Mutiny Privacy Policy
Last Updated: April 7, 2026
This Privacy Policy ("Policy") describes how Mutiny HQ Corporation ("Mutiny," "we," "us," or "our") collects, uses, discloses, and protects information in connection with your use of the Mutiny website (https://www.mutinyhq.com), the Mutiny platform and its AI-powered features, and related services (collectively, the "Services"). In this Policy, "Personal Information" means any information relating to an identified or identifiable individual.
By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use the Services.
1. PERSONAL INFORMATION WE COLLECT
We collect Personal Information from you directly, from third parties, and automatically through your use of the Services.
Information You Provide Directly
Account and Contact Information: When you register for an Account, we collect your name, email address, company name, job title, and other registration details.
Profile Data: Username, password, and other information you add to your profile or Account.
Payment Information: If you subscribe to a paid plan, we collect billing information (including credit card details) through our third-party payment processor. We do not store complete payment card numbers.
Customer Content: Brand assets, CRM data, prompts, files, images, and other materials you upload or submit to the Services to generate content.
Communications: When you contact us via email, support chat, or other channels, we collect your contact details and the content of your message.
Surveys and Research: If you respond to optional surveys, provide product feedback, or participate in user research, we collect the information you provide in that context.
Information from Connected Services
CRM and Integration Data: When you authorize connections to third-party services (such as Salesforce, HubSpot, LinkedIn, or other CRM, sales engagement, or data enrichment platforms), Mutiny may access and process data from those services as necessary to provide personalization and content generation features. This data may include account information, contact details, opportunity data, and other business data accessible through those services' APIs.
Account Intelligence Data: To enable account intelligence features, Mutiny may process information about target companies and contacts, which may include firmographic data, intent signals, and publicly available information sourced from third-party data providers.
Visitor Tracking Data: If you deploy Mutiny websites or use Mutiny's website personalization features, Mutiny's technology may collect information about visitors to those pages, including IP addresses, firmographic data identified through IP resolution (such as company name and industry), page interaction data, and session duration.
Information Collected Automatically
Usage and Log Data: We automatically collect technical information when you use the Services, including: IP address; browser type and version; operating system; device identifiers; pages visited; features used; time and date of access; and referring URLs.
Cookies and Tracking Technologies: We use cookies and similar technologies as described in Section 5 of this Policy.
Generated Output Data: Metadata and usage patterns relating to your use of AI Features and Generated Output (in de-identified and aggregated form).
Behavioral and Cross-Site Data: We and our third-party analytics providers may collect information about your interactions with the Services to understand usage and improve functionality. We do not engage in cross-site tracking for third-party advertising purposes unless explicitly disclosed and subject to applicable consent requirements.
Information from Third Parties
We may receive information about you or your company from third-party sources, such as business data providers, marketing data enrichment services, and publicly available sources, to supplement account information, improve personalization, and enhance our ability to provide the Services. This may include company name, industry, company size, technology stack, funding information, and business contact information.
2. HOW WE USE PERSONAL INFORMATION
We use Personal Information for the following purposes:
Providing and Operating the Services
Creating and managing Accounts;
Processing transactions and sending related notices;
Providing customer support and responding to inquiries;
Hosting and delivering Mutiny websites on behalf of Customers;
Processing inputs through AI systems to generate content and outputs as part of the Services;
Enabling integrations with Connected Services and personalizing content based on connected data.
Improving and Developing the Services
Analyzing usage trends and patterns to improve functionality and user experience;
Developing new features and services;
Training and improving Mutiny's AI models using de-identified and aggregated data (see Section 3 for details);
Conducting internal research and analytics.
Communications
Sending service-related communications, such as account notifications, technical updates, and security alerts;
Sending marketing communications about products, features, and events that may interest you (you can opt out at any time — see Section 6).
Safety, Security, and Compliance
Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues;
Enforcing our Terms of Service and other agreements;
Complying with legal obligations, legal process, and government requests.
Other Purposes
As described to you at the time information is collected, where we provide additional notice of a specific purpose;
For any other purpose with your consent.
3. AI, MODEL TRAINING, AND DE-IDENTIFIED DATA
Use of AI Systems
The Services use artificial intelligence systems, including large language models provided by Mutiny and third-party AI providers (including OpenAI and Anthropic), to generate content and other outputs based on Customer inputs. By using the Services, you consent to this processing. A list of our current third-party AI sub-processors is available at www.mutinyhq.com/dpa.
Model Training and Service Improvement
Mutiny may use de-identified and aggregated data derived from Customer Content and use of the Services to improve and develop the Services and AI systems. This may include user prompts, inputs, and outputs that have been processed to remove or mask identifiable Personal Information. Mutiny does not use Personal Information such as names, email addresses, contact data, or call recordings to train its AI models. De-identification is performed using measures designed to ensure that the data cannot reasonably be used to identify an individual, directly or indirectly. Customers may opt out of the use of their data for service improvement by contacting us at privacy@mutinyhq.com or as otherwise specified in an applicable agreement. Certain enterprise customers may have additional contractual restrictions as set forth in their Order or Data Processing Addendum.
