Back to home

Privacy Policy

Last updated: February 2026

1. Introduction

Mabii ("we," "us," or "our") is an AI-powered customer acquisition platform. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our service, website, and related features. By using Mabii, you agree to this policy.

2. Data We Collect

We collect:

  • Account and business data: email, business name, domain, industry/niche, location, and other details you provide during onboarding.
  • Lead and prospect data: names, emails, business names, websites, and other contact or enrichment data used for outreach.
  • Conversation content: messages exchanged via email, webchat, WhatsApp, Instagram, Facebook Messenger, and other connected channels.
  • Usage and operational data: how you use the platform, API and job logs, and system health metrics.

3. How We Use Data

We use data to:

  • Provide, operate, and improve the Mabii platform.
  • Run AI models to generate and personalize outreach, reply to conversations, and book appointments.
  • Send and track emails and messages on your behalf via connected channels.
  • Process payments, enforce plans, and communicate with you about your account.
  • Comply with law, enforce our terms, and protect our rights and users.

AI disclosure: Conversations and content you provide are processed by AI (including third-party AI providers). AI-generated outreach is sent on your behalf. We do not use your data to train general-purpose AI models for use outside Mabii.

4. Third-Party Services

We use and share data with:

  • Supabase — database and authentication (US/EU).
  • OpenAI — AI processing for conversations and outreach.
  • Paddle — subscription and payment processing.
  • Resend — transactional email (e.g. welcome, alerts).
  • Meta (Facebook/Instagram/WhatsApp) — messaging channels when you connect them.
  • Google — calendar and Places enrichment when configured.
  • Instantly — cold email delivery when configured.
  • Outscraper / Apollo — lead discovery and enrichment when configured.

Each provider has its own privacy and data processing terms. We require processors to protect data consistent with this policy and applicable law.

5. Data Retention

We retain account and business data for as long as your account is active and as needed to provide the service and comply with law. Conversation and lead data are retained per our data retention settings and may be deleted on schedule or upon your request. After account termination, we delete or anonymize your data within a reasonable period (e.g. 30 days) except where we must retain it for legal or safety reasons.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct or update your data.
  • Request deletion of your data.
  • Data portability (receive your data in a structured format).
  • Object to or restrict certain processing.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with a supervisory authority (e.g. in the EU/EEA).

To exercise these rights, contact us at the email below. We will respond within the time required by applicable law (e.g. 30 days under GDPR).

7. Cookies and Similar Technologies

We use:

  • Session cookies — to keep you logged in (e.g. Supabase auth).
  • Tenant cookie — to associate your session with your workspace (httpOnly, sameSite).
  • Admin cookie — only when you access admin tools (httpOnly, sameSite strict).
  • OAuth/CSRF cookies — short-lived cookies for secure OAuth and Meta connection flows.

You can control cookies via your browser settings. Disabling essential cookies may limit or break login and certain features.

8. International Transfers

Data may be processed in the United States, European Union, or other regions where our service providers operate. We use appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions) where required by law for transfers out of your jurisdiction.

9. Children's Privacy

Mabii is not directed at individuals under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will delete it.

10. GDPR and CCPA

If you are in the European Economic Area or UK, we process your data on the bases of contract performance, legitimate interests, consent, and legal obligation as applicable. You have the rights set out in Section 6. If you are in California, we do not sell your personal information; we may share data with service providers as described in this policy. You may have additional rights under the CCPA (e.g. know, delete, correct, limit use of sensitive data).

11. Security

We use technical and organizational measures to protect your data (e.g. encryption in transit and at rest, access controls, secure cookies). No system is completely secure; we will notify you and regulators as required if a breach affects your personal data.

12. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and update the "Last updated" date. Material changes may be communicated by email or a notice in the product. Continued use after changes constitutes acceptance.

13. Contact

For privacy requests, questions, or complaints, contact us at the support or contact email provided in the product or at https://mabii.org. We will respond as required by applicable law.

Back to home · Terms of Service