Legal

Legal.

Our terms, privacy practices, and acceptable use policies.

Effective date: March 9, 2026 Last updated: April 11, 2026

1. Agreement to Terms

By downloading, installing, accessing, or using Mulu Code (the "Service"), you ("you", "your", or "User") agree to be legally bound by these Terms of Service ("Terms"), our Privacy Policy, and our Acceptable Use Policy, all of which are incorporated herein by reference. If you do not agree to all of these Terms, you must not access or use the Service.

Mulu Code is operated by Mulu Code LLC ("Company", "we", "us", "our"), a Michigan limited liability company. Our contact address for legal matters is hi@mulucode.dev. These Terms constitute a legally binding agreement between you and the Company. By using the Service, you represent and warrant that you have the legal capacity and authority to enter into this agreement.

PLEASE READ THESE TERMS CAREFULLY. THEY CONTAIN AN ARBITRATION AGREEMENT AND CLASS ACTION WAIVER THAT AFFECT YOUR LEGAL RIGHTS (SEE SECTION 18).

2. Eligibility

You must be at least 18 years of age (or the age of majority in your jurisdiction, whichever is greater) to use the Service. By using the Service, you represent and warrant that you meet this age requirement. If you are using the Service on behalf of a company, organization, or other entity, you represent and warrant that you have the authority to bind that entity to these Terms, and "you" shall refer to such entity.

We reserve the right to request proof of age or identity at any time and to refuse service to anyone who cannot verify eligibility.

3. Description of Service

Mulu Code is a desktop application that enables users to build and deploy web applications using voice input, plain English instructions, and AI-powered code generation. The Service includes, but is not limited to:

A desktop application for Windows, macOS, and Linux
A command-line interface (CLI) for terminal-based development
Access to multiple AI models (including Claude, GPT, Gemini, and Mulu-branded models) for code generation and assistance
Cloud hosting, database, authentication, and storage services ("your chosen services")
Voice input capabilities
Built-in security scanning, code verification, and indexing tools
Project management features including kanban boards and task tracking

The Service is provided on an "as-is" and "as-available" basis. We make no guarantee that any particular feature, functionality, or integration will remain available, unchanged, or compatible with your specific use case at any time.

4. Modifications to Terms and Service

We reserve the right, at our sole discretion, to modify, amend, or replace these Terms at any time. We will provide notice of material changes at least 30 days before they take effect by posting the updated Terms on our website and/or via in-app notification or email. The "Last updated" date at the top of these Terms indicates when the latest revisions were made.

Your continued use of the Service after any changes to these Terms constitutes your acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Service immediately.

We also reserve the right to modify, suspend, discontinue, or restrict access to all or any part of the Service at any time, with or without notice, for any reason or no reason, without liability to you or any third party. This includes, without limitation, changes to features, functionality, pricing, availability, system requirements, supported platforms, third-party integrations, and AI model availability.

5. Account Registration and Security

To access certain features, you must create an account. You agree to:

Provide accurate, current, and complete registration information
Maintain and promptly update your account information
Keep your password secure and confidential
Accept responsibility for all activities that occur under your account
Immediately notify us of any unauthorized use of your account or any other security breach

You may not share your account with any other person or allow others to access the Service using your credentials. You may not create multiple accounts to circumvent limitations, bans, or restrictions. We reserve the right to disable, suspend, or terminate any account at any time, for any reason, including but not limited to violation of these Terms.

We are not liable for any loss or damage arising from your failure to maintain the security of your account.

6. Pricing, Payment, and Billing

The Service is offered in multiple paid tiers starting at $20 per month (Starter). Each plan includes a monthly usage credit allowance. Additional usage beyond included credits is billed separately through a prepaid wallet system ("Usage Credits"). Full tier details, including features, storage limits, and credit amounts, are available on the Pricing page.

Payments are processed through Stripe. By providing payment information, you authorize us to charge the applicable fees to your designated payment method. You are responsible for all charges incurred under your account, including applicable taxes.

