Privacy Policy

1. Overview

M4NG0 operates two product categories with fundamentally different data architectures:

• M4NG0 Hardware Ecosystem (Hub appliance, Pendant, Buds) — Enterprise infrastructure and personal companion devices.
• M4NG0 OS Hospital Edition — A strictly locally-deployed clinical operating system for hospitals and medical facilities.
• M4NG0 OS Sovereign Core — The operating system adapted for corporate environments and high-end personal server arrays.

This policy applies to both categories and to the m4ng0.com website. Where data handling differs between products, we make that distinction clear.

2. M4NG0 OS — Hospital Edition

M4NG0 OS Hospital Edition is designed with a strict on-premise architecture. We do not collect, store, or have access to any patient health information, clinical databases, or staff interaction logs.

Data We Do Not Access

• Patient records, diagnoses, prescriptions, or clinical notes
• Staff credentials or network metadata
• Audit logs or system activity records
• Any Protected Health Information (PHI)

How Hospital Data Is Protected

• All patient data is stored locally on the hospital's own hardware
• PHI fields are encrypted with AES-256-GCM using hospital-generated keys
• Encryption keys are held exclusively by the hospital — M4NG0 has zero access
• No telemetry, analytics, or usage data is transmitted to M4NG0's servers
• 7 role-based access levels enforce minimum necessary access
• Hash-chained, immutable audit logs track all data access

3. M4NG0 OS — Sovereign Core

The Sovereign Core edition operates with the same foundational zero-trust local architecture, but is designed for corporate IP, private networks, and sovereign personal arrays instead of clinical settings.

Data We Do Not Access

• Corporate intellectual property, source code, or internal documentation
• Personal media, backups, or private files
• Network security logs, routing rules, or organizational structures

Zero-Knowledge Architecture

M4NG0 OS Sovereign Core acts entirely as locally installed software. The Customer retains absolute ownership of all files and IP hosted on their arrays. M4NG0 does not mandate remote sync services, build hidden backdoor administrative channels, or operate telemetry extraction endpoints.

4. M4NG0 Hub

The M4NG0 Hub is our dedicated hardware appliance, specifically engineered to securely host M4NG0 OS in a physically isolated or locally networked environment.

Data Sovereignty

• Hardware independence: The Hub operates fully independently of M4NG0's cloud infrastructure.
• No hardware backdoors: We do not deploy firmware telemetry, hidden analytics trackers, or remote debugging shells on the M4NG0 Hub.
• Physical isolation: The array entirely controls its own network routing, meaning you dictate data ingress and egress.

5. Website, M4NG0 Pendant & M4NG0 Buds

Information We Collect

When you interact with m4ng0.com or our consumer products, we may collect:

• Account information: Name, email address, shipping address when you pre-order or create an account
• Payment information: Processed securely through third-party payment providers (Stripe). We do not store credit card numbers
• Communications: Messages you send to us via contact forms or email
• Usage data: Anonymous page views and interaction patterns on our website to improve the experience

How We Use This Information

• To process and fulfill pre-orders and purchases
• To communicate product updates, shipping notifications, and support responses
• To improve our website and products
• To comply with legal obligations

What We Do Not Do

• We do not sell your personal information to third parties
• We do not share your data with advertisers
• We do not use your data for targeted advertising

6. Cookies & Tracking

Our website uses essential cookies required for basic functionality (session management, security). We may use anonymous analytics to understand how visitors interact with our site. No personal data is shared with third-party advertising networks.

7. Your Data Protection Rights

Regardless of where you are located, you have the following rights regarding your personal data:

• Right of access: Request a copy of personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing of your personal data
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at legal@m4ng0.com.

8. Regulatory Compliance

Nigeria Data Protection Act (NDPA / NDPR)

For our Nigerian customers and users, we comply with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR). M4NG0 OS hospitals can demonstrate compliance through the software's built-in consent management, audit logging, encryption, and access controls. For M4NG0 OS deployments, the hospital acts as the Data Controller and M4NG0 acts as a software vendor providing compliant tools — not a Data Processor, as we do not access or process patient data.

HIPAA (United States)

M4NG0 OS Hospital Edition is designed to enable HIPAA compliance for US healthcare providers. The on-premise architecture with AES-256 encryption, role-based access, MFA, and immutable audit logs provides the technical safeguards required under the HIPAA Security Rule.

GDPR (European Union)

For EU users of our website and consumer products, we process data in accordance with the General Data Protection Regulation. Our on-premise M4NG0 OS architectures ensure that regional data residency is intrinsically maintained by the deploying institution, not by M4NG0.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS 1.3), secure password hashing (bcrypt), and regular security reviews. For M4NG0 OS operations, additional measures are documented in our Security Architecture Whitepaper.

10. Third-Party Services

We use the following third-party services for our website and consumer operations:

• Stripe: Payment processing
• Vercel: Website hosting

M4NG0 OS operates entirely on locally provisioned hardware and does not use third-party cloud services for data processing, patient record management, or enterprise asset handling.

11. Children's Privacy

Our website and consumer products are not directed at children under 13. We do not knowingly collect personal information from children. M4NG0 OS Hospital Edition may be used in pediatric care settings — in such cases, the facility is the Data Controller and is responsible for appropriate consent and data handling in compliance with local regulations.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through our website. The "Last updated" date below reflects the most recent revision.

13. Contact Us

For privacy-related inquiries or to exercise your data protection rights: