Your privacy matters

Muckle is Mom's companion, not your surveillance system. Here's exactly how we handle your family's data.

What we collect

Conversations: When Mom talks to Muckle, we process the conversation in real-time to provide responses, detect needs, and generate your daily digest. Conversations are summarized — the summaries are stored, not raw transcripts.

Memories: Things Mom shares with Muckle (her cat's name, her favorite flowers) are saved so Muckle can be a better companion. These are simple text notes, not recordings.

Health mentions: If Mom mentions health concerns, we flag them for you. Health data is encrypted at the application layer before it ever reaches our database.

Account info: Your email, Mom's name and phone number, and billing information. Standard stuff.

What you see vs. what Mom says

You get warm summaries, never raw transcripts. Your daily digest is a 90-second audio summary that captures the tone and topics of Mom's day — not a word-for-word record.

If Mom tells Muckle "don't tell Karen about this," Muckle respects that. The only exception is safety concerns — if Mom mentions something that could indicate danger, we'll include it in your digest regardless.

Handlers (the people who fix the screen door) see only what they need for their specific task: Mom's preferred name, address (if they need to visit), and what needs to be done. They never see conversation history, health records, or your information.

How we protect data

Application-layer encryption

Health information is encrypted before it reaches our database. Even if someone accessed the raw database, they'd see encrypted data.

Row-level security

Database policies ensure each family can only access their own data. Our backend service key is the only one that can bypass this, and it's never exposed to browsers.

Immutable audit log

Every data access is logged. These logs cannot be modified or deleted — not even by us.

No PHI in logs or error tracking

We never log health data, member names, transcripts, or addresses in our application logs, error tracking, or analytics.

Webhook signature verification

Every incoming call and billing event is verified to come from our trusted providers. Unsigned requests are rejected.

No passwords

We use magic links (email) and phone verification for authentication. No passwords to forget, leak, or guess.

What we don't do

  • We don't sell your data. Ever. To anyone.
  • We don't use your data to train AI models.
  • We don't share data with advertisers.
  • We don't listen to Mom when she's not on a call with Muckle (unless ambient mode is explicitly activated with audible consent chimes).
  • We don't store raw audio recordings of conversations.
  • We don't give handlers access to anything beyond their specific task.

HIPAA compliance

The legal question of whether Muckle is a HIPAA-covered entity is an active conversation with our legal team. Regardless of the outcome, we code as if HIPAA applies.

This means: encryption at rest and in transit, application-layer encryption for health data, access controls, audit logging, and breach notification procedures. We don't wait for a legal requirement to protect your family's health information.

Your rights

Export your data: You can request a full export of Mom's memories and conversation summaries at any time.

Delete your data: When you cancel, we delete your data. No retention for marketing, no "we might need this later."

Questions? Email us at privacy@muckle.care. We'll respond within 48 hours.

Last updated: February 2026

Join the Waitlist