Privacy Policy
PRIVACY POLICY
Mushin Hub — All Applications
Effective Date: June 1, 2025 | Last Updated: May 29, 2026
1. Introduction and Scope
This Privacy Policy describes how Mushin Hub ("we," "us," "our") collects, uses, stores, and shares information when you use any of our Applications accessible at mushinhub.com and its subdomains (as defined in our Terms of Use). This Policy applies to all users globally.
By using our Services, you acknowledge that you have read this Privacy Policy. If you do not agree, please discontinue use immediately.
## 2. Information We Collect
### 2.1 Information You Provide Directly
### 2.2 Information Collected Automatically
### 2.3 Camera and Microphone Data (Sensitive)
Applications that use your camera and/or microphone (Boxing, Acting, Physical Therapy) process audio-visual streams in real time, on your device or in a secure transient cloud session, for the sole purpose of generating AI analysis. Unless explicitly disclosed for a specific feature:
### 2.4 Biometric Information
For users in jurisdictions that classify body movement, gait, facial geometry, or voiceprints as biometric identifiers (including Illinois, Texas, Washington State, and the EU), please note:
## 3. How We Use Your Information
We use collected information to:
We do NOT use your data for: (a) selling to third-party advertisers; (b) behavioral advertising on other platforms; (c) automated decision-making that produces legal or similarly significant effects on you without human review.
## 4. Legal Basis for Processing (GDPR / UK GDPR)
For users in the European Economic Area (EEA) or United Kingdom, our legal bases for processing personal data are:
For special-category data (biometric, health-related), our legal basis is explicit consent (GDPR Article 9(2)(a)).
## 5. Third-Party Service Providers
We share data with the following service providers, solely to the extent necessary to provide the Services:
We require all processors to implement appropriate data protection measures and to process personal data only on our instructions.
## 6. Cookies and Tracking Technologies
We use the following cookies and similar technologies:
You may manage preferences at any time through the cookie banner, the "Cookie settings" link in the site footer, or your browser settings. Rejecting analytics cookies does not affect core Service functionality.
## 7. Data Retention
## 8. Your Rights
### 8.1 All Users
You have the right to: access your data; correct inaccurate data; delete your data (subject to legal retention obligations); opt out of marketing communications at any time.
### 8.2 EEA / UK Users (GDPR / UK GDPR)
In addition to the above, you have rights to: data portability; restriction of processing; objection to processing based on legitimate interests; withdraw consent at any time without affecting prior lawful processing; lodge a complaint with your supervisory authority.
### 8.3 California Users (CCPA / CPRA)
California residents have the right to: know what personal information we collect, use, share, or sell; delete personal information we hold; opt out of the sale or sharing of personal information (note: we do not sell personal information); non-discrimination for exercising your rights.
To submit a CCPA request, contact us at: legal@mushinhub.com
### 8.4 Illinois Users (BIPA)
Illinois residents have the right to: informed consent before biometric data collection; a written policy on biometric data retention; destruction of biometric data within 3 years or when the original purpose is fulfilled (whichever comes first); seek civil remedy for violations.
### 8.5 Exercising Your Rights
Submit any data subject request to: legal@mushinhub.com. We will respond within 30 days (or as required by applicable law).
## 9. International Data Transfers
Our infrastructure is primarily hosted in the United States. If you access our Services from outside the US, your data may be transferred to, stored, and processed in the US or other countries that may have different data protection laws.
For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards for cross-border data transfers.
## 10. Data Security (SOC 2–aligned practices)
We implement commercially reasonable technical and organizational measures designed to align with common SOC 2 trust principles (security, availability, and confidentiality), including:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized third-party access beyond our control. A formal SOC 2 Type II report, if required for your organization, may be requested at legal@mushinhub.com.
## 11. Children's Privacy (COPPA)
Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at legal@mushinhub.com and we will delete it promptly.
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised Policy with an updated effective date. For material changes, we will provide additional notice via in-app notification or email (if you have an account). Continued use after the effective date constitutes acceptance.
## 13. Contact and Data Controller
Data Controller: Mushin Hub
Email: legal@mushinhub.com
Website: https://mushinhub.com
For EU/UK GDPR inquiries or to lodge a complaint with a supervisory authority, please contact us first; if unresolved, you may contact your local data protection authority.