mycelium·

Privacy Policy

Last updated: 3 July 2026

Mycelium is a private, agent-native personal CRM hosted at https://mycelium.netcraft.works. This policy explains what data the hosted service handles, why, and what your rights are. We have tried to write it in plain language. If anything is unclear, ask us.

Who we are. The hosted Mycelium service is operated by Mycelium (operator). Contact: <LEGAL_CONTACT_EMAIL>.

Mycelium is also available as open-source software that you can run entirely on your own infrastructure. This policy covers only the hosted service. If you self-host, we receive no data from you at all.


1. Two kinds of data, two roles

It matters legally — and practically — that the hosted service handles two very different kinds of data:

a) Your account data. The data we need to run the service for you: your Google sign-in basics, plan and billing status, usage metering, and server logs. For this data, we are the data controller. We decide what is collected and why, and this policy describes it fully below.

b) Your CRM content. The contacts, notes, deals, and relationship graph that you store in your Mycelium instance. This content is about third parties — the people you know. You decide what to record, and only you (and your AI agent, acting on your instructions) read and write it. For this content, you are the controller and we act as a processor-like host: we store and process it exclusively on your behalf and on your instructions, we do not use it for our own purposes, and we never share it with anyone. You are responsible for having a lawful basis for the information you record about other people (see also our Terms of Service, section on acceptable use). For purely personal, non-commercial use of a private address book, GDPR's "household exemption" typically applies to you as an individual — but if you use Mycelium in a professional or commercial context, that is your assessment to make.


2. What we collect

Data What exactly Source
Google account basics Email address, display name, avatar URL, Google account identifier Google sign-in (OAuth)
Your CRM content Contacts, notes, interaction history, deals, tags, embeddings derived from that content — everything you or your agent store in your instance You, via your AI agent (MCP) or import
API and usage metering API key metadata, counts and costs of metered operations (nightly deal runs, enrichment runs, LLM/embedding token usage, federated queries), plan and quota state Generated by the service
Server logs IP address, timestamps, requested endpoints, status codes, and technical error details, kept for security and debugging Generated by the service
Federation audit log For federation peers you connect to: peer identity, query terms, timestamps, and result counts — on both sides, by design (both parties are told this) Generated by the service
Presale reservations If you reserve a founder seat: email, name, seat number You

We do not collect: browsing behavior outside the service, advertising identifiers, analytics profiles, or anything from your device beyond what is listed above.

3. Purposes and legal bases

Purpose Data used Legal basis (GDPR)
Providing your account and instance (sign-in, provisioning, storage) Google basics, CRM content Contract (Art. 6(1)(b))
Operating agent features you invoke (search, embeddings, nightly deal reflection) CRM content Contract — processing on your instructions
Billing, quotas, and abuse prevention Metering, logs Contract; legitimate interest (Art. 6(1)(f)) in keeping the service fair and solvent
Security, debugging, incident response Server logs, audit log Legitimate interest in a secure service
Federation transparency (query logs visible to instance owners) Federation audit log Contract — this transparency is a documented feature both peers agree to
Communicating with you about your account Email Contract

We do not use your data for advertising, profiling, or training AI models. We do not send marketing email unless you explicitly ask for it.

4. What we never do

  • No advertising and no tracking. There are no ad networks, no analytics trackers, and no third-party marketing cookies anywhere in the service (see the Cookie Policy).
  • No sale or sharing of personal data. We do not sell, rent, or share your account data or your CRM content with third parties. The only external services that touch your data are the subprocessors below, who act strictly on our instructions to run the service.
  • No use of your CRM content for our own purposes. Your graph is yours. We do not read it for product research, train models on it, or aggregate it across users.

5. Subprocessors

Subprocessor Role Data involved
DigitalOcean Managed hosting and managed PostgreSQL database (infrastructure the service runs on) All service data, encrypted at rest by the platform
OpenAI Embeddings generation (turning your text into search vectors) Text snippets from your CRM content, sent at the moment of processing
OpenRouter LLM inference routing (the models used by nightly deal reflection and enrichment) The context assembled for a given run

For LLM and embedding calls we use zero-data-retention configurations where the provider offers them, so that your content is processed transiently and not stored or used for training by these providers. If you bring your own API key (BYOK), calls go to your provider under your own agreement with them.

