— Trust & Security
How we handle your data + the agent layer that sits over it.
Mallín is the operating layer of the revenue organization — which means it sits between your reps, your AI, and your CRM. We owe you a clear picture of what we collect, where it goes, who touches it, and how we govern the AI that interprets it. Every document below reflects current practice, not aspirational compliance copy.
01 — Privacy Policy
What we collect & how we use it
The data Mallín collects, what we do with it, who we share it with, how long we keep it, and your rights to access / export / delete it.
02 — Terms of Service
The rules of using Mallín
Service description, account responsibilities, acceptable use, IP ownership (you own your deal data, we own the platform), and the boundaries we keep on both sides.
03 — Security & Trust
How we protect what you give us
Architecture, encryption posture, multi-tenant isolation, access controls, incident response, the compliance roadmap. What we have today + what's in progress.
04 — AI Governance
How the agent layer is bounded
What data goes to Anthropic's Claude API and what doesn't. The cognition contract (evidence on every claim). Human approval gates. CRM write-through. The specific guardrails that make Mallín a governed operating layer instead of an AI workspace.
05 — Subprocessors
Every third party that touches your data
Anthropic, Supabase, Clerk, Vercel, Resend — the full list, what each one processes, where, and under what terms. Updated whenever we add or remove a vendor.
06 — Custom Security Packet
For enterprise security reviews
If your team needs a vendor security questionnaire (SIG / CAIQ / custom) filled out, or a DPA signed, email us — we turn these around in under 48 hours during design-partner phase.