Automatic Renewal: Your subscription automatically renews each billing cycle (monthly) at the then-current price until you cancel. During signup, you will be asked to separately and expressly consent to automatic renewal billing, including the renewal price and billing frequency, before your subscription begins. We will send you a reminder of your auto-renewal terms, including the current price and instructions for cancellation, at least annually and before any price increase takes effect. If we increase the subscription price, you will be notified at least 30 days in advance and given the option to cancel before the new price applies. You may cancel at any time through your account settings at mulucode.dev/dashboard, and your access will continue through the end of your current paid billing period. Cancellation is available through the same medium used to subscribe (online).

Payment Failure: If your payment method is declined, we will attempt to process the charge up to 3 times over 7 days. During this grace period, your access to the Service continues. If payment cannot be collected after the grace period, your account will be downgraded and cloud-hosted apps may be suspended until payment is resolved.

All fees are non-refundable except where required by applicable law. We do not provide refunds or credits for partial months of service, unused usage credits, unused storage, or unused features. Wallet balances and prepaid credits are non-refundable and non-transferable. For users in the European Economic Area, you may have a 14-day cooling-off period for new subscriptions; by using the Service immediately after subscribing, you expressly consent to waive this right.

We reserve the right to change our pricing, fees, and billing practices at any time upon 30 days' prior notice via email and/or in-app notification. Continued use of the Service after a price change constitutes acceptance of the new pricing. If you do not agree to the new pricing, you must cancel your subscription before the change takes effect.

7. Your Content and Intellectual Property

You retain all ownership rights to the code, files, applications, and other content you create using the Service ("User Content"). We do not claim any ownership over your User Content.

By using the Service, you grant us a limited, non-exclusive, worldwide, royalty-free license to process, store, transmit, and display your User Content solely as necessary to provide the Service to you. This license terminates when you delete your content or close your account, except for reasonable backup copies and as required by law.

You are solely responsible for your User Content and any consequences of creating, sharing, or deploying it. You represent and warrant that you have all rights, licenses, and permissions necessary to grant us the above license and that your User Content does not violate any third party's rights.

AI-Generated Code: Code generated by AI models through the Service is provided for your use. However, AI-generated code may inadvertently reproduce patterns found in the AI model's training data. You are solely responsible for reviewing, testing, verifying, and ensuring that all code you use or deploy complies with applicable laws and does not infringe any third-party intellectual property rights. We make no representations or warranties regarding the originality, accuracy, security, or fitness of AI-generated code for any particular purpose.

Copyright Uncertainty: Under current U.S. Copyright Office guidance, works generated entirely by AI without meaningful human creative input may not be eligible for copyright protection. You should be aware that purely AI-generated code or content may have limited or no copyright protection. We recommend exercising meaningful creative direction, selection, and arrangement of AI-generated output and consulting with a qualified attorney if copyright protection is important to your use case. We do not provide indemnification for intellectual property infringement claims arising from AI-generated output.

8. Cloud Hosting and Deployment

your chosen services allows you to deploy web applications to our hosting infrastructure. You agree that:

You are solely responsible for the content, functionality, and legality of applications you deploy
Deployed applications must comply with our Acceptable Use Policy at all times
We may remove, disable, or restrict access to any deployed application at any time if it violates our policies, causes excessive resource consumption, poses security risks, or for any other reason at our sole discretion
We do not guarantee any specific uptime, performance, or availability for deployed applications
You are responsible for running the built-in security scanner before deploying and for addressing any identified vulnerabilities

We reserve the right to set and enforce resource limits, including but not limited to bandwidth, storage, database size, compute time, and concurrent connections, at any time with or without prior notice.

9. Prohibited Uses

You agree not to use the Service to:

Violate any applicable law, regulation, or third-party right
Create, host, or distribute malware, exploits, phishing pages, or any other malicious content
Circumvent or attempt to circumvent any security measures, access controls, rate limits, usage restrictions, or content moderation systems
Access or attempt to access accounts, data, or systems not belonging to you
Reverse engineer, decompile, disassemble, or attempt to derive the source code of the Service, except as permitted by applicable law
Use the Service for competitive analysis, benchmarking, or to build a competing product without our prior written consent
Resell, redistribute, sublicense, or provide access to the Service to third parties
Scrape, crawl, or harvest data from the Service through automated means
Use the Service in any way that could damage, disable, overburden, or impair the Service or interfere with other users' access
Create, deploy, or host any content prohibited under our Acceptable Use Policy
Submit, upload, or include sensitive personal information (including but not limited to government-issued ID numbers, health or medical records, financial account numbers, payment card data, biometric data, passwords, API keys, or other credentials) in AI prompts, code, or any content transmitted to the Service. You assume full responsibility for any sensitive data you submit

Violations may result in immediate termination of your account and forfeiture of any prepaid credits.

