Privacy Policy

This Privacy Policy describes how MRU.AI, operated by Mauritius AI Finance, processes personal data in connection with the MRU.AI platform. This policy applies to business users, prospective customers, and authorized users acting on behalf of an organization.

If your employer or client controls the documents or personal data submitted into the platform, that organization remains responsible for ensuring it has a lawful basis for the processing carried out through MRU.AI.

We may process account details such as name, email address, organization name, role, and session metadata. We also process business content submitted to the platform, including uploaded documents, chat history, KYC search queries, structuring requests, report inputs, and usage events generated when product features are used.

Operational metadata may include request IDs, timestamps, IP-derived rate-limit identifiers, browser information, and analytics data where enabled.

We rely on third-party subprocessors including Clerk for authentication, Supabase for database and storage infrastructure, Google Gemini for AI processing, Vercel for hosting, and optional monitoring or analytics providers such as Sentry and PostHog where enabled by the deployment.

Because these services may operate from multiple jurisdictions, your data may be transferred outside Mauritius or the country where your organization is established. We rely on contractual, technical, and organizational safeguards appropriate to the deployment configuration in use.

We use personal and business data to provide the service, authenticate users, secure the platform, generate AI-assisted outputs, maintain audit trails, troubleshoot incidents, prevent abuse, and improve product operations. Uploaded documents and user prompts may be sent to Google Gemini to generate analysis or embeddings required for retrieval and workflow features.

Clerk uses cookies and related session technologies to keep users authenticated. We do not use the public marketing pages to track private workspace content, but optional analytics may record product usage patterns such as feature openings and successful workflow completions.

We retain account and operational data for as long as necessary to provide the service, comply with contractual obligations, maintain auditability, and meet legal or security requirements. Customer-uploaded content is retained according to the environment and data management processes agreed with the customer.

Subject to applicable law, data subjects may request access, correction, deletion, restriction, objection, or portability of their personal data. Requests may need to be routed through the customer organization where that organization acts as the primary controller for workspace content.

For privacy requests, deletion inquiries, or questions about this policy, contact support@mru.ai. We will respond in accordance with applicable data protection requirements and the role we occupy in relation to the relevant data set.