Meta Pixel
Mikla.ai
Home/Legal/Privacy Policy
Legal

Privacy Policy.

Last updated
Mar 12, 2026
TL;DR
  • We only collect what we need to run Mikla.
  • We never sell your data or your guests' data.
  • Customer conversations stay on isolated, encrypted infrastructure and are never used to train shared AI models.
  • You can export or delete data at any time.

1. Scope

This Privacy Policy explains how Mikla, Inc. ("Mikla", "we", "us") handles personal information across three groups of people:

When a customer uses Mikla to handle inbound inquiries, the customer is the data controller for those conversations. Mikla acts as a data processor on their behalf, bound by our Data Processing Addendum.

  • Website visitors. Anyone browsing mikla.ai, reading our blog, or filling out a contact form.
  • Customers. Hospitality businesses who sign up for, evaluate, or use the Mikla platform.
  • End users. Couples, planners, corporate buyers, and guests who contact a Mikla customer and, in doing so, interact with Mikla on that customer's behalf.

2. What we collect

We collect only what's necessary to operate, secure, and improve Mikla.

We do not knowingly collect government-issued IDs, biometric data, or health/financial information unless a customer explicitly configures Mikla to capture it for their own compliance purposes (e.g. collecting dietary or allergen info for catering).

  • Account data. Name, work email, phone, company, role. Collected at signup or demo request.
  • Configuration data. Your brand voice samples, pricing sheets, floor plans, FAQs, vendor partners, calendar and inbox credentials (via OAuth).
  • Conversation data. Inbound inquiries Mikla replies to (email, SMS, phone transcripts, DMs, form submissions) and the replies Mikla sends.
  • Usage data. Pages visited, buttons clicked, features used, errors encountered. Used to improve the product and triage bugs.
  • Device and network. IP address, browser, operating system. Collected via standard web request logs.
  • Billing. Company name, billing address, last 4 digits of card. Full card data is held by Stripe; Mikla never stores it.

3. How we use it

We use personal information for the following purposes:

  • Provide the service (contract). Run the AI, route replies, sync calendars, invoice customers.
  • Improve the service (legitimate interest). Debug errors, monitor performance, measure feature adoption.
  • Communicate (legitimate interest / consent). Send product updates, respond to support, deliver marketing opt-ins.
  • Security and fraud prevention (legitimate interest). Detect account takeover, rate-limit abuse, investigate incidents.
  • Legal compliance (legal obligation). Respond to court orders, tax filings, regulator requests.

4. AI and model training

This is the question we get most, so we'll be direct about it.

We use third-party model providers (including Anthropic and OpenAI) under zero-data-retention agreements. These providers do not retain or train on Mikla traffic.

  • Customer conversations are not used to train shared AI models. Full stop. Your inquiries, replies, and uploaded brand materials are isolated to your tenant and never feed into training data for any other customer, Mikla's foundation models, or third-party LLM providers.
  • Per-tenant fine-tuning is optional and explicit. If you enable it, Mikla will use only your own past replies to personalize voice for only your venue. You can turn this off in settings and delete the resulting model snapshots.
  • Anonymized, aggregated metrics, things like "avg. response time across all venues" or "share of inquiries that convert", may be used in benchmarks and research. These never contain identifiable customer or end-user data.

5. Sharing and processors

We do not sell personal information. We share it only with vetted subprocessors, under contract, strictly to run Mikla on your behalf. A full, up-to-date list lives at mikla.ai/trust/subprocessors. Key categories:

We may also disclose information to comply with a valid legal request, protect the rights or safety of Mikla, our customers, or the public, or to complete a corporate transaction (e.g. a merger), in which case this policy continues to apply to personal information transferred.

  • Infrastructure. Amazon Web Services (US), Cloudflare (global edge).
  • Model providers. Anthropic, OpenAI (zero-retention endpoints).
  • Telephony. Twilio (US) for SMS and voice.
  • Observability. Datadog, Sentry for error and performance monitoring.
  • Payments. Stripe for subscription billing.
  • Customer support. Intercom for in-app chat.

6. Retention

We keep data only as long as needed for the purposes above.

  • Conversation data: retained for the life of the account or as configured by the customer; deleted within 30 days of an export or deletion request.
  • Account and billing records: retained for up to 7 years to meet tax and audit obligations.
  • Website analytics: aggregated only; raw IP logs rotated every 14 days.
  • Backups: encrypted backups rotated every 30 days; deletions propagate to backups within one rotation.

7. Security

We follow industry-standard security practices. Controls include:

  • Data encrypted in transit (HTTPS).
  • Tenant isolation at the database layer.
  • Least-privilege access for Mikla staff.
  • Incident response with customer notification within 72 hours of any confirmed breach of personal data.

8. Your rights

Depending on where you live, you have some or all of the following rights with respect to your personal information:

To exercise any of these rights, email privacy@mikla.ai. We respond within 30 days. Customers of Mikla can also export and delete conversation data directly from account settings at any time.

End users who have interacted with a Mikla customer should direct requests to that customer in the first instance. They are the controller of the underlying conversation.

  • Access a copy of what we hold about you.
  • Correct inaccurate information.
  • Delete your data ("right to be forgotten").
  • Port your data to another provider in a machine-readable format.
  • Restrict or object to certain processing, including direct marketing.
  • Withdraw consent at any time where we rely on consent as the lawful basis.

9. International transfers

Mikla is headquartered in the United States. If you're in the EEA, UK, or Switzerland, your data may be transferred to the U.S. When it is, we rely on Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. Transfer impact assessments are maintained and available to customers under NDA.

10. Children

Mikla is a B2B product and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have, email privacy@mikla.ai and we will delete it promptly.

11. Changes to this policy

We'll update this policy as our product and regulations evolve. Material changes trigger an email to account admins at least 30 days before they take effect, along with a version bump at the bottom of this page. Minor clarifications or fixes are noted in our changelog.

12. Contact us

Questions, concerns, or data requests, reach us at:

  • Email: privacy@mikla.ai
  • Mail: Mikla, Inc. · 115 Bowery, 6th Fl · New York, NY 10002 · USA
  • EU representative (Art. 27): eu-rep@mikla.ai
  • Data Protection Officer: dpo@mikla.ai
© 2026 Mikla, Inc.
v4.2