Privacy Policy

Last updated: June 6, 2026

The short version. mial remembers the things you want off your mind: tasks, people, plans. Your data is scoped to your account, encrypted in transit and at rest, never sold, never used to train AI, and shared only with providers needed to run mial. You can export or delete your account at any time.

By creating a mial account or signing up for our launch updates, you consent to this policy.

Who this applies to

mial is operated by Bendwater Labs LLC ("we", "us", "our"). This policy covers getmial.com and the mial web app, and applies to anyone who signs up for an account, requests launch updates, or uses the app.

What we collect

Account info. Email address and an encrypted password (we never see your plaintext password). Your subscription tier.

What you put in mial. Anything you add to the app: tasks, appointments, notes, people, profile details. This is your product data.

Usage. Operational metadata only: when you log in, daily AI call counts for rate limits, your subscription tier. We don't run granular click-tracking or behavioral analytics.

Payment info (Pro only). If you subscribe, our payment processor collects payment details. We never see or store full card numbers.

What we don't collect. Advertising cookies, cross-site trackers, browser fingerprints, location data, your contacts, or your calendar. Voice input goes through your browser's built-in speech engine (Chrome and Safari send audio to their respective providers under their privacy policies). We never receive or store the audio.

How we use it

• To run the product (store and display what you've added, authenticate sessions, apply your tier's features).
• To send essential email (account confirmation, password reset, billing receipts) and occasional product updates you can opt out of. Because mial is operated by Bendwater Labs LLC alongside other current and future products, we may also use the contact information you give us (such as your email) to share announcements about other Bendwater products and services. Every non-essential message includes a way to opt out (such as the unsubscribe link in email).
• For AI features (Pro and trial only): we send your prompt context to our AI provider through our proxy with a header instructing them to exclude your data from model training. Free users don't trigger AI calls.
• To enforce rate limits and protect against abuse.

Who we share with

We use a small set of well-known infrastructure providers. Each is permitted to use your data only to provide that service. We do not sell your data, and we do not authorize these providers to use mial data for their own purposes.

• Supabase. Authentication and database hosting.
• Vercel. Website and app hosting.
• Anthropic. AI for Pro and trial users, with a model-training opt-out on every request.
• Stripe. Payment processing for Pro subscribers.
• Resend. Transactional email, such as sign-in confirmations and password resets.
• Sentry. Error monitoring. Receives crash and error reports, with personal details filtered out before transmission, so we can keep the service running and secure.

Where your data lives

When you sign up at getmial.com/app, your account data is stored in our hosted database (Supabase Postgres) so you can sign in from any device and find it there. Access is scoped to your account by row-level security policies, and we don't read your content for any purpose other than running the product features you use.

Data follows you across devices: sign in on a new device, your data is there.

Cookies and local storage

We use session cookies and local storage to keep you signed in. We don't use advertising, retargeting, or analytics cookies.

Your rights

• See it. Everything in your account is visible inside the app.
• Export it. Settings › Export gives you a copy of your data.
• Edit it. Delete items, change your email or password, update your profile from inside the app.
• Delete the whole account. Email hello@getmial.com from your registered address. We'll wipe your account within 30 days.
• Opt out of email. Every non-essential email has an unsubscribe link. Transactional email (password reset, billing receipts) continues as long as you have an account.

If you live in California, the EU/UK, or another jurisdiction with data-protection rights, those rights apply to you here, and we treat all users to the same standard. mial does not sell personal information.

Data retention

We keep your data while your account is active. If you delete your account, we wipe your data within 30 days. Backups are purged within 90 days.

Security

We use TLS for all traffic, encrypted-at-rest databases, industry-standard password hashing handled by our auth provider, and access controls so users can only read their own data. No system is unbreakable, but we treat your data the way we'd want ours treated. If we become aware of a breach affecting your personal data, we'll notify you as required by law.

Children's privacy

mial isn't designed for anyone under 13. We don't knowingly collect data from children under 13 and will delete any account we find that violates this. Parents who think their child has signed up can email hello@getmial.com.

International transfers

mial's infrastructure operates in the United States. If you access the service from outside the United States, your personal data will be transferred to and processed in the United States. By creating an account, you consent to this transfer.

Changes to this policy

If we make a material change to how we handle data, we'll update this page and email everyone with an account before the changes take effect.

Contact

Questions, requests, or complaints: hello@getmial.com.