Malv legal

Privacy Policy

Last updated: July 6, 2026

Overview

Malv provides an assistant service at https://malv.ai. This Privacy Policy explains what information Malv collects, how we use it, and the choices available to you when you use the service.

Information we collect

We collect information you provide directly, including messages, workspace files, configuration, capability settings, support requests, and other content you choose to submit to Malv.

When you sign in with Google or GitHub, we receive basic account information from that provider so we can create and secure your Malv account. For Google sign-in, Malv requests the openid email profile scopes. Your browser receives a Malv-owned session cookie instead of provider access tokens.

We also collect limited technical information needed to operate and protect the service, such as session state, authentication events, device and browser information, IP address, request metadata, diagnostics, and service logs.

Connected services and OAuth permissions

Malv may let you connect third-party services or capability workers. Those connections are optional and may request additional permissions when you choose to enable them.

Identity sign-in is separate from capability permissions. For example, Google sign-in is used to verify your identity, while Google Workspace permissions are requested separately only when a connected capability needs them. Capability tokens and refresh tokens, when authorized, are stored service-side and scoped to the relevant Malv account and connected capability.

You can revoke provider access through the relevant provider account settings, such as your Google Account or GitHub account settings.

How we use information

We use information to provide, maintain, secure, and improve Malv. This includes authenticating users, keeping sessions active, routing requests to the correct account, storing chats and workspace data, operating connected capabilities, preventing abuse, debugging issues, and responding to support or legal requests.

We do not sell personal information.

Sharing information

We share information only as needed to operate Malv, comply with law, protect rights and safety, or support services you choose to connect. This may include infrastructure providers, authentication providers, connected third-party services, and professional advisers.

When you connect a third-party service, information may be sent to that service as needed to complete the action you requested. Third-party services process information under their own policies.

Retention

We keep personal information for as long as needed to provide Malv, maintain security, resolve disputes, comply with legal obligations, and enforce agreements. You can request deletion of account-related information by contacting us, subject to legal and operational retention requirements.

Security

We use reasonable technical and organizational safeguards to protect personal information. No online service can guarantee absolute security, so you should use strong account security practices and promptly report suspected unauthorized access.

Your choices

You may stop using Malv at any time. You may also revoke OAuth access through your provider account settings, clear browser cookies, or contact us to request access, correction, export, or deletion of personal information.

Children

Malv is not intended for children under 13. If you believe a child has provided personal information to Malv, contact us so we can take appropriate action.

Changes

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and provide additional notice when appropriate.

Contact

For privacy questions or requests, contact us at contact@malv.ai.