Privacy Policy

Privacy Policy

Privacy Policy

Last updated 26th February, 2026

Scope and key definitions

Scope. This Privacy Policy explains how we collect, use, disclose, and protect Personal Data in connection with:
(a) the Muniments public website,
(b) communications and lead intake (including contact requests and pilot intake), and
(c) limited Personal Data processed in connection with delivery and support of the Muniments on‑prem appliance and the pilot motion described on the website.

Important distinction for bank customers. Muniments is marketed as an on‑prem, bank‑owned hardware “research and workflow appliance” that operates within your bank’s network. As described on the website, bank documents stay on bank‑controlled storage, indexing and inference are local, and the appliance can ingest documents via read‑only shared folder access.

Accordingly, for most bank deployments, your organization (e.g., a community bank) controls what is placed in the bank‑curated folder and remains responsible for the content it chooses to make available to the appliance. In many cases, Muniments may not receive bank documents at all unless a bank explicitly chooses to share artifacts (for example, exported logs) for support or evaluation.

Key definitions

  • “Personal Data” means information that identifies, relates to, describes, or could reasonably be linked with an individual (for example, name, work email address, phone number).

  • “Customer Content” means documents, files, and other content a bank or customer organization chooses to place in a bank‑curated folder for indexing/analysis by the on‑prem appliance (for example, policies, minutes, prior exams/audits, vendor documents), which may contain Personal Data depending on what the customer includes.

  • “Appliance” means the Muniments on‑prem system installed on bank‑owned hardware, as described on the site.

  • “Website” means the public site at muniments.ai and its pages (including Contact and Legal).

  • “We,” “us,” “our” refer to the operator of the Website and the provider of Muniments. The Website footer includes “© 2026 SuperDroids, LLC. All rights reserved.” (suggesting SuperDroids, LLC is the operating entity), but the site does not otherwise specify the legal entity name as “data controller.” Where this matters (for example, contracts), confirm the controller/entity name with us in writing.

Who this Privacy Policy does not cover

This Privacy Policy does not cover:

  • Privacy notices provided by your bank or employer. If you are a bank customer, questions about your bank’s handling of your information should be directed to your bank.

  • How regulators, auditors, or other third parties process your information.

Personal data we collect

This section describes the categories of Personal Data we may collect and process, grouped by context. Where the Website does not specify a detail, it is marked unspecified.

Website visitors and general browsing

Basic technical/log data (typical). Like most websites, our systems and/or hosting providers may automatically receive basic technical information when you access the Website (such as IP address, device/browser type, and timestamps). The Website does not explicitly describe server logging, so specifics (fields, retention) are unspecified and should be confirmed by counsel/engineering.

Cookies and similar technologies. The Website does not list specific cookies or tracking technologies; therefore cookie names, vendors, and durations are unspecified and should be confirmed.

People who contact us (Contact page)

When you submit the Contact form, the page indicates it collects:

  • Your name

  • Work email

  • Contact number

  • Organization/Bank

  • Message content

The Contact page also states it is intended for general questions, partnerships, or anything not related to booking a pilot intro call.

People who call, email, or otherwise communicate with us

If you contact us by email or phone, we may process: your contact details, the content of your communications, and related metadata (for example, date/time and subject). The Website provides an email address and phone number.

Pilot participants and business customers

The Website describes a Proof of Value (14 days) and Pilot (60 days) that involve installing Muniments on bank‑owned hardware, ingesting a curated pilot folder, and running a “Top‑25 question pack” to validate “citation quality and time‑to‑evidence,” producing a results pack and a go/no‑go decision.

In connection with piloting and supporting the Appliance, we may process:

  • Business contact information (for example, names, work emails, phone numbers) for project coordination, scheduling, and support. The specific data fields for pilot booking are unspecified on the Website, but Contact form fields provide a baseline for what is collected via web inquiry.

  • Operational/support information you or your organization may choose to share for support, tuning, or troubleshooting (for example, exported logs), especially since the site describes “activity logging” and “exportable logs.”

  • Customer Content processed on‑prem. The curated pilot folder may include “policies, minutes, prior exams/audits, key vendor docs” as described. This content remains under bank control and may include Personal Data depending on what a customer includes.

What we do not knowingly collect

The Website is not presented as a consumer service for children, and we do not knowingly solicit Personal Data from children (see Children’s privacy).

How we use personal data and lawful bases

Purposes of processing

We use Personal Data for the purposes below, and only as needed for those purposes:

1) Contact and inquiry handling

Examples: name, work email, phone, organization, message content
Purposes: respond to inquiries; provide requested information; route to the correct workflow (general inquiry vs. pilot intro)

2) Business relationship management

Examples: email/phone communications; meeting notes (if any)
Purposes: sales discussions; scheduling; contracting; ongoing relationship management

3) Pilot delivery coordination

Examples: stakeholder contact details; coordination emails
Purposes: execute the Proof of Value / Pilot steps described on the site (installation on bank‑owned hardware; validation workflow; results pack/pilot packet activities)

4) Support and troubleshooting

Examples: exported logs or diagnostic information a customer provides
Purposes: support, troubleshooting, and iterative tuning during pilot (where authorized by the customer)

5) Security and integrity

Examples: access/admin logs (if shared); incident reports
Purposes: protect the Website and business communications; support auditability where relevant to the Appliance

6) Website usage and performance (if used)

Examples: standard analytics or log data
Purposes: understand site performance and usage; prevent abuse
Note: vendor/tooling is unspecified on the site.

