Privacy Policy

Account information

Email address and auth credentials when you sign up via Supabase Auth.

Conversation content

Your chat messages and AI responses, stored locally first (IndexedDB) and optionally synced to your private account in Supabase.

Companion data

Companions you create or customise, including their names, descriptions, and settings.

Generated images

Images created via /imagine are stored in Supabase Storage under your user ID. File attachments you send in chat are NOT stored — they are sent directly to the AI and discarded.

Usage data

Token counts and approximate cost per message for billing and rate-limit purposes. Not linked to specific conversation content.

Memory & essence data

Summaries of your conversation patterns (not raw transcripts) used to personalise companion responses across sessions.

File contents

Files you attach in chat (images, PDFs) are never saved on our servers.

Financial data

Payment details are handled entirely by LemonSqueezy — we never see your card number.

Location data

We do not collect or store your location.

Biometric data

We collect no biometric information of any kind.

Providing the service

Conversation sync, companion personalisation, image generation and storage.

Billing & usage

Tracking message counts and AI costs per user to enforce free tier limits and bill Pro subscribers.

Safety

Automated detection of crisis-related content to display emergency resources. We do not manually read your conversations.

Service improvement

Aggregate, anonymised usage metrics (e.g. which features are used most). Individual conversations are never used for AI model training.

Conversations

Stored until you delete them or delete your account.

Generated images

Stored in your gallery until you delete them or delete your account.

Usage records

Retained for 13 months for billing reconciliation, then deleted.

Memory/essence summaries

Retained until you reset your memory or delete your account.

Account deletion

When you delete your account, all data (conversations, images, memory, companions) is permanently deleted within 30 days. Auth credentials are deleted immediately.

AI providers

Your messages are sent to OpenAI (GPT models) or Anthropic (Claude models) for processing. These providers have their own privacy policies and do not use API data for training by default.

Infrastructure

Data is stored on Supabase (US region) and served via Vercel. Both are GDPR-compliant.

Billing

Subscription management is handled by LemonSqueezy. Your user ID and email are shared for subscription linking.

No sale of data

We do not sell your data to third parties. Ever.

Access

You can see all your data within the app (conversations, companions, usage stats in Settings).

Deletion

Delete your account at any time from Settings → Profile → Danger Zone. This removes all your data permanently.

Export

Data export is coming soon. You can copy conversation content manually in the meantime.

GDPR/CCPA

If you are in the EU or California, you have additional rights including data portability and the right to object to processing. Contact privacy@mitami.ai to exercise these rights.

Age requirement

Mitami requires users to be at least 13 years old. Users 13–17 must have parental consent.

No knowingly collected children's data

We do not knowingly collect personal information from children under 13. If we discover such data has been collected, we will delete it immediately.

Contact

If you believe a child under 13 has created an account, contact privacy@mitami.ai.

Encryption

All data is encrypted in transit (TLS) and at rest (AES-256 via Supabase).

Authentication

Auth is handled by Supabase Auth with JWT tokens. Passwords are never stored in plain text.

Row-Level Security

Database access is gated by Supabase RLS policies — users can only access their own data.

Privacy questions

privacy@mitami.ai

Data deletion requests

Use Settings → Profile → Danger Zone, or email privacy@mitami.ai

GDPR/CCPA requests

privacy@mitami.ai — we respond within 30 days