Policy

Privacy Policy

Last updated: 2026-05-04

1. What We Collect

• API-key account metadata - anonymous account id, token hash, and account wallet address.
• Funding metadata - deposit wallet destination, provider session identifiers, amounts, transaction ids, status changes, and timestamps.
• File metadata - filename if provided, MIME type, size, SHA-256 hash, storage key, expiry, and renewal count.
• Operational logs - request timestamps, IP addresses, user agents, and error reports for security and debugging.

2. What We Do Not Collect

We do not scan or index file contents. We do not retain raw payment cards, bank details, or provider KYC documents. Funding providers handle payment and identity data directly. We do not sell your data.

3. Processors

• Coinbase and Stripe - USDC funding, card or bank processing, KYC, receipts, refunds, and disputes where available.
• AWS - compute, object storage, DNS, and edge delivery.
• Neon - managed Postgres database for account, file, and billing records.

4. File Contents

Files are stored encrypted at rest in AWS S3. Access is scoped to your API-key account. Files are deleted from storage at the end of their retention window, after which we cannot recover them.

5. Account Token

Your local account token is a secret. We store only a hash of it. If the token is lost, recovery is manual and may require matching deposit or funding provider metadata.

6. Your Rights

You can delete individual files through the MCP delete tool. You can request export or deletion of account-level metadata by emailing hello@munition.io.

7. International Transfers

The Service operates from AWS us-east-1. By using it, you consent to transfer of data to the United States.

8. Contact

Privacy questions: hello@munition.io.