Privacy Policy

Last updated: June 2026

GDPR — AlignedSOC 2 Type 2 — In progressCASA Tier 2 — Certified

Quick summary

  • Mio only reads the Slack channels you invite it to, the DMs you have with the Mio app, and the integrations you explicitly connect.
  • We never use your data to train AI models.
  • EU customer data is hosted in the EU on Google Cloud (Paris, region europe-west9), encrypted in transit and at rest.
  • You can review what Mio can see, disconnect any integration, and delete all workspace data at any time from app.mio.xyz.
  • Questions or data requests: privacy@mio.xyz.

This summary is for convenience only — the full text below governs.

01What Information We Collect

We collect the information needed to operate Mio for your team. This includes account and workspace details provided when Mio is installed (workspace name, the installing admin's name and email, and Slack workspace and user IDs), and the content Mio is given access to in order to answer your questions and take actions.

  • Slack content — messages, threads, and shared files, but only in channels Mio has been invited to and in direct messages with the Mio app.
  • Integration data — content from third-party tools (such as Notion, Linear, Google Workspace, GitHub, or HubSpot) that a user explicitly connects, accessed using credentials stored in encrypted form.
  • Usage and diagnostic data — logs about how Mio is used, errors, and performance, used to operate and improve the service.

02How We Collect Your Information

We collect information directly from your use of Mio: when an admin installs the app, when users invite Mio to channels or message it, and when users connect optional integrations through standard OAuth. We do not buy personal data from third parties, and we do not collect data from Slack channels or tools you have not connected.

03How We Use Your Information

We use your information solely to provide and improve Mio: to answer questions about your company, prepare briefs and recaps, take the actions you request across connected tools, secure the service, and provide support. We process Slack and integration content only to fulfil the requests your team makes of Mio.

04No Usage of Data for Training AI/ML Models

We never use customer data to train, fine-tune, or otherwise improve any artificial-intelligence or machine-learning model — neither our own nor any third party's. Your messages, files, and integration data are used only to generate responses and take actions in the moment you request them. Our model providers process this data under contractual terms that prohibit training on it.

05Google Workspace Data — Limited Use

Mio's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google Workspace data (such as Gmail, Drive, and Calendar content) is used only to provide user-facing features you request, is never sold, is never used for advertising, and is never used to train generalised AI/ML models. Only the people on your team who need it to operate Mio can access it.

06Data Storage and Retention

Customer data is hosted on Google Cloud Platform in Paris, France (region europe-west9), with workflow orchestration in Frankfurt (region europe-west3). Data is encrypted in transit and at rest, and integration credentials are encrypted.

A workspace owner can delete all workspace data at any time from app.mio.xyz. When an account is terminated, we delete customer data within 30 days; encrypted backups are purged on a rolling basis after that, and may retain data for up to 14 days following deletion.

07Data Sharing and Disclosure

We do not sell your personal information. We share data only with the sub-processors that help us run Mio (such as our cloud host and model providers), each bound by contractual data-protection obligations, and only as needed to deliver the service. We may disclose information if required by law, to protect our rights or users' safety, or in connection with a merger or acquisition (in which case we will notify you).

A current list of sub-processors is available on our Security page and on request from security@mio.xyz.

08Security Measures

We protect your data with encryption in transit and at rest, encrypted integration credentials, SSO-backed authentication, documented access policies, audit logging, and the principle of least privilege across a small team. No system is perfectly secure, but we work continuously to protect your information and to respond quickly to any incident.

09Your Rights and Choices

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise much of this directly: review what Mio can see, disconnect integrations, remove Mio from channels, and delete workspace data from app.mio.xyz. For any other request, contact privacy@mio.xyz and we will respond in line with applicable law.

10Third-Party Services

Mio connects to third-party tools that you choose to authorise. Those services are controlled by their own providers and governed by their own privacy policies and terms. When you connect an integration, you authorise Mio to access data from it on your behalf; you can revoke that access at any time from the Mio dashboard or from the third-party service.

11Children's Privacy

Mio is a workplace product intended for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal data, contact privacy@mio.xyz and we will delete it.

12Changes to This Privacy Policy

We may update this policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify workspace admins. Your continued use of Mio after an update means you accept the revised policy.

13Contact Us

For privacy questions or to exercise your rights, contact privacy@mio.xyz. For security matters, contact security@mio.xyz. Mio is operated by Tools for Sovereignty Inc., Delaware, USA.