Privacy Policy
Last Updated: March 26, 2025
Welcome to Mia! Mia is a personal relationship manager app designed to help you manage your professional network. This Privacy Policy explains how Purple Brains (the company behind Mia, registered in Beirut, Lebanon) collects, uses, shares, and protects your personal information when you use the Mia mobile or web application (the "App"). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
By using Mia, you agree to the collection and use of your information as described in this Privacy Policy. We encourage you to read this policy carefully. If you have any questions, please contact us using the information in the Contact Us section below.
Information We Collect
We collect various types of information to provide and improve our services. This includes:
- Account Information: When you sign up for Mia, we collect your name, email address, and a password. If you register using your Google account, we receive your name, email, and profile picture from your Google profile.
- Profile and Business Information: You may choose to add additional details to your profile, such as your phone number, job title, company name, and other business information. This helps personalize your experience but is optional.
- Contacts and Connections: Mia allows you to import or add contacts. If you grant the App access to your phone's address book, we will collect contact information (names, phone numbers, email addresses, etc.) for the contacts you select. You can also manually input contact details and write custom bios or notes about people you meet (e.g., where you met, topics discussed).
- Business Card Data: If you use Mia's business card scanning feature, we collect the image of the business card (through your device's camera) and the contact details extracted from that card (such as name, organization, title, phone, email). This allows us to save the details into your contacts.
- Location Data: With your permission, we collect location information. For example, you might tag a meeting location or allow Mia to note where you met someone. You can control location access through your device settings.
- Usage Information: We automatically collect certain technical information when you use Mia. This includes your device type, operating system, IP address, device identifiers, and app version. We also collect data about how you use the App, such as the features you use and timestamps of interactions (e.g., creating a contact or setting a reminder).
- Communication Data: If you contact us for support or provide feedback, we will collect the information you share (such as your contact details and the content of your messages).
How We Use Your Information
We use your personal information to operate, understand, and improve Mia. Specifically, we may use your information to:
- Provide the Service: We use the collected data to create and manage your account, store and organize your contacts and notes, set up your follow-up reminders, and enable you to share digital business cards. (Legal basis: to fulfill our contract with you.)
- Facilitate Features: Your information powers Mia's features. For example, we use contact details and card images you provide to create contact entries and digital business cards. If you opt to use the AI assistant feature, your input (like a draft bio or meeting notes) is sent to our AI service to generate suggestions. (Legal basis: contract performance and your consent for optional features.)
- Communication: We may send you service-related communications. This includes confirmations, reminders (for follow-ups you set), updates about new features or changes to the App, and important security or support messages. (Legal basis: contract performance for essential communications, and our legitimate interest or your consent for optional updates.)
- Improve and Develop Mia: We analyze usage information and feedback to fix bugs, enhance functionality, and inform future development. This helps us make the App smarter and more useful (for example, improving the AI assistant or user interface). (Legal basis: our legitimate interests in improving our services.)
- Personalize Your Experience: We might use the information to personalize the App for you, such as reminding you of context for a contact (e.g., "You met Jane at the London conference") or suggesting helpful prompts. (Legal basis: legitimate interests in providing a tailored experience.)
- Safety and Security: Information (like device data and usage patterns) is used to protect against fraud, abuse, or misuse of Mia. We may monitor suspicious activity or enforce our Terms and Conditions to keep the App safe. (Legal basis: legitimate interests in maintaining security, and legal obligations where applicable.)
- Legal Compliance: If we are required by law to process your data (for example, to comply with a court order or tax regulations), we will do so. We also use and retain personal information as necessary to meet our legal obligations and to resolve disputes. (Legal basis: compliance with legal obligations.)
Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA) or the UK, we rely on the following legal grounds under GDPR for processing your information:
- Performance of a Contract: Most data we collect is used to provide you with the Mia services you requested. For example, using your contact information and input to manage your network is necessary to fulfill our contract with you (i.e., the Terms and Conditions of the App).
- Legitimate Interests: We process certain data to pursue our legitimate business interests, provided these are not overridden by your rights. For instance, improving and securing our App, or sending you reminders to use Mia's features, are activities we undertake in our legitimate interest to enhance our service. When we rely on this basis, we consider and balance any potential impact on your rights.
- Consent: We will ask for your consent in situations where we are required to do so. For example, we seek your consent to access your phone's contacts or location. You have the right to withdraw your consent at any time through the App settings or your device permissions. Withdrawing consent will not affect the lawfulness of processing already carried out.
- Legal Obligation: In some cases, we have a legal obligation to collect or retain personal data (for example, record-keeping for financial transactions or responding to lawful requests by authorities).
How We Share Your Information
We do not sell your personal information. We only share your information in a few specific situations:
- Service Providers (Processors): We use trusted third-party companies to help run Mia's features and operations. These providers process data on our behalf and under our instructions, and they are obligated to protect your information. Key service providers we use include:
- Microsoft Azure Cognitive Services: We use Microsoft's Azure platform to perform optical character recognition (OCR) on business cards you scan. The card image and data are sent securely to Azure's servers to extract text (contact details). Microsoft Azure will only use this information to provide us with the text extraction service.
- OpenAI API: Mia's AI assistant features (like helping you draft a bio or summarize a meeting) are powered by OpenAI. This means that when you use these features, the relevant text you provide (for example, notes or keywords about a person or meeting) is sent to OpenAI's servers to generate a suggestion or summary. OpenAI processes this content only to provide the requested AI functionality. We do not allow OpenAI to use your data for their own purposes beyond providing us the service.
- Authentication Providers: If you sign up or log in with Google, we share information with Google to authenticate you (specifically, we receive your basic profile info as noted above). This process is handled securely via Google's OAuth service. We may also use cloud hosting and storage services (such as Microsoft Azure) to store your data securely.
