Data & Privacy — api.mutual.ai

Full transparency and control over what we store about you and your API usage.

What we store

Account data (email, display name, billing info) is kept until account deletion. API key hashes — never plaintext — are retained until revocation plus 90 days. Request logs (prompts, responses, parameters, costs) are kept for 90 days by default. Detected principles persist until you delete them. Aggregated analytics (no prompt content) are retained for 12 months.

Privacy controls

Toggle prompt storage on or off. When off, logs record metadata only (endpoint, cost, duration) but never prompt or response content — useful when processing sensitive data (medical, legal, financial). Control whether anonymized usage patterns contribute to service improvement. Enable end-user data isolation to scope and delete data per end-user identity.

Export & deletion

Export all your stored data as a ZIP of JSON files. Delete request logs or stored principles selectively. Request full account deletion — a 30-day grace period lets you reactivate if needed, after which all data is permanently removed.

Compliance

GDPR compliance, data processing agreement (DPA) download, SOC2 status, and data residency options. Everything you need to confidently answer "what does mutual.ai store about my users?" when integrating the API into products that handle sensitive data.