Mivo

Privacy Policy

Last updated — March 2, 2026

1. Introduction

Mivo is a voice-powered productivity assistant for macOS. This Privacy Policy explains how we collect, use, store, and protect information when you use the Mivo app and website.

By using Mivo, you agree to the practices described in this policy.

2. Information We Collect

2.1 Voice Input & Transcription

When you use Mivo's voice features, audio is streamed in real time solely to generate text or perform user-requested actions.

  • Voice recordings are not retained.
  • Transcribed text may be processed transiently to fulfill a request and may also be stored as part of user-visible outputs (such as assistant responses or task history), depending on the feature used.

2.2 Assistant Content & Task History

When you use Mivo's assistant or automation features, we may store user-visible content generated within the app, including assistant responses, generated text, task results, and conversation threads. This is stored so you can revisit past work and continue where you left off. Content is retained until deleted by you or until your account is deleted.

2.3 Screen Visibility & Screenshot Processing

When explicitly activated by you, Mivo may temporarily capture screenshots or screen regions to understand context and perform requested actions. Screenshots are:

  • Processed only in memory
  • Never stored by Mivo
  • Discarded immediately after use
  • Transmitted securely and only in response to explicit user actions
  • Never used to train AI models

Mivo processes only the minimum screen data required and does not use screenshots to infer or reconstruct private third-party content.

2.4 Third-Party Integrations (OAuth)

Mivo supports optional integrations with third-party services (such as Gmail, Google Calendar, and others) via OAuth. Access is granted only through your explicit consent and you may revoke it at any time. Mivo cannot access data outside the authorized OAuth scopes.

Depending on the integration and your request, Mivo may temporarily access messages, calendar events, contacts, file metadata, or workspace content. Raw third-party content is accessed only to perform user-requested actions and is not retained as source data.

2.5 Authentication & Account Data

We collect and process account identifiers (such as your email address), authentication tokens, and session metadata. This is used solely for account management, security, and access control.

2.6 Web Search & System Actions

When requested by you, Mivo may process web search queries or execute user-initiated system actions (such as opening applications or URLs). Mivo does not perform autonomous actions and acts only on your explicit instructions.

2.7 Waitlist Data

When you join the Mivo waitlist, we store your email address, the date you signed up, and a referral tag if you arrived via a shared link. This is used to notify you at launch and send occasional product updates, which you can opt out of at any time.

2.8 Logs & Diagnostics

We collect limited diagnostic data including feature usage statistics, error logs, device metadata, and performance metrics. Logs do not include the contents of emails, messages, documents, contacts, or private communications.

3. Permissions & Sensitive Actions

Mivo requests only the permissions necessary to perform the features you use. For actions that involve sensitive data or system access — such as reading your screen, accessing third-party accounts, or executing system-level tasks — Mivo will always ask for your explicit approval before proceeding.

  • You can approve or deny each permission request individually.
  • Denying a permission will not affect unrelated features.
  • You can revoke previously granted permissions at any time from macOS System Settings or within the Mivo app.
  • Mivo will never silently escalate access or use a permission for a purpose beyond what was described when you approved it.

4. How We Use Information

We use information only to:

  • Provide Mivo's features and functionality
  • Perform user-requested actions
  • Improve relevance and usability of in-app features
  • Maintain reliability, performance, and security
  • Prevent abuse and misuse
  • Comply with legal obligations

Mivo does not sell user data and does not use user data for advertising.

5. Third-Party Integration Data

Mivo accesses third-party integration data only when explicitly authorized by you and only to provide user-facing functionality within the app. Mivo:

  • Processes third-party integration data transiently
  • Does not store emails, messages, calendar entries, files, or contacts as raw records
  • Does not use integration data for advertising, profiling, or marketing
  • Does not use integration data to train AI models
  • Does not perform background or scheduled processing of integration data without your knowledge

User-visible outputs generated at your request (such as drafts, summaries, or responses) may be stored as part of your Mivo content.

6. Human Access to Your Data

Human access to user data is prohibited except with your explicit consent, when necessary for security or abuse investigations, or when required by law. Any permitted access is limited, logged, and audited.

7. Data Retention

  • Voice audio: Not retained
  • Screenshots: Not retained
  • Third-party source data (emails, messages, files, contacts): Not retained
  • Assistant content & task history: Retained until deleted by you or account deletion
  • Waitlist & account data: Retained until you request deletion or your account is deleted
  • Diagnostic logs: Retained for a limited period (typically 30–90 days)

8. Third-Party Service Providers

To deliver Mivo's features, your data may be processed by the following sub-processors:

  • Deepgram — Speech-to-text transcription. Audio is streamed to Deepgram in real time and is not retained after transcription.
  • OpenAI — Large language model inference for assistant responses and task execution. Prompts are processed transiently and are not used to train OpenAI's models under our API agreement.
  • Anthropic — Large language model inference, used for certain assistant features. Data is processed transiently and not used for model training.
  • Google (Gemini / Vertex AI) — Large language model inference for select features. Data is processed transiently and not used for model training.
  • Supabase — Database and authentication, hosted in EU-North (Stockholm). Stores your account data, waitlist signup, and user-visible content you choose to save.
  • PostHog — Product analytics. We use PostHog to understand how features are used (e.g. which actions are triggered, session counts, and error rates). PostHog does not receive the contents of your voice input, messages, files, or any third-party integration data.

We do not transfer your personal data outside the EU unless required by law, with your explicit consent, or as part of the secure API calls described above which are governed by the respective providers' data processing agreements.

9. Security

We use industry-standard safeguards to protect your information, including encryption in transit and at rest, secure cloud infrastructure, access controls, and abuse prevention mechanisms.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing of, or export your data, as well as the right to withdraw consent. You can exercise these rights by contacting us. Under GDPR, these rights are available to all EU residents.

11. Children's Privacy

Mivo is not intended for children under the applicable age of digital consent. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page.

13. Contact

For any privacy-related questions, reach out to us on LinkedIn.