10. AI Model Usage

The Service routes AI requests through OpenRouter, a third-party AI model gateway, to access models from providers including Anthropic, OpenAI, Google, xAI, NVIDIA, MiniMax, Moonshot, Zhipu, DeepSeek, Kwaipilot, Alibaba (Qwen, served from Singapore/China — disclosed as a non-US exception), and others. Mulu intends to route restricted models only through approved US-based inference providers where supported; some models may be unavailable under that policy. You acknowledge and agree that:

AI outputs are generated by third-party models and may contain errors, inaccuracies, biases, or harmful content
You are solely responsible for reviewing, testing, verifying, and validating all AI-generated output before use or deployment
We do not guarantee the accuracy, completeness, reliability, security, or suitability of any AI-generated content
AI model availability, performance, capabilities, and pricing may change at any time without notice as they are dependent on third-party providers
Your use of AI models is subject to the respective providers' terms of service and acceptable use policies in addition to ours
We may log AI interactions for billing, abuse prevention, debugging, and service improvement purposes
We do not use your code, prompts, or AI interactions to train AI models. However, third-party AI providers may process your data according to their own policies
Mulu-branded models (such as "Mulu Agent 1") may utilize one or more third-party AI providers to deliver results. The specific provider used may vary based on request characteristics to optimize performance. We reserve the right to change, update, or substitute the underlying provider(s) at any time without notice

Your use of AI models is also governed by each provider's own terms. You are responsible for reviewing and complying with the applicable provider's usage policies.

11. Privacy

Your use of the Service is also governed by our Privacy Policy, which describes how we collect, use, store, and share your information. By using the Service, you consent to our data practices as described in the Privacy Policy.

12. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. WE SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

WE DO NOT WARRANT THAT (A) THE SERVICE WILL BE UNINTERRUPTED, SECURE, ERROR-FREE, OR FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTS; (B) ANY DEFECTS WILL BE CORRECTED; (C) THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS; (D) AI-GENERATED CODE OR CONTENT WILL BE ACCURATE, COMPLETE, ORIGINAL, NON-INFRINGING, OR SUITABLE FOR ANY PURPOSE; OR (E) THE RESULTS OBTAINED FROM THE SERVICE WILL BE ACCURATE, RELIABLE, OR SUITABLE FOR YOUR NEEDS.

YOU USE THE SERVICE AT YOUR OWN RISK. WE ARE NOT RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM, LOSS OF DATA, OR OTHER HARM THAT RESULTS FROM YOUR USE OF THE SERVICE.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOST PROFITS, LOST DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, COMPUTER FAILURE OR MALFUNCTION, WORK STOPPAGE, OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU HAVE PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100).

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES, SO SOME OR ALL OF THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU.

14. Indemnification

To the extent permitted by applicable law, you agree to indemnify, defend, and hold harmless the Company and its affiliates, directors, officers, employees, agents, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising from or relating to: (a) your User Content; (b) your willful violation of these Terms or applicable law; (c) your violation of any third-party right, including any intellectual property, privacy, or publicity right; (d) any applications you deploy through your chosen services that cause harm to third parties; or (e) your use of the Service in a manner not authorized by these Terms.

This indemnification obligation does not apply to damages arising from our gross negligence, willful misconduct, or breach of our own obligations under these Terms. For consumers residing in the European Economic Area, United Kingdom, or Switzerland, this indemnification obligation applies only to the extent permitted by the mandatory consumer protection laws of your jurisdiction.

15. Termination

Termination by Us for Cause: We may suspend or terminate your access to the Service immediately, without prior notice, if you engage in any of the following: (a) material breach of these Terms, the Privacy Policy, or the Acceptable Use Policy; (b) illegal activity; (c) activity that poses a security risk to the Service or other users; or (d) non-payment after the grace period described in Section 6.

Termination by Us for Non-Material Breach: For non-material breaches, we will provide you with written notice and a 14-day cure period to remedy the breach before suspending or terminating your account.

