Privacy Policy
Last updated: 1 April 2026
We take privacy seriously and keep this simple. This policy explains what we collect, why, and what you can do about it.
Multibase Ltd is the data controller for personal data collected through multibase.io.
Contact: privacy@multibase.io
What we collect
Account data — when you sign up or use the Service, we collect your name, work email address, company name, and billing information. Passwords are stored as secure hashes — never in plaintext.
Usage data — we collect standard log data: IP address, browser type, pages visited, and feature usage. This helps us maintain and improve the Service.
Content you create — articles, media, and settings you add to your knowledge base. This is your data — we process it only to run the Service for you.
Cookies — we use essential cookies (required for login and security), functional cookies (remembering your preferences), and optional analytics cookies (understanding how the product is used). You can decline analytics cookies via our cookie banner. We do not use advertising cookies and do not share data with ad networks.
Why we process your data
| Purpose | Legal basis |
|---|---|
| Providing and running the Service | Contract performance |
| Billing and payments | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Improving the product (aggregated, anonymised) | Legitimate interest |
| Tax records and legal compliance | Legal obligation |
| Marketing updates (optional) | Consent — unsubscribe any time |
Who we share data with
We don't sell your data. We share only with trusted service providers who help us operate the platform:
- AWS (EU — Frankfurt) — servers, database, and file storage
- Stripe — payment processing (your card data never reaches our servers)
- Anthropic / OpenAI — AI translation and AI search features (data is processed transiently — not retained or used for training)
- Postmark / AWS SES — sending transactional emails
- Sentry — error monitoring (personal identifiers are scrubbed before transmission)
We also disclose data when required by law, court order, or to protect the safety of others.
How long we keep your data
- Account and billing data — for the duration of your account, plus 7 years for tax compliance
- Your content — until you delete it, plus 30 days after account closure (export window), then permanently deleted
- Usage logs — 12 months
- Support communications — 3 years
Your rights
Depending on where you are, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (subject to legal retention requirements)
- Export your data in a portable format
- Object to processing based on legitimate interest
- Withdraw consent for any consent-based processing at any time
To exercise any of these rights, email privacy@multibase.io. We'll respond within 30 days. You can also complain to your local data protection authority.
Security
We protect your data with encryption in transit (TLS 1.2+) and at rest (AES-256), strict access controls, regular security reviews, and automated backups. No system is completely secure — if a breach occurs that affects your data, we'll notify you promptly.
International transfers
Our primary infrastructure is hosted in the EU (AWS Frankfurt). Where data is transferred outside the EEA (for example, to AI API providers in the US), we use Standard Contractual Clauses approved by the European Commission.
Children
The Service is not intended for anyone under 16. We don't knowingly collect data from children.
Changes to this policy
We'll notify you of material changes at least 14 days before they take effect.
Questions? privacy@multibase.io