Privacy Policy | Mithrilis

1. Introduction

At Mithrilis, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered logistics intelligence platform.

This policy applies to information collected through our website, platform, APIs, and any related services (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Organization name and details
Authentication credentials
Billing and payment information (processed by Stripe)

2.2 Operational Data

When you use the Service, we may process:

Shipment identifiers (tracking numbers, bills of lading, container numbers)
Operational metadata (origin, destination, dates, cargo details)
Data quality metrics and confidence scores
Workflow configurations and automation rules

2.3 What We Do NOT Store

We specifically do not store:

End-customer personally identifiable information (PII) from your orders (names, emails, physical addresses)
Payment card information (handled exclusively by Stripe, our payment processor)
Raw data from connected systems (we query on-demand rather than storing)

2.4 Third-Party Credentials

To connect to your logistics systems, we securely store:

Encrypted API keys and OAuth tokens for connected systems
Connection configurations and access settings

3. How We Use Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process shipments and execute workflow automations
Send service communications (account notifications, security alerts, updates)
Analyze usage patterns to improve service quality
Comply with legal obligations
Prevent fraud and ensure platform security

4. Data Retention

We retain different types of data for different periods:

Data Type	Retention Period
Account data	Active account + 30 days after closure
Query audit logs	7 days
Staging/temporary data	30 days
ML calibration logs	90 days
Auth sessions	30 days of inactivity
Cached query results	24 hours to 7 days (by tier)

5. Data Sharing

We do NOT sell your personal information.

We may share information only in the following circumstances:

Service Providers: With trusted third parties who assist in operating our Service (hosting, payment processing, analytics)
Legal Requirements: When required by law, subpoena, or legal process
With Consent: When you explicitly authorize us to share information
Business Transfers: In connection with a merger, acquisition, or sale of assets

We access third-party systems only using your credentials and only to provide the Service you have requested.

6. AI & Machine Learning

We use aggregated, anonymized data patterns to improve our AI models and service quality. This includes:

Document structure patterns for improved extraction accuracy
Workflow optimization insights
Error pattern analysis for service improvement

We do NOT use identifiable customer data for AI model training. Future opt-in programs may allow voluntary data contribution to help improve industry-wide logistics intelligence.

7. Security

We implement comprehensive security measures including:

Encryption in transit (TLS 1.3) and at rest (AES-256)
SOC 2 Type II compliance (in progress)
Role-based access controls
Comprehensive audit logging
Regular security assessments and penetration testing

For detailed security information, visit our Security page.

8. Your Rights

8.1 All Users

All users have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data
Export: Request your data in a portable format

8.2 EU Residents (GDPR)

If you are located in the European Union, you also have the right to:

Right to erasure ("right to be forgotten")
Right to data portability
Right to restrict processing
Right to object to processing
Right to withdraw consent at any time

8.3 California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information is collected
Request deletion of your personal information
Opt-out of the sale of personal information (we don't sell data)
Non-discrimination for exercising your rights

To exercise any of these rights, contact us at hello@mithrilis.com.

9. International Data Transfers

Your data may be processed in the United States where our servers are located. For transfers from the European Economic Area, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your data.

10. Cookies & Tracking

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for the Service to function (authentication, security)
Analytics: We use Vercel Analytics to understand how the Service is used

We do not use third-party advertising cookies.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least thirty (30) days' notice of material changes via email and will update the "Last updated" date at the top of this page.

Your continued use of the Service after the effective date of changes constitutes acceptance of the modified policy.

13. Contact

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@mithrilis.com