Mushin (無心) Privacy Policy

Last updated: 2026-07-02

In short...

Mushin stores the account and activity data needed to run your record: your username, your activities, entries, notes, and account settings. You can export that data, replace it by importing a Mushin export file, or delete it. Deleting your account removes the data owned by that account.

This policy explains what AQNAS collects for the Mushin service, how it is used, when it is deleted, and what controls you have over it.

1. What we collect

We collect the information needed to create and operate your Mushin record.

a. Account identity and login data

  • We collect your username and your password hash.
  • Passwords are not stored in plain text. Mushin stores only an Argon2id password hash.

b. Account metadata

  • Your visibility setting
  • Account timestamps such as created-at and deletion status

c. Data you create in Mushin

  • Activities
  • Entries, including occurred-at timestamps, notes, and numeric values
  • Comments you write on entries
  • Connection and block records used for fellows and profile access

d. Technical and operational data

  • Standard connection metadata such as IP address, request time, and browser or device information may appear in server and proxy logs.
  • Mushin uses a signed session cookie to keep you logged in.

2. How we use it

  • To create your account and keep you signed in
  • To store your activities, entries, notes, and stats
  • To apply your visibility and block settings
  • To let you export, import, or delete your data
  • To operate, secure, and troubleshoot the service

Mushin does not use your entries or notes for advertising, profiling, or third-party analytics.

3. Who can see your data

Mushin is a multi-user service, so some data can be visible to other people depending on your settings.

a. Public accounts

  • If your account is public, anyone can see your activities, entries, and notes.
  • Your username is visible to everyone and is used in your profile URL.

b. Private accounts

  • If your account is private, only accepted fellow connections can see your full record.

c. Fellows

  • Fellows are mutual connections who have both consented to see each other's full records, including notes.

4. Sharing and service providers

Mushin does not sell your data. We share data only when needed to run the service, comply with the law, or when you intentionally expose data through Mushin's own sharing and visibility features.

Provider Purpose Data involved
Cloudflare Traffic routing, DNS, TLS, and edge proxying Connection metadata such as IP address
Server and database host Application hosting and storage The account and activity data stored by Mushin

Mushin does not send your notes, entries, or export files to outside AI services or third-party analytics tools.

5. Retention and deletion

a. Accounts

  • Your account data is kept until you delete the account.
  • Deleting an account deletes the user row and the data that account owns through database cascade deletion, including activities, entries, notes, comments, and relationship records tied to that account.

b. Logs

  • Operational logs are kept only as long as needed for security, abuse prevention, and troubleshooting, then rotated or removed.

6. Your controls

  • You can change your visibility setting in your account page.
  • You can export your current Mushin data as a JSON file from the account page.
  • You can import a Mushin export file to replace the data currently stored under your account.
  • You can delete your account from within Mushin.
  • Logging out clears the session cookie but does not delete your stored account data.

7. Contact and updates

If this policy changes, the updated version will be published at this page. Material changes will be reflected in the policy text before they take effect in the service.