- Your Directed Sharing: Mia enables you to share information with others at your discretion. For example, if you choose to send someone your digital business card via email or WhatsApp, we will use the contact information you provide to facilitate that sharing. This may involve sending data to those external communication services (like transmitting an email through an email server or opening a chat in WhatsApp). We only do this at your request and direction.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process (e.g., a subpoena or court order). We may also share information when we believe, in good faith, that disclosure is necessary to comply with law, protect our rights or property, protect your safety or the safety of others, or investigate fraud or security issues.
- Business Transfers: If Purple Brains is involved in a merger, acquisition, investment, or sale of all or a portion of its assets, your information may be transferred to the new owner as part of that deal. We will ensure the new owner continues to honor the privacy commitments made in this policy, and we will notify you (for example, via email or a notice in the App) of any such change in ownership or control of your personal information.
We might also share aggregated or de-identified information (which cannot be used to identify you) for purposes such as marketing, research, or analytics. In such cases, no personal data is disclosed.
Data Retention
We keep your personal information only as long as necessary for the purposes described in this policy or as required by law:
- Active Account: As long as you have an active Mia account, we will retain the information you have provided so we can provide the service to you (for example, keep your contacts and notes available).
- Account Deletion: If you choose to delete your account or request that we delete your personal data, we will remove or anonymize your personal information from our active databases. Some information may be kept for a short period in backups or logs before it is automatically deleted. We may also retain certain information if necessary for legal obligations or legitimate business purposes – for example, maintaining records of transactions or communications (if any) or to comply with accounting, taxation, or legal requirements.
- Inactive Accounts: If your account is inactive for an extended period, we may contact you or take steps to delete or anonymize the data in accordance with our data retention policies. We will provide notice before deleting an inactive account's information whenever feasible.
Your Rights and Choices
We want you to be in control of your personal data. Subject to applicable law (such as GDPR for EEA residents), you have certain rights regarding your information:
- Access Your Information: You have the right to request a copy of the personal data we hold about you. We can provide you with a summary of your information in a common format.
- Correct Your Information: If any of your information is inaccurate or incomplete, you have the right to ask us to correct it. You can also update many details (like your profile info or contacts) directly in the App.
- Delete Your Information: You may request deletion of your personal data. For example, you can delete individual contacts or notes, or you can delete your Mia account entirely using the account settings. Keep in mind that deleting your account will remove all your saved contacts, notes, and other data from our live systems (subject to limited retention in backups as noted above).
- Object to Processing: You have the right to object to certain processing of your data, especially if we process it based on legitimate interests. If you object, we will review whether we have any overriding legitimate grounds to continue the processing.
- Restrict Processing: You can ask us to restrict or pause the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or have objected to our processing. While your request is being evaluated, we will limit processing of the affected data.
- Data Portability: You have the right to obtain your personal data in a structured, commonly used, machine-readable format, and to have that information transferred to another service provider (when technically feasible). In practice, this means you can request an export of the contacts and notes you've stored in Mia.
- Withdraw Consent: If we rely on your consent for any part of processing (for example, for accessing your phone contacts or using your location), you can withdraw that consent at any time. You can do this by changing the settings in the App or on your device (such as turning off location services or contact access), or by contacting us. Note that if you withdraw consent for certain features, those features may not work.
- Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For example, if you are in the EU, this would be the data protection authority in your country of residence. We encourage you to contact us first, so we can address your concerns.
To exercise any of your rights, please contact us at the email address provided in the Contact Us section. We will respond to your request as soon as possible and in accordance with applicable law. We may need to verify your identity before fulfilling certain requests, to ensure we do not share your data with an unauthorized person.
Data Security
We take the security of your information seriously. We implement a variety of technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. For example, data transmitted between your device and our servers is encrypted (using HTTPS), and we store data on secure servers (often using encryption at rest and other security best practices). We also limit access to your personal data to those employees and contractors who need it to operate or improve the App, and they are subject to strict confidentiality obligations.
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.
International Data Transfers
Mia is a global service. By using the App, you understand that your personal data may be transferred to and stored on servers located in countries other than your own. In particular, our company (Purple Brains) is based in Lebanon, and some of our service providers (like Microsoft Azure and OpenAI) operate in various countries (including the United States and EU countries). This means your data might be processed outside of your home jurisdiction.
Different countries may have different data protection laws. When we transfer personal data out of the European Economic Area (EEA) or other regions with data transfer restrictions, we take steps to ensure your data remains protected. These steps may include using European Commission-approved Standard Contractual Clauses, relying on an adequacy decision (if the destination country is recognized as having adequate protection), or other appropriate legal mechanisms.
We ensure that recipients of the data (such as our service providers) are contractually obligated to protect your information to the same standard required by your home country (for example, GDPR in Europe). If you have questions about international data transfers or want more information about the safeguards we have in place, please contact us.
Children's Privacy
Mia is not intended for use by children. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, please do not use the App or provide any personal data to us.
If we learn that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe a child under 18 has provided us with personal information, please contact us so we can investigate and remove the data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make updates, we will change the "Last Updated" date at the top of this policy. If the changes are significant, we will provide a more prominent notice (for example, by emailing you or showing an in-app notification).
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Mia after any changes to this Privacy Policy means you accept those changes.
Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please don't hesitate to contact us. We are here to help.
Purple Brains (Mia Support Team)
Beirut Digital District, BDD 1280, Ground Floor, Beirut, Lebanon
Email: support@miaprm.app
We will do our best to respond promptly and address your concerns. Your privacy matters to us, and we welcome your feedback.