Privacy Policy

• We only request Google scopes needed for the integrations you enable.
• OAuth refresh tokens are encrypted at rest.
• Email content is processed to evaluate your rules; we do not sell it, use it for advertising, or train general-purpose AI models with it.
• You can disconnect integrations or delete your account at any time.

We collect a minimum set of information to operate Mia:

• Account data — your name, email address, and hashed password (if you sign up with email).
• Google profile & tokens — when you connect Google, we receive your basic profile and OAuth tokens scoped to the products you enabled.
• Rules & labels — the automation configuration you create in Mia.
• Email metadata & content — evaluated in real time when a rule runs. We store only what is necessary to report what Mia did (e.g. run logs including message IDs and action results).
• Usage & diagnostics — basic logs (timestamps, error traces, request paths) used to operate and improve the Service.

We use the information we collect to:

• Evaluate your rules and perform the actions you configured;
• Authenticate you and secure your account;
• Provide AI-assisted features (rule generation, classification, replies);
• Diagnose errors, prevent abuse, and improve reliability;
• Communicate service updates and support responses.

Mia’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide user-facing features of Mia.
• We do not sell Google user data.
• We do not use Google user data for ads.
• We do not use Google user data to develop, improve, or train generalized AI models. AI features use your data only to produce the specific output you asked for.
• Humans do not read your emails except (a) with your explicit consent, (b) for security or to comply with law, or (c) in aggregated/anonymized form for internal operations.

When you use rule generation, AI classification, or AI replies, Mia sends the relevant prompt and minimum email context to Google’s Gemini API to produce the requested output. Prompts and responses are not used by Mia to train any models, and are governed by Google’s own API terms for processors.

We do not sell your personal information. We share data only with:

• Service providers who help us operate Mia (hosting, databases, error monitoring) under confidentiality obligations;
• Google APIs to execute the actions in your rules;
• Authorities when legally required to comply with a valid legal process or to protect rights and safety.

We use industry-standard measures to protect your data: TLS in transit, encryption at rest for sensitive fields (including OAuth refresh tokens via Fernet), bcrypt-hashed passwords, least-privilege scopes, and audit logging. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you consistent with applicable law.

We keep account and rule data for as long as your account is active. Run logs are retained for a limited window for debugging and auditability. When you delete your account, we delete or anonymize your data within a reasonable period, except where retention is required by law.

• Access & export — request a copy of your account data.
• Correction & deletion — update your profile or delete your account from Settings.
• Integration control — disconnect any Google product from the Integrations page; you can also revoke access from Google account permissions.
• Regional rights — depending on where you live, you may have rights under GDPR, UK GDPR, CCPA, or other laws. Contact us to exercise them.

Mia may process your data in countries other than your own. Where required, we use appropriate safeguards, such as Standard Contractual Clauses, to protect international transfers.

Mia is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has given us data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. If changes are material we will notify you before they take effect. Continued use of Mia after the effective date indicates your acceptance of the updated policy.

Privacy questions? Email privacy@mia.app. See also our Terms of Service.