Termination by Us Without Cause: We may terminate your account without cause upon 30 days' prior written notice. In this case, we will provide a pro-rata refund of any prepaid subscription fees for the unused portion of your billing period and refund any remaining wallet balance, less any outstanding charges.

Upon termination for cause:

Your right to use the Service ceases immediately
We will retain your data for 30 days to allow you to export your User Content, after which we may delete your account, data, deployed applications, and User Content
All provisions of these Terms that by their nature should survive termination shall survive, including without limitation: ownership, warranty disclaimers, limitation of liability, indemnification, and dispute resolution
Prepaid credits and wallet balances may be forfeited in cases of serious or willful policy violations. For other terminations, remaining wallet balances will be refunded less any outstanding charges

You may terminate your account at any time through your account settings at mulucode.dev/dashboard or by contacting us at hi@mulucode.dev. Upon voluntary termination, your access continues through the end of your current paid billing period. No refunds will be provided for partial billing periods, but remaining wallet balances will be refunded less any outstanding charges.

16. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Michigan, United States, without regard to its conflict of law principles. Any legal action or proceeding arising under these Terms shall be brought exclusively in the federal or state courts located in Michigan, and you consent to the personal jurisdiction and venue of such courts.

EEA, UK, and Swiss Consumers: If you are a consumer residing in the European Economic Area, United Kingdom, or Switzerland, nothing in these Terms shall deprive you of the protection afforded by the mandatory consumer protection laws of your country of residence. You retain the right to bring legal proceedings in the courts of your country of residence. Any mandatory provisions of local law that cannot be waived by contract shall apply regardless of the governing law chosen above.

17. Copyright and DMCA Policy

We respect the intellectual property rights of others and expect our users to do the same. If you believe that content hosted on or accessible through the Service infringes your copyright, you may submit a takedown notice to our designated DMCA agent at hi@mulucode.dev containing:

Identification of the copyrighted work you claim has been infringed
Identification of the material you claim is infringing, with enough detail for us to locate it
Your contact information (name, address, phone number, email)
A statement that you have a good-faith belief that the use is not authorized by the copyright owner, its agent, or the law
A statement, under penalty of perjury, that the information in the notice is accurate and that you are the copyright owner or authorized to act on their behalf
Your physical or electronic signature

Counter-Notification: If you believe your content was removed in error, you may submit a counter-notification with your contact information, identification of the removed material, a statement under penalty of perjury that removal was a mistake, and consent to jurisdiction. We will forward counter-notifications to the original complainant.

Repeat Infringers: We will terminate the accounts of users who are repeat infringers in appropriate circumstances.

18. Dispute Resolution and Arbitration

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT.

You and the Company agree that any dispute, claim, or controversy arising out of or relating to these Terms or the Service (collectively, "Disputes") will be resolved through binding individual arbitration rather than in court, except that: (a) either party may seek injunctive or equitable relief in court for intellectual property infringement or misappropriation; and (b) either party may bring an individual action in small claims court for disputes within that court's jurisdictional limits.

CLASS ACTION WAIVER: YOU AND THE COMPANY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. Unless both you and the Company agree otherwise, the arbitrator may not consolidate or join more than one person's or party's claims.

Arbitration will be administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. The arbitration will take place in Michigan or at another mutually agreed location. The arbitrator's decision will be final and binding.

30-Day Opt-Out: You may opt out of this arbitration agreement by sending written notice to hi@mulucode.dev within 30 days of first accepting these Terms. If you opt out, you and the Company agree to submit to the exclusive jurisdiction of the courts in Michigan.

International Users: This arbitration agreement and class action waiver do not apply to consumers residing in the European Economic Area, United Kingdom, or Switzerland, where mandatory consumer protection laws prohibit such provisions. If you are a consumer in these jurisdictions, disputes will be resolved in the courts of your country of residence in accordance with applicable local law. For EU consumers, you may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

19. General Provisions

Entire Agreement: These Terms, together with the Privacy Policy and Acceptable Use Policy, constitute the entire agreement between you and the Company regarding the Service and supersede all prior agreements and understandings.

Severability: If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

Waiver: Our failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision.

Assignment: You may not assign or transfer these Terms or your rights under these Terms without our prior written consent. We may assign these Terms without restriction.

