Skip to main content
Legal

Privacy Policy

Last updated: April 30, 2026

This Privacy Policy explains what personal data MiyoMind (“MiyoMind,” “we,” “us”) collects when you use the Service, why we process it, with whom we share it, how long we retain it, and the rights you have over it. Read it alongside our Terms of Service.

1. Overview & Roles

MiyoMind is the data controller for personal data we collect when you create an account, send messages, or otherwise use the Service. The infrastructure providers, payment processors, AI model providers, and tooling vendors listed in Section 6 act as our sub-processors.

This policy applies to all surfaces of MiyoMind — the web dashboard at miyomind.com, the WhatsApp/Telegram/Discord chat surfaces, and all related APIs.

2. What We Collect

  • Account information — email address, display name, optional avatar, sign-in provider identifiers (e.g. Clerk user ID, Google OAuth subject claim), preferred timezone, language, plan, and onboarding answers.
  • Conversation data — the messages you send to MiyoMind on any surface, the assistant’s replies, attached files, voice clips you submit, and the per-turn metadata we use for billing and routing (model, token counts, processing time).
  • Distilled memories — the agent maintains an encrypted summary of long-running facts about you (preferences, recurring tasks, project context). Each row is encrypted at rest with AES-256-GCM bound to your user ID. You can list and delete memories from the dashboard at any time.
  • Platform-connection metadata — messaging-platform identifiers needed to route messages: WhatsApp phone number, Telegram numeric user/chat ID, Discord snowflake ID. We do not import your platform contact lists.
  • Integrations & OAuth tokens — if you connect Google or Microsoft, we store the access/refresh tokens and granted scopes encrypted at rest with AES-256-GCM and per-user, per-provider Additional Authenticated Data so a token from one context cannot be replayed against another.
  • Files — documents, images, and audio you upload are stored in our object store (Cloudflare R2). Quotas, mime types, and sizes are enforced server-side.
  • Usage & billing data — credit consumption per request, plan, subscription status, top-up history, and Stripe customer / invoice identifiers. Card numbers are handled exclusively by Stripe; we never see them.
  • Audit logs — security-sensitive admin operations (credit adjustments, plan changes, deletes) are journalled with the actor identity, timestamp, and a redacted reason.
  • Technical data — IP address (used for rate limiting and abuse prevention; not retained alongside conversation content), user-agent, and minimal request metadata.

3. How We Use Your Data

  • To provide the Service — running your messages through the agent loop, executing tools, calling routed AI models, storing reminders, and surfacing past conversations.
  • To bill credits accurately — metering API costs, settling subscription cycles via Stripe, and auditing the credit ledger for integrity.
  • To deliver platform-side features — reminders, daily digests, file delivery, voice transcription, and image generation.
  • To detect, prevent, and respond to abuse, fraud, prompt-injection attacks, and security incidents.
  • To comply with our legal obligations (tax records, regulatory requests, lawful disclosure).
  • To produce anonymous, aggregated metrics (e.g. credit consumption per plan, model latency) used to operate and improve the Service.

We do not sell personal data, and we do not train models on your data. Under our enterprise agreements with the frontier laboratories whose models we route to, they do not train on your data either.

5. Data Storage & Security

Application servers and databases are hosted on Oracle Cloud Infrastructure. Object storage uses Cloudflare R2 with the EU jurisdictional region.

  • Encryption at rest: sensitive fields — OAuth tokens, integration credentials, and distilled memory content — are encrypted using AES-256-GCM with per-user, per-resource Additional Authenticated Data (AAD) bindings.
  • Encryption in transit: all public traffic is TLS 1.3 with HSTS preloaded. Internal traffic between application services runs on internal Docker networks; per-user agent containers run on a fully internal: true network with no public egress.
  • Container isolation: per-user OpenClaw containers drop all Linux capabilities, run as a non-root user with a read-only root filesystem, hold zero external API keys, and are mediated by an internal credit-proxy and tool-proxy.
  • Append-only ledger: credit accounting is journalled to an append-only ledger with row-level locks, so balance state is always reconstructable.
  • Output scrubbing: a 10-layer prompt-injection defence (zero-width / BIDI stripping, NFKC homoglyph mapping, jailbreak filtering, sandboxed tool-output framing, secret/internal-URL redaction, and reminder-field scrubbing) is applied to every assistant turn.

No system is perfectly secure. We invest in defence-in-depth and operate red-team reviews against the live system, but cannot guarantee absolute security.

6. Sub-Processors

We use the following sub-processors to deliver the Service. Each receives only the personal data minimally required for its function and is bound by a written data-processing agreement (or equivalent contractual safeguards).

