Mungo Labs is built on a privacy-by-design architecture. Our core principle: analysis of threats happens locally, on your device, without transmitting your email content or browsing activity to our servers. This document explains what we do and do not collect.
1. Who We Are
Mungo Labs Pte. Ltd. ("Mungo Labs", "we", "us", or "our") is incorporated in Singapore. We operate the Mungo Labs browser extension, email add-in, and website at mungolabs.ai. We can be contacted at [email protected].
2. Scope of This Policy
This Privacy Policy applies to:
- Visitors to our website (mungolabs.ai)
- Users of the Mungo Labs browser extension (MVP)
- Users of the Mungo Labs email add-in (when available)
- Organisations participating in our Design Partner Programme
3. What We Collect and Why
Website visitors. Our website does not use third-party advertising trackers. We may collect anonymised, aggregate traffic data (page views, referral sources, general geography) for the purpose of understanding how our site is being used. No personal identifiers are stored or shared.
Contact and demo request forms. When you submit a form on our website, we collect the information you provide (name, work email, organisation, role, primary concern). We use this data solely to respond to your request and to schedule conversations. We do not sell or share this data with third parties.
Browser extension — threat analysis. The Mungo Labs browser extension performs analysis of page characteristics (URL structure, domain registration signals, certificate information, page content signals) to determine whether a warning should be surfaced. This analysis is performed locally, on your device. Page content and URLs are not transmitted to Mungo Labs servers for the purpose of threat detection.
Browser extension — engagement signals. To enable proficiency-adaptive warnings, the extension may store a lightweight local record of how you interact with warnings (e.g., dismissed, read, reported). This data is stored on your device only and is not transmitted to Mungo Labs. It can be cleared at any time by removing the extension.
Email add-in. Where the email add-in is deployed, analysis of email metadata and structural signals (sender domain, routing headers, link structure) is performed without storing or transmitting the personal content of emails. Email body content does not leave your device or your organisation's environment.
Design partner organisations. Design partners may share anonymised, aggregated threat interaction data with Mungo Labs to support product improvement. The scope and handling of this data is agreed in writing with each design partner prior to any sharing.
4. Legal Basis for Processing (GDPR)
Where the General Data Protection Regulation (GDPR) applies, we process personal data on the following legal bases:
- Legitimate interests — responding to demo and partner requests, and improving our product through aggregate analytics.
- Contract performance — where we have a design partner or services agreement in place.
- Consent — where explicitly requested, for example in relation to design partner data sharing.
5. Data Retention
Contact form submissions are retained for as long as is necessary to manage the relevant relationship, and are deleted upon request. On-device extension data is retained locally and is removed when the extension is uninstalled. We do not retain email content or personal browsing history.
6. Third-Party Services
We do not currently share personal data with third-party marketing, advertising, or data-brokering services. Where we use service providers for operational purposes (e.g., email delivery), they are bound by data processing agreements consistent with applicable privacy law.
7. International Transfers
Mungo Labs is headquartered in Singapore. Where data is transferred internationally, we apply appropriate safeguards consistent with applicable law, including standard contractual clauses where required.
8. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your personal data, or to object to processing and request portability. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Security
We apply appropriate technical and organisational measures to protect any personal data we hold. Given our privacy-by-design architecture, the scope of personal data held centrally is deliberately minimal.
10. Changes to This Policy
We may update this policy as our product and operations evolve. Material changes will be communicated to active design partners directly. The effective date at the top of this page will always reflect the most current version.
11. Contact
For any questions about this policy or about how we handle data, please contact us at [email protected].
Mungo Labs Pte. Ltd. · Singapore