Force Majeure: We shall not be liable for any failure or delay in performance resulting from causes beyond our reasonable control, including but not limited to acts of God, war, terrorism, pandemic, labor disputes, government actions, power failures, internet disturbances, or third-party service provider failures.

Notices: We may send you notices via email to the address associated with your account, via in-app notification, or by posting to our website. You may send notices to us at hi@mulucode.dev.

20. Accessibility

We are committed to making the Service accessible to all users, including those with disabilities. We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards and applicable accessibility laws, including the Americans with Disabilities Act (ADA) and the European Accessibility Act (EAA). If you experience any accessibility barriers when using the Service, please contact us at hi@mulucode.dev so we can work to address the issue.

21. Contact

Questions about these Terms? Contact us at:

Email: hi@mulucode.dev
Web: mulucode.dev/contact

Effective date: March 9, 2026 Last updated: March 29, 2026

Overview

Mulu Code LLC ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share information when you use our desktop application, CLI, cloud services, and website (collectively, the "Service"). We are committed to collecting only the minimum amount of personal data necessary to provide the Service (data minimization).

Data Controller: For the purposes of the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and applicable data protection laws, the data controller is Mulu Code LLC, reachable at hi@mulucode.dev.

By using the Service, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, you must not use the Service.

1. Information We Collect

Information You Provide

Account Information: Email address, name, password (hashed), and payment information when you register
User Content: Code, files, prompts, voice inputs, and other content you create or upload through the Service
Communications: Messages you send to us through support, feedback, or contact forms
Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)

Information Collected Automatically

Usage Data: Features used, AI model usage, session duration, error logs, crash reports, and performance metrics
Device Information: Operating system, app version, device type, and screen resolution
AI Interaction Data: Prompts, responses, model selections, and token usage for billing and service improvement
Cloud Deployment Data: Deployment logs, resource usage, and application performance metrics

2. How We Use Your Information

We use collected information to:

Provide, maintain, and improve the Service
Process payments and manage your subscription and wallet
Respond to your requests, questions, and support inquiries
Monitor and analyze usage patterns and trends to improve user experience
Detect, investigate, and prevent fraud, abuse, security incidents, and Terms violations
Send you technical notices, security alerts, support messages, and administrative communications
Enforce our Terms of Service, Acceptable Use Policy, and other policies
Comply with legal obligations and respond to lawful requests from public authorities

3. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the EU General Data Protection Regulation (GDPR) and/or the UK General Data Protection Regulation (UK GDPR) on the following legal bases:

Contract Performance: Processing necessary to provide the Service you signed up for, including account management, payment processing, AI model access, cloud hosting, and customer support
Legitimate Interests: Processing for our legitimate business interests, including service improvement, analytics, fraud and abuse prevention, security monitoring, and debugging, where those interests are not overridden by your rights
Consent: Processing based on your explicit consent, including optional voice input processing and marketing communications. You may withdraw consent at any time by contacting us at hi@mulucode.dev
Legal Obligation: Processing necessary to comply with applicable laws, such as tax record retention and responding to lawful government requests

4. AI Data Processing

When you use AI features:

Your prompts and relevant code context are sent to third-party AI providers through our secure proxy
We log AI interactions for billing, abuse prevention, debugging, and service improvement
Third-party AI providers may process your data according to their own privacy policies and data processing agreements
We do not use your code or prompts to train AI models
Voice inputs are processed by Deepgram for speech-to-text conversion. Text-to-speech output is generated by Cartesia

You should not include sensitive personal information, passwords, API keys, secrets, or confidential business data in AI prompts or code submitted to the Service.

Voice Data and Consent

Voice input is an optional feature that requires your explicit consent before activation. When you enable voice input:

Your voice is recorded from your device microphone and streamed in real-time to Deepgram's servers for speech-to-text conversion
Voice data is classified as personal data under GDPR and may be classified as biometric data in certain jurisdictions (e.g., Illinois under BIPA)
We do not create voiceprints or use voice data for speaker identification
Voice recordings are processed in real-time and are not stored by us after conversion to text. Deepgram's own data retention policies apply during processing
The resulting text transcription is processed like any other text input to the Service
You may disable voice input at any time through the Service settings, which immediately stops all voice data collection

By enabling voice input, you expressly consent to the recording and processing of your voice as described above. If you are in a jurisdiction that requires all-party consent for recording (such as California, Florida, or Illinois), you are responsible for ensuring all parties are aware of and consent to the recording when using voice features in shared or multi-party settings.

