Back to Settings

Privacy Policy

Last updated: May 5, 2026

1. Introduction

This Privacy Policy describes how mIself ("the Service"), operated by W!nno ("we", "us", "our"), collects, uses, stores, and protects your personal data. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

W!nno
Email: support@miself.me
Location: Denmark, European Union

3. Data We Collect

CategoryDataPurposeLegal Basis
AccountName, email, Microsoft Entra ID identifierAuthentication and personalizationContract performance
Identity GraphValues, interests, strengths, goals, personality traits, tensions, chapters — extracted by AI from your inputsCore service functionalityContract performance
Chat HistoryMessages you send and AI responsesContinuity, memory injection, identity extractionContract performance
Memory & KnowledgeBookmarks, saved content, uploaded files (text extracted, originals discarded)Knowledge base and RAG searchContract performance
Imported DataSocial media exports, notes, reading history — you choose what to importIdentity signal extractionConsent
Calendar DataEvent details (title, time, location) read from Google Calendar and/or Microsoft Outlook when you connect themDay view, event preparation and reflection conversationsConsent
Usage DataPages visited, features used, session durationService improvementLegitimate interest
Payment DataSubscription tier, billing interval, payment status (no card numbers — handled by Stripe/Apple/Google)Subscription managementContract performance
Device TokensPush notification tokens (iOS/Android)Push notificationsConsent

4. How We Process Your Data

4.1 AI Processing

Your content is processed by AI models hosted on Azure OpenAI (Microsoft). When you chat, import data, or trigger identity analysis, your text is sent to Azure OpenAI endpoints in the EU (Sweden Central region) for inference. We do not use your data to train AI models. Microsoft's Azure OpenAI service operates under its own data processing agreement (DPA) and does not retain customer data for model improvement.

4.2 Data Enrichment

When you import data (social media exports, notes, etc.), the Service extracts identity signals (values, patterns, events) using AI. The original uploaded files are processed in memory and are not permanently stored. Only the extracted signals are retained in your identity graph.

4.3 Calendar Integrations (Google Calendar and Microsoft Outlook)

You can optionally connect your Google Calendar or Microsoft Outlook calendar in Settings → Integrations. Both integrations are read-only: we request the narrowest available scopes (Google: calendar.readonly; Microsoft Graph: Calendars.Read) and can never create, modify, or delete events in your calendar. We sync event details (title, start and end time, location) to show your day inside the Service and to offer preparation or reflection conversations around your events. OAuth refresh tokens are stored encrypted at rest using ASP.NET Core Data Protection; access tokens are short-lived and not persisted beyond their lifetime. We do not use calendar data for advertising, do not sell or transfer it to third parties except as required to provide the feature, and humans do not read it except with your permission or for security purposes.

mIself's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect either integration at any time in Settings → Integrations, which deletes the stored tokens and stops all syncing. You can additionally revoke access from the provider side at Google Account → Security or Microsoft account → Apps and services. Synced events are removed when you disconnect or delete your account.

4.4 No Data Selling

We do not sell, rent, lease, or trade your personal data to any third party. Your data is used exclusively to provide the Service to you.

5. Data Storage and Security

Your data is stored on Microsoft Azure infrastructure within the European Union:

  • Database: Azure SQL Database (North Europe region)
  • Application: Azure App Service (West Europe region)
  • AI Processing: Azure OpenAI (Sweden Central region)
  • Search Index: Azure AI Search (EU region)

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication is handled via Microsoft Entra ID with industry-standard OIDC protocols. Database access uses Managed Identity — no passwords stored in code or configuration.

The database is encrypted at rest with AES-256 using a rotating key mechanism (Azure SQL Transparent Data Encryption). Encryption keys are rotated automatically by Microsoft Azure under FIPS 140-2 Level 2 compliant key handling, and re-encryption of the database happens transparently without service interruption. Database backups inherit the same encryption.

Database access is logged to immutable storage in a separate storage account, retained for 6 months. The storage container uses a time-based immutability policy: once a log entry is written, it cannot be modified or deleted within the retention window — not by us, and not by anyone with administrative access to the storage account.

As a matter of policy, no person accesses your data in the database.

6. Data Retention

We retain your data for as long as your account is active. You may delete all your data at any time via Settings → Account → Delete Account. Upon deletion, all personal data (identity graph, memory, knowledge, chats, personas, insights, goals, and more) is permanently removed within 30 days.

Contact form submissions are retained for up to 12 months for support and legal purposes.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all your personal data (Settings → Account → Download My Data)
  • Right to Rectification: Correct inaccurate personal data through your profile settings
  • Right to Erasure: Delete all your personal data (Settings → Account → Delete Account)
  • Right to Data Portability: Export your data in a structured, machine-readable JSON format
  • Right to Restrict Processing: Request that we limit processing of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@miself.me or use the in-app features. We will respond within 30 days.

8. Third-Party Services

ServicePurposeData SharedPrivacy Policy
Microsoft Azure / Entra IDHosting, authentication, AI processingAccount info, content for AI inferenceMicrosoft Privacy
StripeWeb payment processingEmail, subscription tier (no card data touches our servers)Stripe Privacy
Apple (App Store)iOS payment processingTransaction ID for verificationApple Privacy
Google (Play Store)Android payment processingPurchase token for verificationGoogle Privacy
Google Calendar APIOptional read-only calendar sync (you connect it)OAuth tokens; event details are read into the ServiceGoogle Privacy
Microsoft Graph (Outlook)Optional read-only calendar sync (you connect it)OAuth tokens; event details are read into the ServiceMicrosoft Privacy

9. Apple App Store Privacy

Apple App Tracking Transparency: mIself does not track you across other companies' apps and websites. We do not use any advertising identifiers (IDFA). We do not participate in any advertising networks. The data collected is used solely to provide and improve the Service as described in this Privacy Policy.

10. Google Play Data Safety

Google Play Data Safety disclosure: mIself collects personal information (name, email) for account management, user-generated content for the core AI functionality, and purchase history for subscription management. Data is encrypted in transit and at rest. You can request data deletion through the app. Data is not shared with third parties for advertising or marketing purposes.

11. Cookies and Tracking

mIself uses essential authentication cookies (set by Microsoft Entra ID for session management) and a service worker for PWA offline capability. We do not use analytics cookies, tracking pixels, or any third-party tracking scripts.

12. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child under 18 has provided us with personal data, please contact us immediately.

13. International Data Transfers

All data processing occurs within the European Union/European Economic Area (EU/EEA) on Microsoft Azure infrastructure. We do not transfer your personal data outside the EU/EEA. In the event this changes, we will implement appropriate safeguards (Standard Contractual Clauses or adequacy decisions) as required by GDPR.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Last updated" date and, for significant changes, via in-app notification. We encourage you to review this page periodically.

15. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet): datatilsynet.dk.


16. Contact

For privacy-related inquiries:

W!nno — Data Controller
Email: support@miself.me
Web: Settings → About → Contact Us