We will update this table before adding any new subprocessor.

6. Data location

Our infrastructure runs on DigitalOcean managed services. We have not yet made a commitment to a specific storage jurisdiction or region, and we do not want to imply one we cannot guarantee. We will update this policy when a firm data-location commitment is in place. If data location is critical for you today, the self-hosted open-source version puts the choice entirely in your hands.

7. An honest word about encryption

The hosted service is not end-to-end encrypted, and we will not pretend otherwise. Server-side features — semantic search, embeddings, nightly deal analysis — require the service to process your content in plaintext. This means the operator can technically access stored content. What protects you in the hosted service is architecture and policy, not cryptography:

  • a separate, isolated database per user — your instance is never mingled with anyone else's;
  • disk encryption at rest;
  • no content logging;
  • zero-data-retention LLM routing where available;
  • a strict internal rule that operator access happens only when required to run the service (e.g., incident response), never for curiosity or product analytics.

If you need maximum privacy — particularly for sensitive deal data — we recommend self-hosting the open-source version. The full data model, including the deal layer, is available in the open-source core. We would rather recommend against our own hosted plan than overstate what it protects.

8. Federation: your contacts stay put

Mycelium's federation lets you connect your instance directly with people you trust. The privacy model is strict by construction:

  • Nothing about your contacts leaves your instance without your explicit publish action. Connecting to a peer publishes nothing by itself. Deals are never shareable.
  • What can be published is a minimal projection (name, organization, vocabulary tags) — never notes, contact details, or your assessments.
  • Every federated query against your instance is logged and visible to you, and the same applies symmetrically to your queries against peers.
  • You can mark any contact do_not_share, unpublish at any time, and revoke a peer instantly. (Honestly: information a peer already received cannot be technologically recalled — which is exactly why the shareable projection is kept minimal.)

9. Retention

  • Account data and CRM content: kept for as long as your account is active.
  • Server logs: kept for a short operational window (up to 90 days) and then deleted.
  • Usage metering: kept while your account is active, for billing accuracy and quota history.
  • Presale reservations: kept until converted or cancelled, then removed from active records.

10. Deletion — the full story

When you delete your account (Settings → Delete account, with double confirmation):

  1. Your entire per-user database is dropped. Not flagged, not anonymized — the database that holds your contacts, notes, deals, and graph is permanently destroyed.
  2. Your account records, API keys, and sessions are erased; sessions are invalidated immediately.
  3. A minimal deletion record (without personal content) is retained solely to evidence that the deletion was performed.
  4. Backups: encrypted infrastructure backups age out on a rolling cycle; residual copies of your data are purged from backups within approximately 7–30 days of deletion. Backups are never used to restore deleted accounts.

11. Portability

You can export everything yourself, at any time, without asking us: a full graph export in JSONL and contact export in vCard, self-service via the MCP tools (export_graph, export_vcard). We recommend exporting before deleting your account.

12. Your rights

If you are in the EU/EEA, UK, or a jurisdiction with similar laws, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase your data (see section 10 — deletion is built in, not a support ticket);
  • Portability (see section 11 — self-service export is built in);
  • Object to or restrict processing based on legitimate interest;
  • Complain to your local data-protection authority.

To exercise any right that is not already self-service, email <LEGAL_CONTACT_EMAIL>. We respond within one month.

If someone in your CRM contacts us asking about data you store about them: for your CRM content you are the controller, so we will refer the request to you — but note that the product gives you the tools to honor such requests (delete the contact, set do_not_share, unpublish from all projections).

13. Children

The service is not directed at children and is not intended for anyone under 16. We do not knowingly collect data from children under 16; if we learn that we have, we will delete it.

14. Changes to this policy

We will post changes here with an updated date. For material changes, we will notify you by email or in your account dashboard before they take effect.

15. Contact

Questions, requests, concerns: <LEGAL_CONTACT_EMAIL>.