5. Local-First Architecture

Mulu Code is designed with a local-first approach:

Your projects and code are stored locally on your device by default
Cloud sync is opt-in and only activated when you choose to deploy or enable sync features
Certain features (authentication, billing, deployment, cloud storage) require server communication
Local data is encrypted using AES-256-GCM with keys managed by your operating system's secure storage (Keychain on macOS, DPAPI on Windows, libsecret on Linux)

6. Data Sharing

We share your information only in the following circumstances:

AI Providers: Prompts and code context sent through our proxy for AI processing
Payment Processor: Stripe for payment processing and subscription management
Infrastructure Providers: Supabase (authentication, database), Cloudflare (CDN, security, API proxy), Vercel (cloud API hosting)
Voice Processing: Deepgram for speech-to-text conversion; Cartesia for text-to-speech synthesis
Error Tracking: Sentry for crash reporting, error monitoring, and performance diagnostics
Legal Compliance: When required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
Business Transfer: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets

We do not sell your personal information to third parties. We do not share your information for advertising purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption in transit (TLS 1.3) and at rest (AES-256-GCM for local data)
Secure API proxy to prevent direct exposure of API keys
Regular security assessments and vulnerability scanning
Access controls and authentication for all internal systems
Row-level security (RLS) policies in our database

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms
Notify affected users without undue delay when the breach is likely to result in a high risk to your rights and freedoms, via email and/or in-app notification
Provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach
Comply with all applicable state, federal, and international data breach notification laws, including state-specific notification timelines where they are shorter than 72 hours
Document all breaches, including those that do not require notification, as part of our internal records

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion:

Account data (email, name, preferences): deleted within 30 days
AI interaction logs (prompts, responses): anonymized or deleted within 90 days
Voice recordings: processed in real-time for speech-to-text and not stored by us after conversion. Deepgram's retention policies apply during processing
Billing and transaction records: retained for 7 years as required by applicable tax and financial regulations
Deployment and usage logs: retained for 12 months for debugging and service improvement, then deleted
Security and abuse logs: retained for up to 24 months for fraud prevention and legal compliance
We may retain certain data beyond these periods as required by law, to resolve disputes, or to enforce our agreements

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Data Portability: Request your data in a structured, commonly used, machine-readable format
Objection: Object to certain processing of your personal information
Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at hi@mulucode.dev. We will respond within 30 days (or as required by applicable law). Where technically feasible, we also provide in-app controls for managing your privacy preferences, including the ability to withdraw consent for optional data processing (such as voice input and analytics).

Data Portability Format: When you request a copy of your data, we will provide it in a structured, commonly used, machine-readable format (JSON or CSV), or another format upon reasonable request.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it was shared
Right to Delete: You may request deletion of your personal information, subject to certain exceptions
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (such as account credentials) as necessary to provide the Service

In the preceding 12 months, we have collected the following categories of personal information: identifiers (email, name), commercial information (purchase history, wallet balance), internet activity (usage logs, AI interactions), and geolocation data (approximate, from IP address). These categories are shared with the service providers listed in Section 6 solely to provide the Service.

Global Privacy Control (GPC): We honor Global Privacy Control (GPC) signals sent by your browser. When we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of your personal information, as required by the CCPA/CPRA and other applicable state privacy laws.

EEA, UK, and Swiss Residents

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law. You can find your relevant supervisory authority at edpb.europa.eu (EEA) or ico.org.uk (UK). EU consumers may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the primary safeguard mechanism, supplemented by additional technical and organizational measures where appropriate. Copies of the applicable transfer mechanisms are available upon request at hi@mulucode.dev.

Our primary service providers and their data processing locations include: Supabase (United States), Cloudflare (global CDN with regional processing), Stripe (United States), Deepgram (United States), Cartesia (United States), Sentry (United States), and Vercel (United States). Third-party AI providers may process data in various locations according to their own policies.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

12. Cookies and Tracking Technologies

Our website (mulucode.dev) may use cookies and similar tracking technologies. The desktop application uses local storage for preferences and session management.

