Musha
Get Musha

Legal

Privacy policy

Last updated: 27 May 2026. Version: v1.

The short version

Musha does not hold your farm records on any server we control. Cattle, hives, crop fields, transactions — all of it lives in local storage on your device. The only data we collect on our side is the minimum required to run the business: an email address (paid tiers only), an account identifier, your subscription state, and counters that prevent AI-spend runaway. Below is the long version.

Who runs Musha

Musha is operated by Masimba Gangaidzo, trading as Veld Labs, an independent developer based in Harare, Zimbabwe. Masimba is the data controller. Privacy questions and data-subject requests: hello.musha@veldlabs.dev. We are not required to appoint a Data Protection Officer at our current scale; the contact above is your single point of contact for everything in this policy.

What we collect, and why

Musha free tier

Nothing. The free tier runs entirely offline. We do not have an account for it, we do not have a server, we do not see any data you enter into the app.

Musha paid tiers

The data we collect, what it is used for, and the lawful basis we rely on under GDPR Article 6:

  • Email address (paid tiers only) — to identify your account for billing and AI quota. Lawful basis: contract performance.
  • Account identifier (a random Supabase user ID) — used to attach your subscription, usage counters and any comp-grant to a stable identity that survives email changes. Lawful basis: contract performance.
  • Subscription state and Google Play purchase tokens — provided by Google Play, used to verify your tier. Lawful basis: contract performance.
  • AI usage counters — total input/output tokens per request, per day. Used to enforce per-tier caps. We never store the prompt body or the response. Lawful basis: legitimate interest in preventing abuse and runaway costs.
  • Crash and performance diagnostics (only if you opt in) — stack traces, device model, app version. Stored in Sentry as our sub-processor. You can opt in or out at any time in Settings → Privacy → Crash reporting. Lawful basis: consent.

What we explicitly do not collect

  • Your farm entities (animals, fields, hives).
  • Events you log (vaccinations, harvests, weighings).
  • Your financial transactions.
  • Photos attached to records.
  • Your prompts to the AI feature.
  • The AI's responses to you.
  • Your precise location.

Complimentary accounts

A small number of Musha accounts are granted complimentary access by us — typically launch partners or beta reviewers. The data we hold for those accounts is identical to paid accounts (email, account identifier, subscription state, usage counters). There is no special treatment of comp-account data.

Permissions we ask for on your device

Musha requests the following Android permissions. We use each one only for the purpose described — no other reason.

  • Notifications (POST_NOTIFICATIONS) — to deliver reminders you have scheduled (vaccinations, weighings, palpation, kindling).
  • Run at boot (RECEIVE_BOOT_COMPLETED) — so scheduled reminders survive a device reboot. Without this, every restart wipes your queued reminders.
  • Exact alarms (SCHEDULE_EXACT_ALARM and USE_EXACT_ALARM) — so a reminder set for 06:00 fires at 06:00, not "sometime in the next two hours" (Android's default for inexact alarms). Used only for user-scheduled reminders.
  • Wake lock (WAKE_LOCK) — used briefly when a scheduled reminder fires to ensure the notification is delivered even if the device was idle.
  • In-app billing (com.android.vending.BILLING) — required by Google Play's billing client for subscription and one-off purchases.

The AI feature (Musha paid tiers)

AI is opt-in and confined to the paid tiers of Musha. The first time you open the AI tab you acknowledge an in-app disclaimer. Before any prompt fires, the app shows you a preview of the data it is about to send — you can strike entities from the bundle or cancel entirely. See Terms section 5 for the disclaimer about acting on AI output.

When you confirm, your prompt and the context bundle travel from your device to our gateway (Cloudflare Workers), then to the LLM provider you selected in Settings (OpenAI, Google Gemini, or Anthropic Claude). The chosen provider's own data practices apply to that single request. Our gateway logs only token counts — never the prompt body, never the response.

Sub-processors

Sub-processors are third-party services we use to operate Musha. Each handles a narrow slice of data on our behalf. If you use Musha on a paid tier, your account data sits with:

  • Supabase (region of your choice; we currently default to EU) — auth, account email, account identifier, subscription state, usage counters.
  • Cloudflare — edge gateway proxying AI requests. Cloudflare sees request metadata (IP, timestamp) but no prompt bodies.
  • Google Play — purchase validation. Google is the billing party for all in-app purchases and subscriptions.
  • Resend — transactional email (waitlist confirmations, account-related notifications). Resend processes email addresses and message bodies for the sole purpose of delivery.
  • Sentry — crash diagnostics, opt-in only.
  • OpenAI / Google / Anthropic — only the LLM provider you select in Settings receives prompts when you confirm an AI request.

Where your data is stored, and international transfers

Our default Supabase region is the EU; the Cloudflare gateway runs on Cloudflare's global edge network. For users outside the EU/UK, data may be processed in regions including the US.

Where personal data is transferred outside the EEA or UK, the transfer relies on the EU-US Data Privacy Framework (where the recipient is certified) and/or Standard Contractual Clauses with the relevant sub-processor. Our sub-processors (Supabase, Cloudflare, Sentry, Resend, Google) are all certified under the DPF or contractually bound via SCCs.

How long we keep your data

Retention periods per data category:

  • Email + account identifier + subscription state — while your account is active, plus 30 days after deletion to handle chargeback / dispute windows.
  • AI usage counters — rolling 90 days, then aggregated (no per-user link) for cost reporting.
  • Crash diagnostics — 90 days in Sentry, then auto-purged.
  • Google Play purchase tokens and billing records — retained for 5 years for tax and accounting compliance.

Backups

Musha backups are user-driven. You export an encrypted file via the system share sheet (using strong, modern encryption based on a passphrase you set) to a destination you choose — Drive, email, local file, anywhere. We do not receive a copy. You are responsible for the destination you choose; we cannot delete a backup from a service we do not operate.

Your rights

You can, at any time:

  • Access — see exactly what we hold by emailing the address below.
  • Delete — Settings → Account → Delete account purges your email, account identifier, subscription state, usage counters, and any flagged-usage records from our systems. The technical deletion completes within 7 days; billing records (above) are retained for the 5-year tax window. Your local farm data on the device is not touched.
  • Delete (if you cannot open the app) — email hello.musha@veldlabs.dev from the address you registered with and we will action the deletion within 30 days.
  • Export — your local farm data can be exported any time via the in-app encrypted backup. Server-held data (email, subscription state, usage counters) can be exported on request.
  • Object / restrict / portability — if you are in the EU/UK, you have the standard GDPR rights. Contact us and we will comply within 30 days.
  • Lodge a complaint— EU/UK users may also lodge a complaint with their local data protection authority. We'd appreciate the chance to address concerns first by emailing us directly.

Children

You must be at least 16 to use Musha, or 13 in jurisdictions where parental consent is not required below 16. We do not knowingly collect data from anyone under those ages. If you believe we have, contact us and we will delete it.

Changes to this policy

We will post material changes to this page and update the Last updated date. If the changes affect how we use data you have already given us, we will email you (paid tiers).

Contact

Questions? Email hello.musha@veldlabs.dev.

See also our Terms of service.