Mila ("we", "us", "our") operates the website mila.gg and its associated subdomains (docs.mila.gg, sheets.mila.gg, slides.mila.gg, api.mila.gg). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
1. Information We Collect
1.1 Information You Provide
- Account information: When you register, we collect your name, email address, and password (stored as a bcrypt hash). If you sign in with Google, we receive your name, email, and Google profile ID.
- Payment information: When you subscribe to a paid plan, payment details are collected and processed directly by Stripe. We store your Stripe customer ID and subscription details but never store your credit card number or full payment credentials.
- User content: Documents, spreadsheets, presentations, and any text, images, or files you create or upload to the Service.
- Communications: If you contact us via email, we retain the content of your correspondence.
1.2 Information Collected Automatically
- Usage data: We collect information about how you interact with the Service, including pages visited, features used, button clicks, document creation and editing activity, sharing actions, and onboarding steps completed.
- Device information: Browser type, operating system, device type, screen resolution, and user agent string.
- IP address: Collected for security purposes and to determine your geographic region for regional pricing.
- Referral data: The URL that referred you to the Service.
- Local storage: We store usage counters in your browser's local storage to manage free-tier rate limits.
1.3 Cookies and Tracking Technologies
We use the following cookies and tracking technologies:
- Session cookie: A cookie containing your session data (user ID, email, name) is set upon login and expires after 30 days. This cookie is essential for authentication.
- PostHog: We use PostHog for product analytics to understand how users interact with the Service, identify issues, and improve the user experience.
- Google Analytics: We use Google Analytics (GA4) to collect aggregate website traffic data and usage statistics.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Process payments and manage subscriptions
- Enable real-time collaboration and document sharing
- Power AI features by sending your content to AI model providers for processing
- Determine regional pricing based on your geographic location
- Send transactional emails (e.g., account verification, password resets, billing notifications)
- Analyze usage patterns to improve the Service
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
3. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
3.1 Third-Party Service Providers
We share information with service providers that help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment details, billing address |
| Google (OAuth) | Authentication | Email, name, Google profile ID |
| OpenRouter | AI model processing | Document content submitted to AI features |
| PostHog | Product analytics | Usage events, device info, IP address |
| Google Analytics | Website analytics | Page views, device info, referral data |
| Amazon Web Services (S3) | File storage | Uploaded files and images |
| NeonDB | Database hosting | All account and content data |
| Resend | Transactional email | Email address, email content |
| ipapi | IP geolocation | IP address |
3.2 Other Users
When you share documents or join a Server, other users in those contexts may see your name, email, and collaborative activity (e.g., cursor position, edits).
3.3 Legal Requirements
We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
4. AI and Your Content
When you use AI features (content generation, AI chat, suggestions, or agents), the relevant content is sent to third-party AI model providers through OpenRouter. These providers may include Anthropic (Claude), Google (Gemini), OpenAI (GPT), and xAI (Grok).
- We do not use your content to train AI models.
- Content sent to AI providers is processed according to their respective privacy policies and data handling practices.
- We recommend not including sensitive personal information, trade secrets, or confidential data in AI prompts.
5. Data Storage and Security
Your data is stored on servers hosted by NeonDB (PostgreSQL) and Amazon Web Services. We implement reasonable security measures to protect your information, including:
- Password hashing using bcrypt with a cost factor of 12
- HTTPS encryption for all data in transit
- Access controls on database and storage systems
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
We retain your personal information and User Content for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
Analytics data collected by PostHog and Google Analytics is retained according to their respective data retention policies.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate personal information.
- Deletion: Request that we delete your personal information and account.
- Data portability: Export your documents, spreadsheets, and presentations using our built-in export features (DOCX, XLSX, PDF).
- Opt-out of analytics: You can use browser-based opt-out mechanisms for Google Analytics and PostHog, or enable Do Not Track in your browser settings.
- Withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.
To exercise any of these rights, contact us at fred@mila.gg.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to these countries.
9. Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at fred@mila.gg and we will promptly delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.
11. Contact
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
- Email: fred@mila.gg
- Website: mila.gg