Essential Cookies: Required for authentication, security, and basic site functionality. These are strictly necessary and do not require consent
Analytics Cookies: We may use anonymized usage analytics to understand how users interact with the Service. These cookies are only set after you provide explicit consent. You can change your preferences at any time
Local Storage: The desktop app stores preferences, session tokens, and cached data locally on your device using your operating system's secure storage

We do not use third-party advertising cookies or tracking pixels. We do not engage in cross-site tracking or behavioral advertising.

13. Children's Privacy

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have collected information from someone under 18, please contact us at hi@mulucode.dev.

14. Automated Decision-Making

We use automated decision-making technology for the following purposes:

Billing and usage metering: AI token usage is automatically tracked and billed to your wallet. Data used: API call metadata, token counts, model selection, timestamps. Impact: determines charges deducted from your wallet balance
Abuse detection: Automated systems may flag or restrict accounts exhibiting patterns of abuse, fraud, or policy violations. Data used: usage patterns, request frequency, content flags, IP address, account history. Impact: may result in temporary throttling, warnings, or account suspension pending human review
Content moderation: AI provider safety filters automatically screen inputs and outputs. Data used: text content of prompts and responses. Impact: certain prompts or outputs may be blocked or filtered by the AI provider

You have the right to request human review of any automated decision that significantly affects you. Contact us at hi@mulucode.dev to request a review. We will respond within 15 business days.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes at least 30 days before they take effect by posting the updated policy on our website, via in-app notification, or by email. The "Last updated" date indicates when the latest revisions were made. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

16. Contact Us

For privacy-related questions, concerns, or requests, contact us at:

Email: hi@mulucode.dev
Web: mulucode.dev/contact

Effective date: March 9, 2026 Last updated: March 29, 2026

Overview

This Acceptable Use Policy ("AUP") governs your use of the Mulu Code application, your chosen services hosting, and all related services operated by Mulu Code LLC (collectively, the "Service"). This AUP is incorporated into and forms part of our Terms of Service. It applies to all users and all content created, deployed, hosted, or transmitted through the Service.

Violations of this AUP may result in immediate suspension or permanent termination of your account, removal of your content, and forfeiture of any prepaid credits or fees, at our sole discretion, with or without prior notice. We may also report violations to law enforcement where appropriate.

1. Prohibited Content

You may not use Mulu Code or your chosen services to create, host, store, transmit, or distribute any of the following:

Illegal content: Any content that violates applicable federal, state, local, or international laws or regulations, including but not limited to child sexual abuse material (CSAM), illegal gambling, controlled substance sales, human trafficking, or content that facilitates any illegal activity
Malware and exploits: Viruses, ransomware, spyware, adware, trojans, worms, rootkits, keyloggers, phishing pages, credential harvesters, botnets, DDoS tools, or any software, code, or tools designed or used for unauthorized access to, or disruption of, computer systems, networks, or data
Harassment and abuse: Content that threatens, harasses, bullies, stalks, intimidates, doxxes, or incites violence, hatred, or discrimination against individuals or groups based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, age, or any other protected characteristic
Fraud and deception: Scams, ponzi schemes, pyramid schemes, fake storefronts, deceptive applications, impersonation sites, or any content designed to defraud, mislead, or deceive users
Intellectual property violations: Content that infringes upon copyrights, trademarks, patents, trade secrets, or other intellectual property rights of third parties, including unauthorized distribution of copyrighted materials
Spam and bulk messaging: Applications designed primarily to send unsolicited messages, manipulate search rankings, generate fake reviews, or conduct any form of spam
Adult content: Pornographic material, sexually explicit content, or content that exploits minors in any way
Dangerous activities: Content that promotes or provides instructions for creating weapons, explosives, drugs, or engaging in self-harm or terrorism
Privacy violations: Content that collects, stores, or shares personal information without consent, or applications designed to surveil, track, or monitor individuals without their knowledge and consent

2. Prohibited Uses of AI Features

When using AI features in Mulu Code, you may not:

Attempt to generate malicious code, exploits, vulnerabilities, or any code intended for unauthorized access or harm
Use AI to generate content that impersonates real people without their explicit consent
Circumvent, bypass, or disable AI safety filters, content moderation systems, or usage restrictions
Use AI-generated content to create or spread misinformation, disinformation, deepfakes, or propaganda
Automate the creation of deceptive, harmful, or misleading content at scale
Use AI to generate content that violates any applicable law or regulation
Resell, redistribute, or sublicense AI-generated output as a competing AI service
Use prompt injection techniques or adversarial inputs to manipulate AI models into producing harmful output

