This Privacy Policy describes how mIself ("the Service"), operated by W!nno ("we", "us", "our"), collects, uses, stores, and protects your personal data. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
The data controller responsible for your personal data is:
W!nno
Email: support@miself.me
Location: Denmark, European Union
| Category | Data | Purpose | Legal Basis |
|---|---|---|---|
| Account | Name, email, Microsoft Entra ID identifier | Authentication and personalization | Contract performance |
| Identity Graph | Values, interests, strengths, goals, personality traits, tensions, chapters — extracted by AI from your inputs | Core service functionality | Contract performance |
| Chat History | Messages you send and AI responses | Continuity, memory injection, identity extraction | Contract performance |
| Memory & Knowledge | Bookmarks, saved content, uploaded files (text extracted, originals discarded) | Knowledge base and RAG search | Contract performance |
| Imported Data | Social media exports, notes, reading history — you choose what to import | Identity signal extraction | Consent |
| Calendar Data | Event details (title, time, location) read from Google Calendar and/or Microsoft Outlook when you connect them | Day view, event preparation and reflection conversations | Consent |
| Usage Data | Pages visited, features used, session duration | Service improvement | Legitimate interest |
| Payment Data | Subscription tier, billing interval, payment status (no card numbers — handled by Stripe/Apple/Google) | Subscription management | Contract performance |
| Device Tokens | Push notification tokens (iOS/Android) | Push notifications | Consent |
Your content is processed by AI models hosted on Azure OpenAI (Microsoft). When you chat, import data, or trigger identity analysis, your text is sent to Azure OpenAI endpoints in the EU (Sweden Central region) for inference. We do not use your data to train AI models. Microsoft's Azure OpenAI service operates under its own data processing agreement (DPA) and does not retain customer data for model improvement.
When you import data (social media exports, notes, etc.), the Service extracts identity signals (values, patterns, events) using AI. The original uploaded files are processed in memory and are not permanently stored. Only the extracted signals are retained in your identity graph.
You can optionally connect your Google Calendar or Microsoft Outlook calendar in Settings → Integrations. Both integrations are read-only: we request the narrowest available scopes (Google: calendar.readonly; Microsoft Graph: Calendars.Read) and can never create, modify, or delete events in your calendar. We sync event details (title, start and end time, location) to show your day inside the Service and to offer preparation or reflection conversations around your events. OAuth refresh tokens are stored encrypted at rest using ASP.NET Core Data Protection; access tokens are short-lived and not persisted beyond their lifetime. We do not use calendar data for advertising, do not sell or transfer it to third parties except as required to provide the feature, and humans do not read it except with your permission or for security purposes.
mIself's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
You can disconnect either integration at any time in Settings → Integrations, which deletes the stored tokens and stops all syncing. You can additionally revoke access from the provider side at Google Account → Security or Microsoft account → Apps and services. Synced events are removed when you disconnect or delete your account.
We do not sell, rent, lease, or trade your personal data to any third party. Your data is used exclusively to provide the Service to you.
Your data is stored on Microsoft Azure infrastructure within the European Union:
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication is handled via Microsoft Entra ID with industry-standard OIDC protocols. Database access uses Managed Identity — no passwords stored in code or configuration.
The database is encrypted at rest with AES-256 using a rotating key mechanism (Azure SQL Transparent Data Encryption). Encryption keys are rotated automatically by Microsoft Azure under FIPS 140-2 Level 2 compliant key handling, and re-encryption of the database happens transparently without service interruption. Database backups inherit the same encryption.
Database access is logged to immutable storage in a separate storage account, retained for 6 months. The storage container uses a time-based immutability policy: once a log entry is written, it cannot be modified or deleted within the retention window — not by us, and not by anyone with administrative access to the storage account.
As a matter of policy, no person accesses your data in the database.
We retain your data for as long as your account is active. You may delete all your data at any time via Settings → Account → Delete Account. Upon deletion, all personal data (identity graph, memory, knowledge, chats, personas, insights, goals, and more) is permanently removed within 30 days.
Contact form submissions are retained for up to 12 months for support and legal purposes.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at support@miself.me or use the in-app features. We will respond within 30 days.
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Microsoft Azure / Entra ID | Hosting, authentication, AI processing | Account info, content for AI inference | Microsoft Privacy |
| Stripe | Web payment processing | Email, subscription tier (no card data touches our servers) | Stripe Privacy |
| Apple (App Store) | iOS payment processing | Transaction ID for verification | Apple Privacy |
| Google (Play Store) | Android payment processing | Purchase token for verification | Google Privacy |
| Google Calendar API | Optional read-only calendar sync (you connect it) | OAuth tokens; event details are read into the Service | Google Privacy |
| Microsoft Graph (Outlook) | Optional read-only calendar sync (you connect it) | OAuth tokens; event details are read into the Service | Microsoft Privacy |
mIself uses essential authentication cookies (set by Microsoft Entra ID for session management) and a service worker for PWA offline capability. We do not use analytics cookies, tracking pixels, or any third-party tracking scripts.
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child under 18 has provided us with personal data, please contact us immediately.
All data processing occurs within the European Union/European Economic Area (EU/EEA) on Microsoft Azure infrastructure. We do not transfer your personal data outside the EU/EEA. In the event this changes, we will implement appropriate safeguards (Standard Contractual Clauses or adequacy decisions) as required by GDPR.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Last updated" date and, for significant changes, via in-app notification. We encourage you to review this page periodically.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet): datatilsynet.dk.
For privacy-related inquiries:
W!nno — Data Controller
Email: support@miself.me
Web: Settings → About → Contact Us