1. Information we collect
You provide
- •Account details: email address and, optionally, name and company.
- •Builder details: business/identity information required for marketplace participation and payouts.
- •Content you submit: agent configurations, inputs, prompts, files, and listing content.
- •Communications: messages you send us, support requests, and CRM/marketing form submissions (e.g. notify-me / contact).
Collected automatically
- •Usage data: pages viewed, features used, agent runs, execution logs, and metered usage (e.g. model tokens).
- •Device & log data: IP address, browser type, timestamps, and similar technical data.
- •Cookies and similar technologies (see Cookies below).
From third parties
- •Payment and payout status from Stripe (we do not receive full card numbers).
- •Tokens and data from Connected Services you authorize (e.g. email, CRM, CMS, Slack) — used only to operate your Agents and stored encrypted.
2. How we use information
- •Provide, operate, secure, and improve the Platform and Agents.
- •Authenticate you and manage your account and sessions.
- •Process subscriptions, payments, and Builder payouts.
- •Run Agents you deploy, including passing data to model providers and Connected Services as needed to perform the task.
- •Communicate with you about your account, security, transactions, and (with your consent where required) product news and campaigns.
- •Detect, prevent, and investigate fraud, abuse, and security incidents.
- •Comply with legal obligations and enforce our Terms.
3. AI processing
When you run an Agent, the inputs you provide and relevant context are sent to AI model providers (such as Anthropic) and to any tools the Agent uses, in order to generate Outputs. We use providers that contractually limit use of submitted data; we do not sell your content, and we do not use your private Agent inputs or Outputs to train our own models without your consent. Model providers process data under their own terms.
4. Legal bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: performance of a contract (to provide the Platform); legitimate interests (to secure and improve the Platform, prevent abuse, and market responsibly); consent (for certain marketing and cookies); and legal obligation (e.g. tax and accounting).
5. How we share information
- •Service providers / sub-processors who help us run the Platform (see below), under contracts that protect your data.
- •Builders, where you subscribe to or run their Agent — limited to what is needed to operate the Agent and provide support.
- •Payment providers (Stripe) for billing and payouts.
- •Legal & safety: when required by law, to enforce our Terms, or to protect rights, safety, and security.
- •Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.
We do not sell personal information.
6. Sub-processors
We rely on reputable infrastructure and service providers, including:
- •Cloudflare — hosting, edge compute (Workers), database (D1), storage (KV/R2).
- •Stripe — payments, subscriptions, and Connect payouts.
- •Anthropic (and other model providers) — AI model inference.
- •Amazon Web Services (SES) — transactional and campaign email.
- •Railway and n8n — agent runtime and workflow execution for certain Agents.
7. Data retention
We keep personal data for as long as your account is active and as needed to provide the Platform, then for as long as necessary to comply with legal, tax, accounting, and dispute-resolution obligations. Execution logs and usage data are retained to operate and secure the service and may be aggregated or anonymized. You can request deletion as described below; some data may be retained where we have a legal basis to do so.
8. Security
We use technical and organizational measures to protect personal data, including encryption in transit and at rest, encryption of Connected Service tokens, tenant isolation, and least-privilege access. See our Security page for details. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. International transfers
We and our providers may process data in countries other than yours. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, to object to certain processing, and to withdraw consent. EEA/UK users may lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA, including access, deletion, correction, and to opt out of "sale"/"sharing" (we do not sell personal information). To exercise rights, email privacy@mnki.com. We will verify your request and respond within the timeframes required by law.
11. Cookies
We use strictly necessary cookies (for authentication and security) and, where applicable, analytics cookies to understand and improve usage. You can control cookies through your browser; disabling strictly necessary cookies may break parts of the Platform.
12. Children
The Platform is not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. For material changes we will provide notice (e.g. by email or in-product). The "last updated" date above reflects the latest version.
14. Contact
Controller: Petso BV (trading as MNKI), Netherlands. Privacy questions or requests: privacy@mnki.com. General contact: hello@mnki.com. EEA/Dutch users may also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).