3. Resource Limits and Fair Use

All plans are paid subscriptions (Starter at $20/month, Pro at $60/month, Power at $100/month, and Max from $200/month). Each plan includes a monthly allotment of usage credits plus a uniform set of cloud resources and features. The size of the credit allotment is the primary difference between tiers. The Power plan is restricted to Mulu-branded models only. Current tier details (feature lists, specific cloud resource allocations, and credit amounts) are maintained on the Pricing page and may be updated from time to time.

You may not attempt to circumvent these limits through technical means, including but not limited to creating multiple accounts, manipulating API calls, or exploiting system vulnerabilities. Excessive or abusive resource consumption that impacts other users or the stability of the Service may result in temporary throttling, suspension, or termination of your account.

We reserve the right to modify resource limits at any time.

4. API and Rate Limits

AI model usage is metered and billed through your wallet balance. You may not:

Share your account, API credentials, or authentication tokens with others
Use automated scripts, bots, or other tools to consume usage credits at an excessive or abusive rate
Resell, redistribute, or provide access to the Service as a service to third parties
Attempt to reverse-engineer pricing, rate limits, or usage metering systems
Use the Service to benchmark, evaluate, or test competing products or services without our prior written consent

5. Network and Infrastructure Abuse

You may not use the Service to:

Conduct or facilitate denial-of-service (DoS/DDoS) attacks against any system or network
Operate open proxies, open relays, or anonymizing services
Mine cryptocurrency or perform other computationally intensive tasks unrelated to the Service's intended purpose
Probe, scan, or test the vulnerability of any system or network associated with the Service without our explicit written authorization
Forge, manipulate, or spoof TCP/IP packet headers, email headers, or any part of a message to disguise its origin

6. Security Requirements

When deploying apps to your chosen services, you are responsible for:

Running the built-in security scanner before deploying to production
Not hardcoding secrets, API keys, passwords, or other credentials in your application code
Implementing appropriate authentication and authorization for apps that handle sensitive data
Promptly addressing any security vulnerabilities identified by our scanning tools or reported to you
Complying with applicable data protection laws when your applications collect or process user data
Implementing appropriate security measures for user data stored in Supabase databases

7. Reporting Violations

If you encounter content, applications, or behavior that violates this AUP, please report it to hi@mulucode.dev. We take all reports seriously and will investigate in a timely manner. Please include as much detail as possible, including URLs, screenshots, or other evidence of the violation.

We may, but are not obligated to, monitor the Service for violations of this AUP. We are not responsible for User Content and have no obligation to review, screen, or remove User Content, though we reserve the right to do so at our sole discretion.

8. Enforcement

We enforce this AUP at our sole and absolute discretion. We may take any action we deem appropriate in response to violations, including but not limited to:

Warning: A notice to correct the violation within a specified timeframe
Content removal: Immediate removal or disabling of the offending app, content, or data without prior notice
Throttling or restriction: Reduction or limitation of your access to Service features
Suspension: Temporary suspension of your account and all associated services
Termination: Permanent account termination and deletion of all associated data for severe, repeated, or willful violations
Legal action: Referral to law enforcement authorities or initiation of legal proceedings

We may take action without prior notice in cases requiring an immediate response, including but not limited to: active malware distribution, ongoing security threats, illegal activity, imminent harm to users or third parties, or any situation where delay could result in significant damage.

We are not liable for any damages, losses, or costs resulting from enforcement actions taken under this AUP. All determinations regarding violations and appropriate responses are made at our sole discretion and are final.

Forfeiture of prepaid credits, wallet balances, or unused subscription time may result from account termination for AUP violations. No refunds will be provided in such cases.

9. Cooperation with Authorities

We may cooperate with law enforcement agencies, regulatory authorities, or other governmental bodies in the investigation of suspected illegal activity. This cooperation may include providing information about your account and usage of the Service as required by law, subpoena, or court order, or where we believe in good faith that disclosure is necessary to prevent imminent harm.

10. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated via email or in-app notification. Continued use of the Service after changes to this AUP constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Contact us at hi@mulucode.dev.