Sub-processorPurposeRegion
Oracle Cloud InfrastructureApplication + database hostingEU
CloudflareCDN, DDoS protection, R2 object storageEU + global edge
ClerkAuthentication and identityUS (DPF + SCCs)
StripePayment processing & subscriptionsUS (DPF + SCCs)
OpenRouterLLM routing & provider abstractionUS (SCCs)
OpenAILLM inference & Whisper transcription (when selected)US (DPF + SCCs)
AnthropicLLM inference (Claude family)US (SCCs)
Google AI / GeminiLLM inference & nightly memory distillationUS (DPF + SCCs)
GroqWhisper transcription (fallback path)US (SCCs)
ResendTransactional email (verification, receipts, digests)US (DPF + SCCs)
ElevenLabsText-to-speech synthesis (only when invoked)US (SCCs)
ReplicateImage generation (only when invoked)US (SCCs)
SerperWeb search (when the agent runs a search tool call)US (SCCs)
Jina AIServer-side URL fetching for read-url toolDE / SG (SCCs)
TavilyWeb search (alternate provider)US (SCCs)
FirecrawlSite crawling for research toolsUS (SCCs)
ScreenshotOneURL screenshot rendering for research toolsUS (SCCs)
WhatsApp (Meta), Telegram, DiscordMessage delivery on the chat surface you opt intoGlobal

We may add or replace sub-processors as the Service evolves. We will update this list and, where required, give prior notice of material changes. Optional providers (e.g. ElevenLabs, Replicate, search providers) only receive data when you actually invoke the relevant tool.

7. International Data Transfers

Several of our sub-processors are located outside the EU/UK, primarily in the United States. Where we transfer personal data internationally, we rely on one or more of the following safeguards under Chapter V GDPR:

  • The EU-US Data Privacy Framework (and the UK Extension) for transfers to certified US providers including Stripe, Clerk, OpenAI, Google, and Resend.
  • The European Commission’s Standard Contractual Clauses (SCCs) — Module 2 (controller-to-processor) — for all other transfers, supplemented by technical measures (encryption at rest, encryption in transit, minimal data exposure).
  • Where applicable, the UK International Data Transfer Addendum attached to the SCCs for UK-originated transfers.

You may request a copy of the transfer mechanism we rely on for any specific sub-processor by emailing privacy@miyomind.com.

8. Your Rights

Depending on where you live (EU/UK GDPR, California CCPA/CPRA, and similar regimes), you have the following rights over your personal data. We honour them globally where practical.

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your account, conversation history, files, reminders, and memories.
  • Portability — export your conversation history, files, reminders, and memories in a structured, commonly-used machine-readable format.
  • Restriction — ask us to suspend processing while a dispute is resolved.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — revoke any consent you previously gave (e.g. disconnect a Google integration), without affecting prior lawful processing.
  • Non-discrimination — we will not penalise you for exercising any of these rights.
  • Right to lodge a complaint — with your local data protection authority. EU residents may contact their member-state Data Protection Authority; UK residents may contact the Information Commissioner’s Office (ico.org.uk).

CCPA / CPRA — California residents: in the past 12 months we have collected the categories of personal information described in Section 2 (identifiers, internet/network activity, commercial information, audio/electronic information for voice features, inferences for AI personalisation). We have not sold personal information and have not shared it for cross-context behavioural advertising. You may exercise your “Right to Know”, “Right to Delete”, and “Right to Correct” by emailing the address below; we may verify your request by matching identifiers against your account.

Most rights can be exercised directly from your dashboard (Settings → Account & Data). For anything we cannot self-serve, email privacy@miyomind.com.

9. Children

MiyoMind is not directed at children. The Service is available to users 13 years of age or older (16 in the EEA and UK). We do not knowingly collect personal data from children under those ages.

If you believe a child has provided us with personal data without appropriate consent, contact privacy@miyomind.com and we will delete it promptly.

10. Cookies

MiyoMind uses only essential cookies (the authenticated session cookie set by Clerk, a CSRF token, and a non-sensitive theme preference). We do not use advertising, behavioural-targeting, or cross-site tracking cookies, and we do not embed third-party analytics that drop tracking cookies.

11. Data Retention

We retain personal data only as long as needed for the purposes set out in this policy, or as required by law. Default retention periods:

Data categoryRetention
Active conversation history12 months (deletable on demand)
Archived chat sessions (Library)5 years or until you delete them
Distilled memoriesUntil you delete them or your account
Audit logs (admin / security events)90 days
Credit ledger transactions7 years (tax / accounting)
Stripe webhook event records90 days (idempotency window)
Account data (profile, plan, integrations)Until you request deletion
Aggregated, anonymised analyticsUp to 24 months, then rotated

When you delete your account, we erase associated personal data within 30 days, subject to legal-retention obligations (e.g. tax records). Backups are rotated and overwritten on a 30-day schedule.

12. Breach Notification

If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify our supervisory authority within 72 hours of awareness, as required by GDPR Art. 33, and notify affected users without undue delay where the breach is likely to result in a high risk (Art. 34).

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the current version. We will notify you of material changes by email and/or via a banner in your dashboard before they take effect.

14. Contact & Data Protection Officer

Privacy enquiries, data-subject requests, and complaints can be sent to privacy@miyomind.com. We aim to respond within 30 days.

Although MiyoMind is not currently required to formally appoint a Data Protection Officer under GDPR Art. 37, our designated privacy contact handles DPO-equivalent functions (record-keeping, supervisory-authority liaison, sub-processor due diligence). You can reach that contact at the same address.