De-Identified and Aggregated Data
We may create de-identified and aggregated data from Personal Information and other data we collect. De-identification is performed such that the resulting data cannot reasonably be used to identify any individual. Once de-identified and aggregated, this data is no longer Personal Information, and we may use it for any lawful business purpose, including analytics, benchmarking, research, and service improvement.
4. HOW WE SHARE PERSONAL INFORMATION
We do not sell Personal Information. We share Personal Information only in the following circumstances:
Affiliates. We may share Personal Information with our subsidiaries and affiliates for purposes consistent with this Policy.
Service Providers. We share Personal Information with third-party service providers who perform services on our behalf, such as cloud hosting, payment processing, analytics, email delivery, customer support, and data enrichment. These providers are contractually obligated to use Personal Information only as necessary to provide their services to us and may not use it for their own purposes.
AI Sub-Processors. As described in Section 3, Customer inputs and related data may be processed by third-party AI providers to deliver the Services. A list of our current AI sub-processors is available at www.mutinyhq.com/dpa.
Connected Service Providers. When you authorize integrations, information is shared with Connected Services as necessary to enable the integration, subject to those services' own privacy policies.
Business Partners. We may share information with partners with whom we jointly offer products or services. Any such sharing will be subject to contractual data protection obligations consistent with this Policy.
Legal and Safety. We may disclose Personal Information if we reasonably believe disclosure is necessary to: (i) comply with applicable law, regulation, or legal process; (ii) protect the rights, property, or safety of Mutiny, our customers, or others; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) enforce our agreements.
Business Transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Information may be transferred as part of such transaction. We will notify you of any such change in ownership or control of your Personal Information.
With Your Consent. We may share Personal Information with third parties when you have provided your consent to do so.
De-Identified and Aggregated Data. We may disclose de-identified and aggregated data that cannot reasonably be used to identify any individual without restriction. See Section 3 for details on how we create and use such data.
Other Disclosures. We may also share Personal Information as described to you at the time of collection, or for any other purpose with your prior consent.
5. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar technologies (including pixel tags, local storage, and web beacons) to operate the Services, remember your preferences, understand usage, and support analytics.
Essential Cookies. Required for the Services to function, including authentication, security, and access control.
Analytics Cookies. Help us understand how the Services are used so we can improve them. We may use third-party analytics providers such as Google Analytics. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
Functional Cookies. Enable enhanced features and personalization, such as remembering your settings and preferences.
Marketing Cookies. Used to deliver relevant advertising and track the effectiveness of marketing campaigns.
Cookie Choices. Most browsers allow you to manage cookie preferences through browser settings. Please note that disabling certain cookies may affect the functionality of the Services.
Do Not Track. We do not currently respond to "Do Not Track" signals from web browsers, but we do honor Global Privacy Control (GPC) signals where applicable.
Where required by applicable law, we obtain your consent before placing non-essential cookies or using tracking technologies. You may manage your cookie preferences through your browser settings or any consent management tools we make available.
6. YOUR RIGHTS AND CHOICES
Depending on your location and applicable law, you may have some or all of the following rights regarding your Personal Information:
Access and Portability. Request confirmation of whether we process your Personal Information, obtain a copy of it, or receive it in a portable format.
Correction. Request correction of inaccurate or incomplete Personal Information.
Deletion. Request deletion of your Personal Information, subject to certain legal exceptions (for example, where we need to retain data to comply with a legal obligation).
Restriction and Objection. Request that we restrict processing of your Personal Information, or object to certain types of processing based on legitimate interests.
Opt Out of Model Training. Opt out of having your data used for AI model improvement by contacting us.
Marketing Opt-Out. Unsubscribe from marketing emails using the link provided in each email. You will continue to receive transactional and service-related communications.
Global Privacy Control. We honor Opt-Out Preference Signals, including GPC signals, where applicable. You will need to enable GPC for each browser or extension you use.
You will not be discriminated against for exercising your rights. To exercise any of these rights, contact us at privacy@mutinyhq.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law.
7. DATA RETENTION
We retain Personal Information for as long as your Account is active or as needed to provide the Services, and thereafter as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Account Information. Retained for the duration of your Account and for a reasonable period thereafter for legal, tax, and audit purposes.
Customer Content. Retained while your Account is active. Upon Account deletion, Customer Content is deleted within thirty (30) days, except that backup copies may persist for up to ninety (90) days before permanent deletion in accordance with our backup and disaster recovery processes.
Usage and Log Data. Retained for twelve (12) months for analytics and security purposes.
De-Identified and Aggregated Data. May be retained indefinitely, as it can no longer be associated with any individual.
Customers may request data export for up to thirty (30) days following account termination by contacting support@mutinyhq.com.
8. INFORMATION SECURITY
We maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Personal Information from unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit (TLS/SSL) and at rest, role-based access controls, and security monitoring.
No system is completely secure, and we cannot guarantee absolute security. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure resulting from circumstances beyond our reasonable control. You are responsible for maintaining the security of your Account credentials. In the event of a data breach that affects your Personal Information, we will notify affected individuals in accordance with applicable law and our internal incident response procedures.
9. INTERNATIONAL DATA TRANSFERS
The Services are hosted in the United States. If you are located outside the United States, your Personal Information may be transferred to and processed in the United States or other countries where Mutiny or its service providers operate. These jurisdictions may have different data protection laws than your own.
Where required by applicable law, we implement appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses adopted by the European Commission. For more information about the safeguards we use, please contact us at privacy@mutinyhq.com.
10. LEGAL BASES FOR PROCESSING (EEA/UK/SWITZERLAND)
Where we act as a controller of Personal Information of individuals in the EEA, UK, or Switzerland, we process Personal Information under the following legal bases:
Contract. Where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract.
Legitimate Interests. Where processing is necessary for our legitimate interests (or those of a third party), including improving the Services, analytics, fraud prevention, and security, and where those interests are not overridden by your rights and freedoms.
Consent. Where you have given us specific, informed consent to process your Personal Information for particular purposes (e.g., marketing communications, model training).
Legal Obligation. Where processing is necessary to comply with a legal obligation.
11. SPECIAL CATEGORY DATA
We do not intend to collect Special Category Data (as defined under GDPR), which includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, or data concerning health or a person's sex life or sexual orientation. Please refrain from submitting any such data through the Services.
12. CHILDREN'S PRIVACY
The Services are not directed to children under the age of 18. We do not knowingly collect Personal Information from children. If we become aware that we have collected Personal Information from a child under the age of 18, we will take steps to delete such information and terminate the associated Account. If you believe a child has provided us with Personal Information, please contact us at privacy@mutinyhq.com.
13. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
Right to Know. The right to know what categories and specific pieces of Personal Information we have collected about you, the sources, the business or commercial purposes, and the categories of third parties with whom we share it.
Right to Delete. The right to request deletion of your Personal Information, subject to certain exceptions.
Right to Correct. The right to request correction of inaccurate Personal Information.
Right to Opt-Out. The right to opt out of the "sale" or "sharing" of Personal Information. Mutiny does not sell Personal Information for monetary consideration. To the extent any disclosure could constitute a "share" under CCPA/CPRA, you may opt out by contacting us.
Right to Non-Discrimination. The right not to be discriminated against for exercising your privacy rights.
Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes that would require an opt-out under CCPA/CPRA.
Categories of Personal Information Collected (Past 12 Months): Identifiers (name, email, IP address); commercial information (purchase history); internet or electronic network activity information; professional or employment-related information; and inferences drawn from the above.
To exercise your California privacy rights, contact us at privacy@mutinyhq.com.
13.2 OTHER US STATE PRIVACY RIGHTS
Residents of certain US states have additional privacy rights under their applicable state laws. These rights are not absolute and may be subject to exceptions permitted by law. If you reside in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the following rights, to the extent provided by your state’s law:
Right to know whether we are processing your Personal Information;
Right to access and obtain a copy of your Personal Information;
Right to correct inaccuracies in your Personal Information;
Right to request deletion of your Personal Information;
Right to opt out of the sale of Personal Information, targeted advertising, or profiling that produces legal or similarly significant effects; and
Right to non-discrimination for exercising your rights.
Residents of Minnesota and Oregon may additionally request a list of specific third parties to whom we have disclosed Personal Information. Residents of Minnesota may also request information about how their Personal Information has been used in profiling. To exercise any of these rights, please contact us at privacy@mutinyhq.com. We will respond within the timeframes required by your state’s applicable law.
Nevada. Nevada residents may submit a request to opt out of the sale of Personal Information under Nevada Revised Statutes Chapter 603A by contacting us at privacy@mutinyhq.com. We do not currently sell Personal Information in a manner that triggers the opt-out requirements of that statute.
14. EUROPEAN PRIVACY RIGHTS (GDPR/UK GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the GDPR or equivalent local law, including those described in Section 6. In addition:
Data Controller. Mutiny is the data controller for Personal Information processed in connection with the Services.
Supervisory Authority. If you believe our processing of your Personal Information violates applicable law, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns directly.
15. THIRD-PARTY SERVICES
The Services may contain links to or integrate with third-party websites and services. Any information you provide to third-party services is subject to their own privacy policies. We encourage you to review the privacy policies of any third-party services before providing them with information. We are not responsible for the privacy practices of third parties.
16. CHANGES TO THIS PRIVACY POLICY
We may update this Policy from time to time. For material changes, we will notify you by posting the updated policy on our website and, where required, by email or through the Services. The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Services after any changes take effect constitutes your acceptance of the updated Policy.
17. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:
MUTINY HQ CORPORATION
50 W 17th St, FL 11
New York, NY 10010
Email: privacy@mutinyhq.com
Website: https://www.mutinyhq.com/privacy
Please allow a reasonable time for us to respond to your inquiry. We will respond to verifiable data subject requests within the timeframes required by applicable law.