Privacy Policy

Mia Chat Messenger ("we", "our", "us") is operated by MediaMake. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our messaging application and related services (collectively, "the Service").

We are committed to protecting your privacy and handling your data in a transparent, secure manner in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

MediaMake is the data controller responsible for your personal data under GDPR Article 4(7).

For any privacy-related inquiries or to exercise your data protection rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

Information you provide directly:

• •Account data: username, email address, display name, and password (hashed)
• •Profile data: avatar, bio, birthday (optional), and other profile information you choose to provide
• •Messages: text messages, voice messages, and other communications sent through the Service
• •Files: images, documents, and other files you upload for sharing

Information collected automatically:

• •Device data: device type, operating system, browser type, and session information
• •Usage data: app interactions and feature usage (with your consent)
• •Push tokens: device tokens for delivering real-time notifications
• •IP address: for security, fraud prevention, and approximate geolocation

Information we do NOT collect:

• •We do not access your device contacts, call logs, or SMS messages
• •We do not track your precise GPS location
• •We do not collect biometric data

We process your personal data based on the following legal grounds under GDPR Article 6(1):

• •Contract performance (Art. 6(1)(b)): to provide you with the messaging service, deliver messages, and manage your account
• •Legitimate interest (Art. 6(1)(f)): to maintain security, prevent fraud, improve our services, and ensure platform integrity
• •Consent (Art. 6(1)(a)): for optional analytics, marketing communications, and non-essential cookies
• •Legal obligation (Art. 6(1)(c)): to comply with applicable laws, regulations, and legal processes

• •Deliver messages and enable real-time communication between users
• •Authenticate your identity and secure your account
• •Provide AI assistant features (Mia) — messages sent to Mia are processed by third-party AI providers
• •Send essential service notifications (verification codes, password resets, security alerts)
• •Deliver push notifications for new messages and calls (with your permission)
• •Process payments for premium subscriptions through secure payment processors
• •Detect and prevent abuse, spam, and security threats
• •Improve app performance and user experience (with your consent)

We implement industry-standard security measures to protect your personal data:

• •Server location: secure servers located in the European Union
• •Password security: passwords are hashed using bcrypt with salt (never stored in plaintext)
• •Authentication: httpOnly secure cookies with JWT tokens
• •File storage: encrypted object storage (MinIO) with access controls
• •Transit encryption: all connections use TLS 1.2+ encryption
• •AI conversations: Mia conversations can be encrypted at rest using AES-256
• •DDoS protection: Cloudflare for CDN and DDoS mitigation

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your data only for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• •Account data: retained until you delete your account
• •Messages: retained until deleted by you or the recipient
• •Uploaded files: retained until deleted by the uploader
• •Session data: automatically expired after 30 days of inactivity
• •Analytics data: anonymized and aggregated, retained up to 12 months
• •Security logs: retained for up to 90 days for security and fraud prevention

When you delete your account, your personal data is permanently removed from our systems within 30 days. Some data may be retained longer if required by law or for legitimate legal purposes.

We share your data only with the following categories of third-party service providers, solely as necessary to operate the Service:

• •AI providers (DeepInfra, Groq, Google Gemini) — messages sent to the Mia AI assistant are processed by these providers to generate responses
• •Hostinger SMTP — for email delivery (verification codes, security notifications)
• •Stripe — for secure payment processing (we never store your card details)
• •Apple — for iOS In-App Purchase processing
• •Cloudflare — for DNS, CDN, and DDoS protection
• •Firebase Cloud Messaging — for push notification delivery on mobile devices

Your data is primarily stored on servers located in the European Union. Some third-party service providers may process data outside the EU/EEA. In such cases, we ensure adequate protection through:

• •EU Standard Contractual Clauses (SCCs)
• •Adequacy decisions by the European Commission
• •EU-U.S. Data Privacy Framework (where applicable)

Under GDPR, CCPA, and applicable data protection laws, you have the following rights:

• •Right of access (Art. 15): request a copy of your personal data
• •Right to rectification (Art. 16): correct inaccurate or incomplete data
• •Right to erasure (Art. 17): delete your account and associated data
• •Right to restriction (Art. 18): restrict certain processing activities
• •Right to data portability (Art. 20): export your data in a machine-readable format
• •Right to object (Art. 21): object to processing based on legitimate interest
• •Right to withdraw consent: withdraw consent at any time (without affecting prior processing)
• •Right to lodge a complaint: file a complaint with your local data protection authority (DPA)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by law. We may verify your identity before processing your request.

California residents (CCPA): You have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell your personal information.

Mia Chat Messenger is not intended for children under 16. We do not knowingly collect, solicit, or maintain personal data from anyone under 16 years of age.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at [email protected]. We will delete such information within 48 hours of verification.

We use cookies and similar technologies as follows:

• •Essential cookies: required for authentication, session management, and security (no consent needed)
• •Analytics cookies: used only with your explicit consent to improve the Service

We do not use advertising cookies or third-party tracking pixels. You can manage your cookie preferences at any time. For more details, see our Cookie Policy.

Mia Chat is a communication platform. Users are solely responsible for the content they share. While we implement moderation tools and community guidelines, we cannot monitor all content shared on the platform in real-time.

MediaMake is not liable for user-generated content, including messages, files, marketplace listings, or any other content shared between users. If you encounter content that violates our Terms of Service, please report it through the app.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• •We will notify you through the app or by email at least 30 days before the changes take effect
• •We will update the "Last updated" date at the top of this policy
• •Continued use of Mia Chat after the effective date constitutes acceptance of the updated policy

For any privacy-related inquiries, data protection requests, or complaints, please contact us: