Privacy Policy | Mithrilis

1. Introduction

At Mithrilis, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered logistics intelligence platform.

This policy applies to information collected through our website, platform, APIs, and any related services (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Organization name and details
Authentication credentials
Billing information for paid plans

2.2 Operational Data

When you use the Service, we may process:

Shipment identifiers (tracking numbers, bills of lading, container numbers)
Operational metadata (origin, destination, dates, cargo details)
Data quality metrics and confidence scores
Workflow configurations and automation rules

2.3 What We Do NOT Store

We specifically do not store:

End-customer personally identifiable information beyond what appears as routine shipment metadata passed through by your source systems
Payment card information (handled exclusively by our payment processor)

Raw payloads from connected systems are retained temporarily so we can re-derive the unified intelligence if our extraction logic improves. The specific retention periods are listed in Section 4.

2.4 Third-Party Credentials

To connect to your logistics systems, we securely store:

Encrypted API keys and OAuth tokens for connected systems
Connection configurations and access settings

3. How We Use Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process shipments and execute workflow automations
Send service communications (account notifications, security alerts, updates)
Analyze usage patterns to improve service quality
Comply with legal obligations
Prevent fraud and ensure platform security

4. Data Retention

We follow a tiered retention model: the unified intelligencewe derive from your data is kept for the life of your account so you retain full historical insight, while the raw operational data that already lives in your source systems is aged out on the schedule below.

Data Type	Retention Period
Unified shipment records, entity registry, match decisions, embeddings	Life of account
Account data	Active account + 30 days after closure
Field-level change history (values)	365 days (audit metadata kept; values then nulled)
Query audit logs	180 days (rows flagged for ML feedback are retained)
Raw ingestion payloads	180 days (normalized payload kept; raw blob then nulled)
Email attachment OCR text	180 days (structured extraction kept; raw text then nulled)
Filtered/spam email messages	90 days
Staging records, dead-letter jobs	30 days
Integration sync logs	14 days
Auth sessions	30 days of inactivity
Cached query results	24 hours to 7 days (by tier)

5. Data Sharing

We do NOT sell your personal information.

We may share information only in the following circumstances:

Service Providers: With trusted third parties who assist in operating our Service (hosting, payment processing, analytics)
Legal Requirements: When required by law, subpoena, or legal process
With Consent: When you explicitly authorize us to share information
Business Transfers: In connection with a merger, acquisition, or sale of assets

We access third-party systems only using your credentials and only to provide the Service you have requested.

6. Mithrilis Intelligence & Your Data

Mithrilis builds intelligence by learning patterns across the operations data our customers connect. This is what makes the platform more useful than any single tool: cross-customer pattern detection catches issues before they happen, and industry benchmarks let you see how your lanes, margins, and carriers compare to the market.

Your identifiable data never crosses your organization boundary. Before any data contributes to cross-customer intelligence:

We strip identifying fields (organization, customer, and lane identifiers) and replace them with codes that change over time, so historical patterns cannot be traced back to you.
We only include patterns that appear across multiple organizations, so no single organization's behavior can be inferred from the result.
We cap how much any single customer can influence an aggregate, so no one customer's data dominates the outcome.

Foundation models we use for natural-language features (such as Anthropic, OpenAI, and Google) receive only inference-time prompts. Under each provider's API terms, those inputs are not used to train their models.

Future opt-in programs may allow voluntary deeper data contribution in exchange for richer benchmarking insights.

7. Security

We implement comprehensive security measures including:

Encryption in transit (TLS 1.3) and at rest (AES-256)
SOC 2 Type II compliance (in progress)
Role-based access controls
Comprehensive audit logging
Regular security assessments and penetration testing

For detailed security information, visit our Security page.

8. Your Rights

8.1 All Users

All users have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data
Export: Request your data in a portable format

8.2 EU Residents (GDPR)

If you are located in the European Union, you also have the right to:

Right to erasure ("right to be forgotten")
Right to data portability
Right to restrict processing
Right to object to processing
Right to withdraw consent at any time

8.3 California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information is collected
Request deletion of your personal information
Opt-out of the sale of personal information (we don't sell data)
Non-discrimination for exercising your rights

To exercise any of these rights, contact us at hello@mithrilis.com.

9. International Data Transfers

Your data may be processed in the United States where our servers are located. For transfers from the European Economic Area, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your data.

10. Cookies & Tracking

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for the Service to function (authentication, security)
Analytics: We use Vercel Analytics to understand how the Service is used

We do not use third-party advertising cookies.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least thirty (30) days' notice of material changes via email and will update the "Last updated" date at the top of this page.

Your continued use of the Service after the effective date of changes constitutes acceptance of the modified policy.

13. Contact

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@mithrilis.com