Mayva
Privacy

Privacy policy

LAST UPDATED · 2026-05-28

Short version: in local mode, we collect nothing. On hosted plans (Personal, Pro, Teams), we collect the minimum needed to run the service, and never sell or share it.

What we collect — local mode

Nothing. Local mode has zero telemetry. Your data lives in data/ on your machine. LLM calls go directly from your machine to Anthropic; we are not on the path.

What we collect — hosted plans

  • Account info: email, name, hashed password (or SSO subject ID).
  • Billing info: via Stripe. We never see your card.
  • Service data: the same data the local version stores, but on our servers — profile, episodic events, embeddings. Encrypted at rest with per-tenant keys.
  • OAuth tokens: WHOOP / Google / Gmail refresh tokens, encrypted. You can revoke at any time.
  • Operational logs: request paths, status codes, latency. No request bodies. Retained 14 days.

What we share with third parties

  • Anthropic — the focused prompt for the current turn. A PII redaction layer strips third-party emails and phone numbers when it can.
  • Cloudflare — marketing site hosting and DDoS protection.
  • Stripe — payment processing.
  • Resend — transactional email.
  • That's the entire list. No analytics vendors. No ad networks. No data brokers.

Cookies

The marketing site sets zero tracking cookies. Authentication uses a single HttpOnly session cookie for logged-in users.

Health data

WHOOP / Apple Health / Oura / Garmin data is sensitive. We treat it as such — encrypted at rest, scoped to your tenant, never used for product analytics. Hosted plans store it; local mode keeps it on your machine.

Your rights

  • Export — download everything we have on you in JSON. One click in the dashboard.
  • Delete — destroy your account and data. Tokens revoked, rows purged within 30 days, backups within 90.
  • Access — ask us what we have. We'll send a summary.

Children

Mayva isn't designed for or marketed to anyone under 18. We don't knowingly collect data from minors.

Changes

If we change this policy materially, we'll email you and update the date at the top. Trivial edits (typos) won't trigger a notification.

Contact

Privacy questions: contact us or privacy@mayva.ai.