Privacy Policy
Effective date: May 15, 2026
Mug, operated by Tyler Berggren ("we," "us," "our"), provides the mug.work platform. This policy describes how we collect, use, and protect information when you use our services.
What we collect
Account information. Email address, name, and authentication credentials when you create an account.
Workspace data. Data you sync into your workspace from external services (APIs, databases, files), data generated by workflows, and content you create through forms and surfaces. This data is stored in your workspace's isolated storage and is under your control.
Connector credentials. OAuth tokens and API keys you provide to connect external services. These are encrypted at rest and scoped to your workspace.
Usage data. Operational metrics including workflow execution counts, API call volumes, storage consumption, notification delivery status, and AI token usage. We use this data for billing, capacity planning, and platform reliability.
Payment information. Billing details are collected and processed by Stripe, our payment processor. We do not store credit card numbers on our infrastructure.
Technical data. IP addresses, browser type, and request metadata in server logs. We retain logs for operational purposes and delete them within 90 days.
How we use your data
- Operate the platform. Run your connectors, workflows, surfaces, and notifications as configured.
- Billing. Meter usage against your tier limits and process payments.
- AI processing. When you use
ctx.ai()in workflows, your prompts and data are sent to third-party AI model providers (Anthropic, OpenAI, Google, and others available through Cloudflare AI Gateway) to generate responses. We do not use your prompts or AI responses to train models. If you configure Bring Your Own Key (BYOK), requests route directly through your own provider account. - Notifications. When workflows send email or SMS, recipient contact information is shared with our delivery providers (Resend for email, Twilio for SMS) solely for delivery purposes.
- Improve the platform. Aggregate, anonymized usage patterns to improve reliability and features. We do not sell your data.
Data isolation
Each workspace runs as an isolated Cloudflare Worker with its own V8 runtime, storage bucket, and database. Workspace isolation is structural, not application-level: a workspace's code cannot access another workspace's data because the runtime bindings do not exist. Connector credentials are encrypted and scoped per workspace.
Data residency
The platform runs on Cloudflare's global network. Workspace data (databases, files, credentials) is stored in Cloudflare R2 and Durable Objects. Cloudflare's infrastructure spans multiple regions; data may be stored or processed in any region where Cloudflare operates. We do not currently offer region-specific data residency guarantees.
Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosting, compute, storage, AI gateway | All platform data |
| Stripe | Payment processing | Billing and payment details |
| Resend | Email delivery | Recipient email addresses, message content |
| Twilio | SMS delivery | Recipient phone numbers, message content |
| AI providers (via Cloudflare AI Gateway) | Model inference | Prompts and context provided in ctx.ai() calls |
| GitHub | Optional workspace backup | Workspace source code if configured |
Your rights
- Access. You can export all workspace data at any time via the CLI (
mug export) or API. - Deletion. You can delete your workspace and all associated data. Deletion is permanent and includes databases, files, credentials, and execution logs. Account deletion removes your account and all owned workspaces.
- Portability. Workspaces are git repositories. You own the source code and can clone it at any time.
- Credentials. You can revoke connector credentials at any time. Revoking a credential immediately stops all syncs using that credential.
Data retention
- Workspace data. Retained as long as your workspace exists. Deleted within 30 days of workspace deletion.
- Execution logs. Rolling window of the 1,000 most recent workflow runs per workspace. Older logs are automatically pruned.
- Usage metrics. Retained for 12 months for billing and audit purposes.
- Server logs. Deleted within 90 days.
- Account data. Retained until account deletion, then deleted within 30 days.
Security
- Connector credentials encrypted at rest
- Per-workspace V8 isolate provides structural tenant isolation
- All data in transit encrypted via TLS
- Platform secrets managed through Cloudflare's secret store
- No shared database between workspaces
Children
Mug is a business operations platform. We do not knowingly collect information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.
Changes
We may update this policy. Material changes will be communicated via email to account holders. Continued use of the platform after changes constitutes acceptance.
Contact
For privacy questions or data requests: support@mug.work