mwmbl

Mwmbl Logo

Mwmbl - Data Privacy Policy

Effective Date: 3rd June 2026

Mwmbl is committed to ensuring the highest standards of data protection and cybersecurity in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the UK General Data Protection Regulation (UK GDPR), and the Swiss Act on Federal Data Protection (nFADP). This Data Privacy Policy explains how we collect, process, store, and protect your personal data when you use our services at https://mwmbl.org.

Data Controller

Mwmbl, a project in the process of forming the Mwmbl Non-Profit Organization in the European Union (EU) or the United Kingdom (UK), is the data controller responsible for processing your personal data as described in this policy.

Information We Collect

Mwmbl is designed to minimize personal data collection and enhance privacy. However, we may process the following categories of data:

  • Personal Data:

    1. If you choose to contact us (e.g., through forms or emails), we may collect your name, email address, and any other details you provide.
    2. If you create an account, we will collect your name, email address, and username to facilitate authentication and account management.

  • Technical and Usage Data: This includes browser type, device identifiers, and site interaction data for the purposes of performance optimization and maintaining the security of our services. IP addresses are not stored on disk, and we do not keep a record of your searches that is linked to you or your account. To return results we transmit your query to third-party sources, and information derived from searches (such as newly discovered pages and the keywords they match) may be added to our public search index – see Search Queries and Third-Party Processing below.

Cookies and Tracking Technologies: Mwmbl uses only essential cookies that are strictly necessary to facilitate authentication and login functionality for user accounts. We do not use tracking cookies or third-party cookies for advertising, analytics, or any other purpose.

Our use of cookies complies with applicable EU, UK, and Swiss data protection laws, including the General Data Protection Regulation (GDPR). By using Mwmbl, you acknowledge and consent to the use of these essential cookies for authentication purposes.

Lawful Basis for Processing

Mwmbl processes personal data based on the following legal grounds under GDPR:

  • Consent (Article 6(1)(a)): When you explicitly consent to data processing (e.g., accepting cookies).
  • Legitimate Interests (Article 6(1)(f)): When processing is necessary for improving services, ensuring security, and detecting fraud, provided it does not override your rights.
  • Legal Obligations (Article 6(1)(c)): When required to comply with EU, UK or Swiss regulations.

Search Queries and Third-Party Processing

To return relevant results, Mwmbl transmits your search query to one or more third-party sources at the time you perform a search. Standard searches may send your query to external content sources (for example, to retrieve reference content). The optional Super Search feature, available to logged-in users, broadens this by sending your query to additional third-party search and web-content providers and by performing live crawling of third-party websites, in order to produce more comprehensive results.

These queries are processed in real time to generate your search results. Mwmbl does not keep a log of your queries that is linked to you or your account. However, in order to improve results for everyone, the results returned by these queries (such as newly discovered web pages) may be added to Mwmbl's public search index and stored against the keywords from the query that they match. This index is openly available and forms part of Mwmbl's search data; it is not associated with your identity. Requests to third-party providers are made by Mwmbl's own servers: we forward only the text of your search query, and never your name, email address, username, account identifiers, or any other information that identifies you. Although Super Search requires you to be logged in, your identity is used only by Mwmbl – for example, to apply your monthly usage limit – and is not disclosed to the third-party providers. Your query is processed by these providers under their own privacy policies, over which Mwmbl has no control, and because some of them operate globally it may be processed outside the European Economic Area (EEA) or the United Kingdom.

Data Sharing and Transfers

Mwmbl follows a strict policy of not selling or commercially exploiting user data. We may share data under the following circumstances:

  • Service Providers: We may engage third-party hosting and security providers under strict data processing agreements (DPAs) ensuring GDPR compliance.
  • Legal Authorities: We may disclose data where required by EU, UK and Swiss law.
  • Cross-Border Transfers: With the exception of search queries processed by third-party providers as described in Search Queries and Third-Party Processing above, no personal data is transferred outside the European Economic Area (EEA) or the United Kingdom. Search queries (forwarded without any information identifying you) may be processed by third-party search and web-content providers located outside these jurisdictions. All other data processing is conducted exclusively within the EEA and the UK, in accordance with applicable data protection legislation.

List of Subprocessors

Mwmbl engages a limited number of third-party service providers to support its infrastructure and maintain essential functionality. The following is the list of current subprocessors and their respective purposes. This list may be updated periodically to reflect any changes in Mwmbl's service ecosystem:

  • Hosting Provider: Octopuce (www.octopuce.fr) – Provides infrastructure hosting services.
  • Email Service Provider: SendGrid – Facilitates the secure delivery of transactional and user communications.
  • Monitoring and Error Tracking: Sentry – Used for application monitoring and error reporting to ensure service reliability and performance.
  • Backup Storage: Backblaze – Provides secure off-site storage for data backups.

At present, no content delivery networks (CDNs) or analytics providers are in use. Other than search queries sent to third-party search and web-content providers as described in Search Queries and Third-Party Processing above, Mwmbl does not transfer personal data outside the EEA or UK. No formal data processing agreements are currently in place with these subprocessors, although service use is limited and subject to future review and compliance actions.

User Rights Under GDPR

Users have the following rights concerning their personal data:

  • Right to Access (Article 15 GDPR): You may request details of the data we hold about you.
  • Right to Rectification (Article 16 GDPR): You may request corrections to inaccurate personal data.
  • Right to Erasure ('Right to be Forgotten') (Article 17 GDPR): You can request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction of Processing (Article 18 GDPR): You may request temporary restriction on processing.
  • Right to Data Portability (Article 20 GDPR): You may request a structured copy of your data.
  • Right to Object (Article 21 GDPR): You can object to data processing under certain conditions.
  • Right to Withdraw Consent (Article 7(3) GDPR): If processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@mwmbl.org.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. We employ anonymization and pseudonymization techniques where possible to minimize retention risks.

Data Security and Cybersecurity Measures

Mwmbl implements rigorous security measures in compliance with EU cybersecurity regulations, including the NIS2 Directive and GDPR security obligations:

  • Encryption and Access Controls: Data is encrypted both in transit and at rest.
  • Data Minimization: We collect only the necessary data.
  • Security Audits: Regular assessments ensure compliance with industry standards.
  • Incident Response: In case of a data breach, we will notify users and authorities as required under GDPR (Article 33-34).

Changes to this Policy

We reserve the right to update this policy in compliance with evolving regulations. Significant changes will be communicated via our website.

Contact Information

For privacy-related inquiries, please contact our Privacy Compliance Manager at info@mwmbl.org.