Privacy Policy
§ 1 — Who we are
Mijoro, Inc. (an Ohio corporation — "Mijoro", "we", "us") operates the Mijoro Executive Strategic Intelligence platform at mijoro.com (the "Service").
We are the data controller for information you provide directly. For data ingested from integrations you connect, we act as a data processor on your instructions.
Privacy contact: privacy@mijoro.com
Data Protection Officer: reachable at privacy@mijoro.com.
§ 2 — What we collect
2.1 — Information you provide
- Account — name, email, company, and role captured via OAuth sign-in.
- Billing — handled by a PCI-DSS Level 1 payment processor; we receive a payment-method token and the card's last four digits. Raw card numbers are never stored.
- Support — tickets, email replies, and feedback you send us.
2.2 — Information from integrations
When you authorize an integration, we ingest only the data permitted by the OAuth scopes you grant.
| Provider | Scope | What we ingest |
|---|---|---|
| Google Drive | drive.readonly | File metadata; contents of documents you explicitly select |
| Google Calendar | calendar.readonly | Event titles, times, attendees, and descriptions |
| Asana | workspace read | Tasks, projects, status changes, assignees |
| QuickBooks | accounting read | Invoices, expenses, customer and vendor records |
Disconnect any integration at any time from Settings → Integrations.
2.3 — Information collected automatically
- Usage telemetry — pages visited, features used, time-to-outcome. Informs product priorities; never sold.
- Technical data — browser, OS, IP address, and session cookies for security, abuse prevention, and diagnostics.
- Decision captures — strategic commitments you record in-app (posture commits, scenario commits, debate closes). Powers decision reconciliation and Brier calibration.
2.4 — Information we do not collect
Raw payment-card numbers, biometrics, special-category data (health, religion, political views), and data from anyone under 18.
§ 3 — How we use your data
- Deliver the Service — synthesize dossiers, premeeting briefs, counterparty profiles, and decision reconciliation.
- Personalize — calibrate intelligence to your industry, role, and historical decision patterns.
- Improve — aggregate usage informs feature priorities. Individual data is never used to train shared models without explicit consent.
- Communicate — service emails (briefs, account events) and product updates (opt-out available for non-transactional mail).
- Comply — tax, legal, and lawful-request obligations.
We do not sell your data, share it with advertisers, or use it to train models accessible to other tenants.
§ 4 — Cross-tenant corpus
Mijoro maintains a shared, identity-hash-keyed counterparty corpus — disclosed at sign-up and authorized under Terms of Service § 5.
Leaves your tenant silo: one-way SHA-256 hashes of counterparty identifiers; aggregate signal (mention counts, cadence statistics, public-signal derivatives).
Never leaves your tenant silo: raw data, email or document content, PII of your contacts or employees, financial numbers, or anything attributable to you specifically.
Opt-out is available in Settings → Data and takes effect immediately. Previously hashed contributions cannot be individually extracted.
§ 5 — Sharing
We share data only with vendors bound by contractual confidentiality and engaged for operational necessity — hosting, transactional email delivery, payment processing, model inference, and error telemetry. Every vendor is signed to a Data Processing Addendum equivalent to ours and is required to flow the same obligations to any sub-vendor it engages.
A current list of vendors is available to customers on request from privacy@mijoro.com and is included by reference in enterprise Data Processing Addenda.
We never share data with advertising networks, data brokers, or cross-company analytics services.
§ 6 — International transfers
If you are in the EU, UK, or a region with transfer-restricting regulations, your data may be processed in the United States under the EU–US Data Privacy Framework and Standard Contractual Clauses executed with each vendor.
§ 7 — Your rights
7.1 — Universal
- Access — export your data via the in-app flow or email
privacy@mijoro.com. - Correction — edit account details in Settings; integration data is corrected at the source.
- Deletion — request full account deletion; completed within 30 days.
- Portability — data returned as standard JSON.
- Opt-out of marketing — unsubscribe from product email at any time.
7.2 — GDPR (EU / UK residents)
Right to restrict processing, object to profiling, withdraw consent, and lodge a complaint with your supervisory authority.
7.3 — CCPA (California residents)
Right to know, delete, opt out of sale (we do not sell), and non-discrimination for exercising these rights.
7.4 — How to exercise
Email privacy@mijoro.com from the address on your account. We respond within 30 days — extendable to 60 for complex requests, with notice.
§ 8 — Retention
| Category | Window |
|---|---|
| Active account + integration data | Duration of account |
| Decision captures + reconciliations | Duration of account (calibration needs history) |
| Disconnected integration archive | 30 days post-disconnect, then hard-deleted |
| Logs + audit trail | 12 months rolling |
| Billing records | 7 years (US tax compliance) |
| Deleted-account residuals | 30 days for backup expiry, then hard-deleted |
Longer retention applies only when legally required (tax, legal hold).
§ 9 — Security
- In transit — TLS 1.3 for all network traffic.
- At rest — AES-256-GCM for sensitive fields (integration tokens, JWT signing keys); managed-database disk encryption.
- Access control — per-tenant row-level scoping; employee access is need-to-know behind SSO with audit logging.
- Secrets — fetched from a managed secrets vault at runtime; never committed to source.
- Responsible disclosure —
security@mijoro.com.
§ 10 — Cookies
We use only essential cookies: session state, CSRF tokens, and UI preferences (e.g., theme). No advertising, tracking, or cross-site cookies.
§ 11 — Children
The Service is not intended for anyone under 18. We do not knowingly collect data from children. Report concerns to privacy@mijoro.com.
§ 12 — Automated decision-making
Mijoro's outputs are algorithmic syntheses — informational, not determinative. They do not make decisions with legal or similarly significant effects on you. You retain full agency over every action taken on a Mijoro output.
§ 13 — Changes to this Policy
Material changes are announced at least 30 days in advance by email and on mijoro.com/privacy. Continued use after the effective date constitutes acceptance.
§ 14 — Contact
| Purpose | |
|---|---|
| Privacy questions + requests | privacy@mijoro.com |
| Security disclosures | security@mijoro.com |
| Legal notices | legal@mijoro.com |
| Support | support@mijoro.com |
Mailing address — Mijoro, Inc., c/o the Registered Agent on file with the Ohio Secretary of State.
Mijoro, Inc. — Executive Strategic Intelligence. © 2026. All rights reserved.