Privacy

Privacy statement

Early alpha. Mippi is in early alpha. Features will change, bugs will happen, and there are no guarantees. Your data may be wiped or reset during this period. We will make reasonable efforts to give advance notice before any planned data reset, but cannot guarantee notice for unplanned events like infrastructure failures. Use accordingly.

Last updated: March 13, 2026

Who we are

Mippi is based in the Netherlands. For GDPR purposes, the data controller is reachable at steven@mippi.ai.

The short version

Mippi stores memory you choose to save. There is no server-side LLM — your data is not used as training data, not sold, and not shared with advertisers. You can export or delete everything at any time. That is the product, not just the policy.

Why we process your data

We process your account information and memory content to perform our contract with you — delivering the service you signed up for. We process delivery metadata and usage data based on our legitimate interest in operating, securing, and improving the service. We do not rely on consent for core processing. If you use mippi, the contract is the basis.

What we collect

Account information. When you sign up, we store your email address. Authentication is handled through OAuth sessions — mippi does not store passwords directly. If you create an API key, a hashed version is stored. If you subscribe to a paid plan, your payment is handled by Creem — we do not store card numbers or bank details.

Memory content. Records, collections, tags, relations, and blobs you save through the memory tool. This is your data — mippi stores it, organizes it, and gives it back to you. We do not use your content for model training, advertising, or behavioral profiling. We only access content when needed to operate the service, investigate abuse, or comply with law.

Delivery metadata. When you send something (to Kindle, email, RSS), we store enough metadata to complete and retry the delivery: recipient address, format, timestamps, delivery status.

Usage data. Basic operational data: request timestamps, error rates, feature usage counts. We do not store IP addresses in mippi's own databases. Cloudflare, our hosting provider, may temporarily log IP addresses as part of its standard infrastructure operations — see Cloudflare's privacy policy for details. No behavioral profiling. No analytics trackers on the website.

What we do not do

  • Run a server-side LLM on your data
  • Use your content to train models
  • Sell or share your data with third parties for advertising
  • Track you across the web
  • Build behavioral profiles

Where your data lives

Mippi runs on Cloudflare Workers. Your memory is stored in per-user isolated storage (Durable Object SQLite) with backup to Cloudflare R2. Data is encrypted in transit (TLS) and at rest (Cloudflare's storage encryption). Each user's data is architecturally isolated — there is no shared database where one user's query could touch another user's records.

Third-party services

We use the following services to operate mippi:

  • Cloudflare (hosting, storage, edge compute) — your data is stored on Cloudflare infrastructure
  • ZeptoMail (transactional email) — used when mippi sends documents or notifications to email destinations
  • Creem (payments and subscriptions) — handles billing for paid plans

We do not use Google Analytics, Meta Pixel, or any advertising-related third-party service.

If we add sign-in through third-party accounts (like Google or GitHub), those providers will receive your authentication request. We will update this section accordingly.

International data transfers

Cloudflare operates globally. Your data may be processed in regions outside the European Economic Area as part of Cloudflare's infrastructure. Cloudflare's data processing addendum, which includes EU Standard Contractual Clauses, governs these transfers. ZeptoMail and Creem also operate internationally under their own data processing agreements.

Cookies

Mippi uses session cookies for authentication. These are functional cookies required to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party cookie services.

How long we keep it

Account data is kept for as long as your account exists. Memory content is kept until you delete it. Delivery metadata is kept for 90 days after delivery for retry and debugging purposes. Usage data is kept for 30 days. Cloudflare's own edge logs are retained per their standard policy (typically 72 hours).

Data export and deletion

You can export all your data at any time through the memory tool. You can delete individual records, collections, or your entire account. When you delete something, it is removed from active storage. Backup copies in R2 are overwritten within 24 hours. After that, your data is fully removed from our infrastructure.

If Mippi shuts down, we will give you advance notice and a window to export everything. That is the walkaway guarantee.

Age requirement

Mippi is intended for users aged 16 and older. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us and we will delete it.

Your rights under GDPR

If you are in the European Economic Area, you have the right to access, correct, delete, export, and restrict processing of your personal data. Mippi's architecture makes most of these rights self-service — you can search, edit, export, and delete your own data directly. For anything else, email us.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Changes to this statement

We will update this page as mippi evolves. During alpha, changes may happen frequently. We will not send email notifications for every update, but significant changes will be noted in the product changelog.

Contact

Questions, concerns, or requests: steven@mippi.ai