Last updated: February 16, 2026
Account information: Your name and email address from Google OAuth sign-in. We do not store passwords.
Content you provide: Customer feedback, interview transcripts, documents, images, and any other data you upload or paste into Mimir. This also includes chat messages you send within the Service.
Integration data: When you connect third-party services (GitHub, Slack, Intercom, Linear, Notion, and others), we access and process data from those services at your direction. OAuth tokens for integrations are encrypted at rest.
Usage data: We collect anonymous analytics (via PostHog) to understand how the Service is used, including page views, feature usage, and performance metrics. We track API usage (token counts) per feature for cost management.
Automatically collected: IP address, browser type, and device information through standard web server logs.
To provide the Service: Your uploaded content is processed by our AI pipeline (powered by Anthropic's Claude API) to generate insights, themes, recommendations, impact projections, and development specifications.
To improve the Service: Anonymous, aggregated usage analytics help us understand which features are valuable and where the experience needs improvement. We never use your uploaded content for this purpose.
To communicate with you: We may send transactional emails related to your account (e.g., desktop handoff links). We do not send marketing emails.
Your data is sent to Anthropic's Claude API for analysis. Anthropic does not train models on data submitted through their API. Your content is processed in real time and is not retained by Anthropic beyond what is needed to generate a response.
AI-generated output (themes, recommendations, projections) is stored in our database, encrypted at rest with AES-256-GCM, and associated with your account.
All user content is encrypted at rest with AES-256-GCM field-level encryption. This includes project names, sources, themes, recommendations, chat messages, and integration tokens.
Our database is hosted on Neon PostgreSQL with parameterized queries. Infrastructure is hosted on Vercel (SOC 2 certified). Integration tokens are managed through Nango (SOC 2 Type II certified).
All traffic is encrypted in transit via HTTPS with HSTS. We implement Content Security Policy headers, rate limiting, and strict data isolation between user accounts.
For full security details, see our Security page.
We do not sell your data. We do not share your data with third parties for advertising or marketing purposes.
We share data only with: (a) Anthropic, to process your content through their Claude API for AI analysis; (b) infrastructure providers (Vercel, Neon, Upstash, Nango) as necessary to operate the Service; (c) PostHog for anonymous usage analytics; (d) Resend for transactional emails.
We may disclose data if required by law or to protect our rights, safety, or property.
Your data is retained for as long as your account is active. You can delete individual sources, projects, knowledge entries, and chat messages at any time.
If you delete your account, we will delete your data within 30 days. Backups may retain encrypted copies for up to 90 days before automatic purging.
Access: You can view all data associated with your account through the Service.
Deletion: You can delete your data through the Service at any time, or request full account deletion by contacting us.
Portability: You can export your recommendations and specifications from the Service.
If you are located in the EU, UK, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Contact us to exercise these rights.
We use essential cookies for authentication and session management. We use PostHog for anonymous product analytics. We do not use advertising cookies or tracking pixels.
Mimir is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us and we will delete it.
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised effective date. Material changes will be communicated through the Service.
If you have questions about this Privacy Policy or how we handle your data, contact us at contact@mimir.build.