Privacy Policy

Effective date: August 11, 2025

This Privacy Policy explains how we collect, use, and protect information when you use Mivio. By using Mivio, you agree to this Policy.

Who we are

Mivio is a small startup based in Belgrade, Serbia (Europe). We build tools that generate dynamic, pull-request-aware checklists.

What this covers

This Policy covers information we process when you visit our site, create an account, connect integrations, use the product, or contact us.

Information we collect

Account and workspace details such as name, email, organization, and settings you choose.

Service data such as repositories, projects, pull request metadata, checklist content, and actions taken in the app.

Integration data from GitHub, GitLab, and Bitbucket limited to the scopes you authorize, including tokens necessary to provide the service.

Usage and device data such as pages viewed, features used, approximate location, device type, and technical logs for performance and security.

Support communications you send via chat or email.

How we use information

To provide and operate Mivio, including generating and storing checklists, syncing integrations, and enabling collaboration.

To secure, troubleshoot, and improve the service, develop new features, and understand product usage.

To communicate with you about updates, security notices, and support. Marketing messages are sent only with your consent and you can opt out at any time.

To comply with legal, accounting, and regulatory obligations.

Legal bases (EEA, UK, and similar jurisdictions)

We rely on performance of a contract to deliver the service you requested.

We rely on legitimate interests to keep our services secure, improve features, and prevent abuse, balanced with your rights.

We rely on consent for optional analytics, marketing, and certain integrations or features where required.

We rely on legal obligation where processing is required by law.

Integrations and tokens

Access tokens and webhooks you authorize are stored securely using industry-standard encryption and used only to provide the features you enable. We request the minimum scopes needed and you can revoke access at any time from the integration provider.

LLM and automated analysis (optional)

If you enable LLM-based analysis, selected snippets or metadata from pull requests may be sent to our model provider solely to deliver that feature. We minimize content, avoid secrets where possible, and configure providers to opt out of training when available. We will disclose current providers upon request.

Analytics and cookies

We use essential cookies and similar technologies to run the site. Optional analytics help us understand product usage; these are used only with consent where required and can be disabled.

Sharing of information

We do not sell your personal information. We share data with trusted processors that help us host, store, analyze, support, and secure Mivio (for example cloud hosting, databases, error monitoring, analytics, and optional LLM providers). We may disclose information if required by law or to protect rights, safety, or the integrity of the service.

International data transfers

Your information may be processed in countries outside your own. When transferring personal data from the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

Retention

We keep information only as long as needed to provide the service and for legitimate business or legal purposes. Backup copies may persist for a limited time.

Security

We use appropriate technical and organizational measures to protect information. No online service can be guaranteed 100% secure, but we work to prevent, detect, and respond to incidents.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. You can withdraw consent where processing is based on consent. You may also lodge a complaint with your local data protection authority.

Children

Mivio is not directed to children under 16 and we do not knowingly collect their personal information.

Data control

You can request export or deletion of your data, subject to applicable law and security requirements. Some data may remain in backups for a limited period.

Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide reasonable notice. Your continued use of Mivio after the effective date means you accept the updated Policy.

Contact

If you have questions or requests about privacy, contact us via the contact form or the in-app chat. We aim to respond promptly.

This generic privacy notice is provided for transparency during open beta and is not legal advice.