Blog

Docs

About

Try Mio

Privacy Policy

Last Updated: October 2025

Quick Summary

  • Mio only accesses your Gmail and Calendar if you authorize it via Google OAuth.

  • Your data is processed on secure cloud infrastructure (AWS) with encryption at rest and in transit.

  • Mio employees and administrators have the ability to access your data for operational purposes, debugging, and customer support.

  • We never use your data to train AI models.

  • You can revoke access anytime in your Google settings.

  • If you close your account, all your data is permanently deleted.

  • To ask questions or manage your data, contact us at art@mio.xyz

Privacy Policy

Welcome to Mio ("we," "us," or "our"), a context tool that lets AI apps personalize their responses by leveraging your calendar data and Gmail emails. This Privacy Policy explains how we collect, use, store, and protect your information when you use our product. We are committed to respecting your privacy and giving you control over your data.

  1. What Information We Collect

We collect information from you when you use Mio and authorize us to access your Google account via OAuth. Specifically:

  • Calendar Data: With your explicit consent through Google OAuth, your calendar events (titles, descriptions, dates, times, attendees) from your Google Calendar account may be processed.

  • Email Data: With your explicit consent through Google OAuth, your Gmail emails (message content, subjects, senders, recipients, dates) may be processed.

  • Technical Data: We may collect limited metadata (browser type, operating system, timestamps of queries) to improve product performance.

  • No Other Data: We do not collect additional personal information beyond what you authorize via OAuth, and we do not access data outside the requested scopes.

  1. How We Collect Your Information

  • OAuth Authorization: We use Google's OAuth 2.0 protocol to securely request access to your Google account. You will see a consent screen from Google asking for permission to access your calendar events and Gmail emails. This access is limited to the scopes we request.

  • Encrypted Transfer: Your calendar and email data are encrypted during transfer and processing.

  1. How We Use Your Information

We process your calendar and email data on secure cloud infrastructure hosted on Amazon Web Services (AWS). Specifically:

  • Embedding Model & RAG: We convert your calendar and email content into vector embeddings to perform retrieval-augmented generation (RAG), allowing personalized AI responses.

  • Personalization: Apps tailor their responses to your needs, schedule, and communications by accessing information surfaced by Mio and derived from your calendar and email data.

  • Cloud Processing: Your data is processed on AWS infrastructure in the EU region (Stockholm, eu-north-1). While we implement strong security controls, Mio employees and administrators with appropriate access credentials can access your data for operational purposes, debugging, and customer support.

  1. No usage of Data for Training AI/ML Models

  • No AI/ML Training: We do not use your Google Calendar or Gmail data to develop or train generalized/non-personalized AI/ML models.

  • No Third-Party AI Tools: We do not send your Google data to third-party AI services. Authorized apps can query your preferences surfaced by Mio and derived from your data, but we never share your raw data.

  • Personal Use Only: Data processing happens only to personalize your experience.

  1. Data Storage and Retention

  • Encryption at Rest: We store your calendar events, emails, embeddings, and derived data in encrypted databases using AWS RDS (PostgreSQL) with KMS encryption keys.

  • Encryption in Transit: Data is encrypted during transfer using TLS/HTTPS with SSL certificates.

  • Data Location: Your data is stored in AWS data centers in the EU region (Stockholm, Sweden).

  • Backups: Automated encrypted backups are retained for up to 14 days for disaster recovery purposes.

  • Account Lifecycle: We retain your encrypted data only while your account is active. If you close your account or revoke access, all associated data will be permanently deleted from our production systems and backup snapshots.

  1. Data Sharing and Disclosure

  • Internal Access: Mio employees and administrators with appropriate credentials can access your data for operational purposes, debugging, technical support, and service improvement. We limit access to authorized personnel only.

  • Third-Party Services: We use the following third-party services that may process your data:

    • Amazon Web Services (AWS) - Cloud infrastructure hosting in EU (Stockholm)

    • Google OAuth - Authentication services

    • OpenRouter - AI model API for generating personalized responses

  • No Marketing or Sales: We do not share your data with third parties for marketing or advertising purposes.

  • Legal Requirements: We may disclose your information if required by law, court order, or government request.

  1. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: All databases (PostgreSQL, Redis) are encrypted using AWS KMS encryption keys with automatic key rotation.

  • Encryption in Transit: All external traffic uses HTTPS with TLS certificates.

  • Network Security: Your data is processed in isolated private networks (AWS VPC) with security groups restricting access. Multi-AZ deployment provides redundancy.

  • Access Controls: OAuth security with industry-standard token handling. Database credentials and API keys are stored in AWS Secrets Manager.

  • Monitoring & Logging: We maintain security logs via AWS CloudTrail, VPC Flow Logs, WAF logs, and application logs for security monitoring and incident response.

  • Web Application Firewall: AWS WAF protects against common web attacks including SQL injection, cross-site scripting, and rate limiting.

  • Regular Backups: Automated daily encrypted backups with point-in-time recovery capabilities.

However, please note that Mio employees with appropriate access can view your decrypted data when performing operational tasks, debugging, or providing customer support.

  1. Your Rights and Choices

You have control over your data. Depending on your location, you may have the right to:

  • Access: Request a copy of the data we hold about you.

  • Correction: Ask us to correct inaccurate or incomplete information.

  • Deletion: Request deletion of your personal data.

  • Portability: Request your data in a commonly used format (e.g. JSON).

  • Withdraw Consent: Revoke OAuth access at any time in your Google Account settings.

To exercise these rights, contact us at art@mio.xyz

  1. Third-Party Services

We rely on Google's OAuth service. Google may log authentication events under their own policies (see Google's Privacy Policy).

  1. Children's Privacy

Mio is not intended for children under 13 (or 16 in some regions). We do not knowingly collect data from children.

  1. Changes to This Privacy Policy

We may update this policy as we introduce new features or technologies. We will notify you of material changes.

  1. Contact Us

For privacy questions or to exercise your data rights, email us at art@mio.xyz

Get an AI summary of Mio

© Mio 2026. All rights reserved

© Mio 2026. All rights reserved

Privacy Policy

Privacy Policy