Privacy Policy
Effective date: 25 May 2026 Last updated: 25 May 2026
1. Who we are
Miming ("Miming", "we", "us", "the Service") is operated by Cyrus David Pastelero, an individual sole proprietor based in the Philippines ("Operator"). The Service is available at https://social-media-content-pi.vercel.app.
For any privacy question or to exercise your rights, contact us at support@miming.io.
2. Scope
This Policy explains what personal information we collect when you use the Service, why we collect it, who we share it with, and the rights you have. It applies to our website, app, and the AI brand-book / content-generation features. It does not cover third-party sites we link to.
3. Information we collect
a. Account information. Email address and authentication credentials (your password is hashed and managed by our authentication provider — we never see it in plaintext), and a user identifier.
b. Content you provide ("Briefs" and inputs). The niche description, audience, goals, example creators, and any free-text or pasted material ("raw material") you submit so we can generate your brand book and content. This may contain personal information if you choose to include it — please do not paste sensitive personal data you don't want processed.
c. Generated content. The brand books, sections, and other documents the Service creates for you, plus generation metadata (timestamps, model used, status, token/usage counts for billing and quota).
d. Billing information. Subscriptions are sold and processed by our payment provider, Lemon Squeezy, which acts as Merchant of Record (see §6). Lemon Squeezy collects your name, billing address, and payment details — we do not receive or store your full card number. We store only your subscription status, plan, billing period, and the provider's customer/subscription identifiers.
e. Technical & usage data. IP address, browser/device information, log data, and essential cookies (see §11) needed to run the Service and keep you signed in.
f. Communications. If you join a waitlist or email us, we collect your email and message.
We do not knowingly collect sensitive personal information (as defined by the DPA) and ask that you not submit it.
4. How and why we use your information (lawful bases)
| Purpose | Data used | Lawful basis (DPA) |
|---|---|---|
| Create and manage your account | account info | Contract / consent |
| Generate your brand book & content | briefs, inputs | Contract (performance of service) |
| Bill you and prevent abuse / enforce quotas | billing, usage, technical | Contract; legitimate interest |
| Operate, secure, and improve the Service | technical, usage | Legitimate interest |
| Respond to you / send service notices | communications, account | Consent; legitimate interest |
We do not sell your personal information, and we do not use your Briefs, inputs, or generated content to train our own or third parties' AI models for unrelated purposes.
5. How AI generation handles your content
To generate your brand book, the content you submit is sent to a large language model (currently Anthropic Claude) through the Vercel AI Gateway.
- The AI Gateway is configured for zero data retention of request/response content.
- The model provider processes your input to return a result and, per its API terms, does not use API content to train its models; it may retain content briefly only for abuse-monitoring as required by its policies.
- We send only what is needed to fulfill your request. We do not send your payment details to the model.
6. Who we share information with (sub-processors)
We share personal information only with service providers that help us run the Service, under contractual safeguards. We do not sell it.
| Sub-processor | Purpose | Approx. location |
|---|---|---|
| Vercel Inc. | Hosting, edge/network, AI Gateway routing | USA |
| Supabase | Database, authentication, file storage | Singapore (ap-southeast-1) |
| Anthropic (via Vercel AI Gateway) | AI text generation | USA |
| Lemon Squeezy (Merchant of Record) | Payments, subscriptions, invoicing, tax | USA / global |
We may also disclose information if required by law, to enforce our Terms, or to protect rights, safety, and security.
7. International data transfers
We are based in the Philippines, but the providers above process data outside the Philippines (e.g., Singapore and the USA). Where we transfer personal information abroad, we rely on the providers' contractual and security commitments and take reasonable steps consistent with the DPA to protect it. By using the Service you understand your information may be processed in these locations.
8. Data retention
- Account, Briefs, and generated content: kept while your account is active and for a reasonable period afterward, then deleted or anonymized, unless we must retain records to comply with law, resolve disputes, or enforce agreements.
- Billing records: retained as required by tax/accounting law.
- You can request deletion at any time (see §10); some records may be retained where the law requires.
9. How we protect your information
We use reasonable organizational, physical, and technical measures — encryption in transit, hashed credentials, access controls, tenant isolation (row-level security so one account cannot access another's data), and provider-level safeguards. No method is 100% secure, but we work to protect your data and will notify you and the National Privacy Commission of a personal-data breach as required by the DPA.
10. Your rights
Under the Data Privacy Act of 2012, you have the right to: be informed; access your data; object to processing; have inaccurate data rectified; have data erased or blocked (where applicable); data portability; be indemnified for damages; and to file a complaint with the National Privacy Commission (privacy.gov.ph).
If you are in the EEA/UK (GDPR) or California (CCPA/CPRA), you also have the corresponding rights of access, deletion, correction, portability, and to opt out of "sale"/"sharing" (we do not sell or share personal information for cross-context behavioral advertising).
To exercise any right, email support@miming.io. We will verify your identity and respond within the period required by applicable law.
11. Cookies
We use only essential cookies required to authenticate you and keep your session (set by our authentication provider) and to remember preferences such as theme. We do not use third-party advertising or cross-site tracking cookies. You can block cookies in your browser, but the Service may not function.
12. Children
The Service is not intended for, and we do not knowingly collect data from, individuals under 18. If you believe a minor has provided us data, contact us and we will delete it.
13. Changes to this Policy
We may update this Policy. We will post the new "Last updated" date and, for material changes, provide reasonable notice (e.g., email or in-app). Continued use after changes means you accept the updated Policy.
14. Contact
Cyrus David Pastelero Email: support@miming.io
You may also lodge a complaint with the National Privacy Commission of the Philippines: complaints@privacy.gov.ph · privacy.gov.ph.