi’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.
“Standard Contractual Clauses” means (i) the Controller-to-Processor Clauses, or (ii) the Processor- to-Processor Clauses, as applicable in accordance with Sections 12.2.1 and 12.2.2.
“Third Country” means a country outside the EEA not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR).