legal
Data policy
This policy is about Customer Content: the source code, environment variables, artifacts, build and runtime logs, and the data of the apps you deploy on Mmoall. It says where that data is stored, who can reach it, how long we keep it, and how it is deleted.
What Customer Content is
Customer Content is everything you bring to the platform, plus what the system produces while running your project:
- The source code you push, or the code in the repos you let us read through the GitHub integration.
- The environment variables and secrets you set for a project.
- Build artifacts — container images and the build output produced from your source code.
- Build logs and the runtime logs of your app.
- Data your app creates or stores on the platform, including the personal data of your own end users.
- Domains, DNS records and certificates attached to a project.
Your own personal data as a Mmoall user — account, payments, access logs — is outside the scope of this page. That is covered by our Privacy policy.
Who is who
You are the data controller. For Customer Content, you decide what data you collect from your end users, what you use it for, and how long you keep it. We do not interfere with those decisions.
Mmoall is the data processor. We process Customer Content only on your instructions and only as far as providing the service requires: building, running, storing, and supporting you when you ask. We do not use Customer Content for our own purposes, do not sell it, and do not use it for advertising.
You are responsible for having a valid legal ground for your end users' personal data: telling them, obtaining consent where the law requires it, and publishing a privacy policy for your own app — under the Personal Data Protection Law 2025 and Decree 356/2025/NĐ-CP.
For your own personal data — account, invoices, access logs — Mmoall is the data controller, and our obligations are set out in the Privacy policy.
Where it is stored
Customer Content is stored in these regions:
We have not published this yet. It will appear here as soon as we do.
The Cybersecurity Law 2018 and Decree 53/2022/NĐ-CP require certain data to be stored in Vietnam for a period set by law, and we are subject to that obligation. We have not yet published where the data actually sits — the table above is empty — so do not assume it is inside Vietnam. We will publish it before the service goes into commercial operation. If your app is subject to data localisation, talk to us before you put that data on the platform.
Who can access it, and when
Least privilege: only staff with a task may access data, only the part their task needs, and only for as long as it takes. The cases where that happens:
- Running the platform: infrastructure work — servers, network, storage — which usually does not require reading the contents of your project.
- Incidents: when the service breaks, the on-call engineer may need to read build or runtime logs to find the cause.
- Support you ask for: when you open a ticket and allow it, we look at the specific data you point us to, to fix the problem you reported.
- A lawful request from a competent state authority — see the Requests from state authorities section.
The above is a commitment about how we work, not a technical control that blocks access. The platform has no audit log recording each time staff reach customer data — that is something we must build before the service goes into commercial operation. Access to the admin console is granted only to accounts holding an admin role.
Outside those cases, we do not read your source code or your application data.
Encryption and access control
The protections Customer Content has today:
- The edge serves connections over TLS 1.2/1.3. The default certificate is self-signed; automatic certificates for custom domains are not available yet, and the system does not force a redirect from HTTP to HTTPS.
- Environment variables and secrets are encrypted at rest with AES-256-GCM at the application layer. The API returns key names only, never values; a value is decrypted only to be injected into the build or runtime process of your own project.
- Staff do not access Customer Content without a specific task that requires it. This is a commitment about how we work, not a technical control that blocks access.
- Do not print secrets into build or runtime logs. Logs are stored as ordinary data, are not currently deleted automatically after any period, and anyone who can view your project can read them.
Isolation between projects: the platform is still being built. There is no hardware-backed per-project isolation (microVM) yet — projects run in containers on shared infrastructure. So do not run untrusted third-party code on Mmoall, and do not process sensitive personal data or other high-risk data on the platform, until we have built and published hardware-backed isolation.
If you think a secret has leaked, change it in the project settings and revoke it wherever it was issued. Treat any secret that has been printed into a log as leaked: logs are not currently deleted automatically.
Retention and deletion
We keep Customer Content for as long as you use the service. The retention period for each kind of data:
We have not published this yet. It will appear here as soon as we do.
Plainly: build logs, runtime logs and the artifacts of older deploys are currently kept indefinitely — nothing deletes them automatically after a set period. We will set and publish a retention period for each kind of data in the table above, before the service goes into commercial operation. In the meantime, if you need a specific piece of data deleted, ask us.
Backups and recovery
Mmoall does not currently run scheduled backups of Customer Content: there is no automatic backup schedule, no snapshots, and no spare copy of your data. If data on the platform is lost or corrupted, we may not be able to restore it.
So you must keep your own copy of anything important: keep your source code in your own repo, and export and store your application data elsewhere yourself. Do not let Mmoall hold the only copy of anything you cannot afford to lose.
We will build backup and restore, and publish the matching policy in this section, before the service goes into commercial operation.
Subprocessors
To provide the service we may use subprocessors — parties that process data on our behalf:
We have not published this yet. It will appear here as soon as we do.
Subprocessors are bound by contract to confidentiality obligations at least equal to this policy, and may process data only on our instructions. We remain answerable to you for what they do. When the list changes we update it here; if a change materially affects you, we tell you before it takes effect.
Data incidents, and telling you about them
When an incident affects Customer Content we tell you without delay, with what we know: what happened, which data is involved, and what we have done.
Because you are the controller of your end users' data, the duty to notify them and the competent state authority is yours. We support you with the information and evidence you need to do it.
Mmoall's own notification duties under the Personal Data Protection Law 2025 and Decree 356/2025/NĐ-CP are carried out in full.
Deleting and exporting your data
You can delete a project at any time. When you do, the project's app stops running and its operational data is removed from the running systems. The project's build logs and artifacts have no automatic deletion yet — see Retention and deletion; if you need them gone for good, ask us.
When you close your account we delete or anonymise Customer Content, except what we must keep to meet a legal obligation — accounting and tax records, for example. What we keep is used only for that obligation.
Export your data before you delete it: your source code still lives in your own repo, and you can download logs and application data from the platform. The mailbox for export help is being set up; in the meantime, use the contact channel in the footer.
Changes to this policy
When we amend this policy we update the version number and effective date at the top of this page. The version you are reading is always the one in force.
Where a change materially affects you — a new subprocessor, or a shorter retention period, for example — we tell you before it takes effect.
note
This document is for reference and does not replace advice from a lawyer licensed to practise in Vietnam. The operator must have counsel review, amend and approve the whole text before the platform goes into commercial operation.