Privacy Policy

Last updated: March 8, 2026

            Summary: MarvinOS stores your data in isolated per-user directories on our servers. We use
            AI models via OpenAI's API to process your requests. We do not sell your data. You can delete your account
            and all associated data at any time.
        

1. Who We Are

MarvinOS ("we," "us," "our") is a personal AI assistant platform operated at marvinuos.org. This policy describes how we collect, use, and protect your information when you use our services, including the web application, browser extension, Telegram bot integration, and any associated APIs.

2. Information We Collect

2.1 Account Information

Email address — used for authentication and account recovery
Password — stored as a bcrypt hash; we never store plaintext passwords
Account creation date and login timestamps

2.2 Conversation Data

Chat messages — your messages and Marvin's responses are stored to provide conversation continuity
Memory facts — things you explicitly ask Marvin to remember (e.g., preferences, names, dates)
Interaction metadata — timestamps, message counts, and feature usage patterns (used for your morning briefing and proactive suggestions)

2.3 Browser Extension Data

If you install the MarvinOS browser extension:

Active tab URL and title — only sent to our server when you explicitly ask Marvin about your current page
Page content — extracted text from web pages, only when you request page analysis
Screenshots — captured only when you request visual analysis
The extension does not automatically track your browsing history or send data without your explicit request

2.4 Telegram Integration

Telegram chat ID — used to route messages between Telegram and your Marvin account
Voice messages — transcribed via OpenAI Whisper for processing, not stored after transcription
Images — analyzed via OpenAI Vision API when sent

2.5 Billing Information

PayPal transaction IDs — we store transaction references for coin purchases
We do not store credit card numbers, bank account details, or PayPal passwords
All payment processing is handled by PayPal's secure payment infrastructure

2.6 Credential Vault

If you store third-party credentials in Marvin's vault, they are encrypted using AES-256-GCM with a per-user key
Vault contents are stored exclusively in your isolated tenant directory

3. How We Use Your Information

Provide AI assistance — your messages are sent to OpenAI's API for processing. Messages are subject to OpenAI's Privacy Policy
Personalize responses — memory facts and conversation history make Marvin more helpful over time
Proactive features — morning briefings and suggestions are generated from your stored data
Billing — track coin usage and process payments
Product improvement — anonymized, aggregate usage patterns help us improve the service

4. Data Isolation

Your data is stored in a per-user isolated directory on our servers (data/tenants/{userId}/). Each user's data is completely separated from other users. Memory, conversation history, vault contents, and generated files are all stored within your isolated directory.

5. Data Retention

Your data is retained for as long as your account is active
Conversation history is retained indefinitely unless you delete it
You can delete individual memory facts at any time via the chat interface
You can request full account deletion (see Section 8)

6. Data Security

All connections use TLS/HTTPS encryption in transit
Credential vault uses AES-256-GCM encryption at rest
Passwords are hashed with bcrypt
JWT tokens are used for session authentication with configurable expiration
The server is hosted on a dedicated VPS with restricted SSH access

7. Third-Party Services

OpenAI — AI inference (chat, vision, text-to-speech, transcription). Subject to OpenAI's Privacy Policy
PayPal — Payment processing. Subject to PayPal's Privacy Policy
Telegram — Optional messaging integration. Subject to Telegram's Privacy Policy
IONOS — DNS management for custom subdomains

8. Your Rights

8.1 Access

You can view your stored data including memory facts, conversation history, and account details through the Marvin dashboard.

8.2 Deletion

You have the right to delete your account and all associated data:

Use the Account Deletion option in Settings, or
Send a DELETE request to /api/account with your authentication token, or
Contact us at the email below

Account deletion removes: your user record, all memory data, conversation history, vault contents, generated files, and tenant directory. This action is irreversible.

8.3 Data Portability

You can export your memory data via the Marvin API (GET /api/memory).

8.4 Correction

You can update your stored facts by telling Marvin to forget incorrect information and remember the correct version.

9. Cookies and Local Storage

We use localStorage in your browser to store your authentication token and UI preferences
We do not use third-party tracking cookies or advertising trackers
The browser extension uses chrome.storage.local to store the authentication token for the WebSocket connection

10. Children's Privacy

MarvinOS is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of MarvinOS after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, data requests, or concerns:

Email: privacy@marvinuos.org
Or use the Marvin chat to say: "I have a privacy question"