Lawful bases for processing (where applicable)

Depending on your jurisdiction, our processing may rely on one or more of the following legal bases:

  • Consent: when you submit a Contact form or request information; and for any optional cookies/analytics where consent is required.

  • Contract / steps taken at your request prior to entering a contract: to provide pilot and production services and related support where we have a business relationship.

  • Legitimate interests: to respond to business inquiries, maintain operations, ensure security, and prevent abuse, balanced against your rights.

  • Legal obligation: to comply with applicable laws and lawful requests.

Sharing, security, and international transfers

Sharing and disclosures

We may share Personal Data with:

  • Service providers that help us operate the Website and business communications (for example, hosting, email, security). Specific vendors are unspecified on the Website.

  • Our business customers (for example, a bank) where a customer’s own contacts and communications are part of onboarding, support, or account management.

  • Legal/compliance recipients (for example, regulators or law enforcement) when required to comply with law.

  • Business transfer recipients if we undergo a merger, acquisition, financing, or sale of assets (subject to appropriate safeguards).

No selling / no cross‑context behavioral advertising. We do not sell Personal Data or share it for cross‑context behavioral advertising based on what is disclosed on the Website. If our practices change, we will update this policy. (No selling/sharing language is unspecified on the site, but this policy adopts it as a commitment.)

Security measures

We use reasonable administrative, technical, and physical safeguards designed to protect Personal Data.

For the on‑prem Appliance model described on the Website, the site lists specific architectural controls that inform our security posture, including:

  • No inbound internet required (bank‑controlled firewall) and outbound access restricted/allowlisted (bank‑approved)

  • Read‑only shared folder access for document ingestion and “no direct core connection in v1 (docs‑first)”

  • Documents stay on bank‑controlled storage; local indexing and inference only (no cloud AI); encryption at rest on the appliance

  • Local LAN/VPN access only (no public login); admin‑controlled access; activity logging; separate admin interface

  • Signed releases; bank‑approved maintenance windows; versioned regulatory library refreshes; rollback plan

  • Exportable logs/audit trail; offboarding wipe of indexes/caches on request; bank retains source documents and hardware

Important note: these statements describe the Appliance model as presented on the Website. They do not, by themselves, describe all controls that may apply to Website hosting or email systems, which are unspecified on the site.

International transfers

The Website provides a mailing address in Decatur, Georgia, indicating U.S.‑based operations. If you access the Website or contact us from outside the United States, your Personal Data may be processed in the United States and other locations where we and our service providers operate.

Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Contact form submissions and business inquiries: retain for up to 24 months after our last interaction to manage follow‑ups and maintain business records, unless you request deletion and we are not required to retain.

  • Business relationship records (customers/pilots): retain for the duration of the relationship and for a reasonable period thereafter (for example, 7 years) for audit, tax, and legal compliance.

  • Website technical logs (if collected): retain for a short period consistent with security and operations (for example, 30–90 days), unless needed for investigation. (Specific logging practices are unspecified on the Website.)

  • Customer Content / bank documents on the Appliance: the Website states banks retain source documents and hardware; offboarding can include wiping indexes/caches on request. Retention for Customer Content is therefore primarily controlled by the customer/bank and the lifecycle of the on‑prem device.

Your rights and choices

Depending on your jurisdiction and subject to legal limitations, you may have the right to:

  • Access Personal Data we hold about you

  • Correct (rectify) inaccurate Personal Data

  • Delete Personal Data (where applicable)

  • Object to or restrict certain processing

  • Withdraw consent (where processing is based on consent)

  • Receive a copy of certain Personal Data (data portability)

How to exercise rights

Submit a request by emailing hello@muniments.ai or using the Contact form. Provide enough information for us to verify your identity and locate your records.

Cookies and browser controls

If cookies are used, you can typically manage them via browser settings or any cookie controls we may provide.

The Website does not publish cookie names/vendors.

Children's privacy

The Website is not directed to children, and we do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, please contact us and we will take appropriate steps to delete it.

Contact, updates, and revision history

The Website lists the following contact methods:

  • Email: hello@muniments.ai

  • Phone: +1 (404) 618-5045

  • Mailing address: 235 Ponce De Leon Pl, Ste M, #186, Decatur, GA 30030

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on the Website and update the “Last updated” date.

Revision history (no table)

  • Feb 26, 2026 — Version 1.0: Initial bank‑grade Privacy Policy drafted to replace non‑policy placeholder content previously shown on the Legal/Privacy page.

Muniments is a software tool that helps banks organize and draft compliance materials. Outputs are provided for review and workflow support only and do not constitute legal advice or a compliance guarantee. Final decisions, approvals, and regulatory interpretations remain the responsibility of the bank and its counsel.