Privacy Policy

Version: 1.0

Last Updated: 9 December 2025

Welcome to MiyaAI. For users in the United Kingdom, this policy is compliant with the UK GDPR and the Data Protection Act 2018. We are committed to protecting your personal data.

1. Controller & UK Representative

Data Controller

TECH ENGINES S.R.L. Via San Jacopino 24 Florence, Italy
Data Protection Officer: dpo@techengines.ai

2. Data We Collect

We collect various categories of personal data, including:

  • Identity Data: email.
  • Profile Data: Username, interests, and insurance certifications for insurance professionals.
  • AI Inputs: Content you voluntarily upload and insert to our AI services. (Note: We do not use your private inputs to train our public models without explicit consent).
  • Technical Data: IP address, device ID, and browser logs.

3. Purpose & Legal Basis

We process your data based on the following legal grounds under UK GDPR:

PurposeLegal Basis
Service ProvisionContract Performance (Art. 6.1.b)
Marketing (New Customers)Explicit Consent (Art. 6.1.a)
Soft-Spam (Existing Clients)Legitimate Interest (PECR Soft Opt-in)
Legal ComplianceLegal Obligation (UK Tax/Civil Law)

4. Data Recipients & Sub-processors

We do not sell your personal data. We share data only with selected third-party service providers ('Processors') who act on our behalf under strict contractual obligations:

  • AI Service Provider: Google Cloud (Vertex AI) for generating responses (Paid API).
  • Cloud Infrastructure: Hosting and database services located in the EEA that are provided by third-party providers (e.g., Vercel, Neon, Upstash) to store your data and deliver the website.
  • Payment Processors: Entities like Stripe or PayPal to handle billing information securely (we do not store credit card details).
  • Public Authorities: If required by law or to protect our legal rights.

5. Data Location & International Transfers

Your personal account data and saved documents are stored in our private database in Frankfurt, Germany (EU). For AI generation, input text is transmitted to Google Cloud (Processor). This processing may occur globally (including the USA). This transfer is legally protected by the [Google Cloud Data Processing Addendum](https://cloud.google.com/terms/data-processing-addendum), which ensures your data is not used for training and is treated in accordance with GDPR standards. We are not liable for service interruptions caused by third-party infrastructure providers (e.g., cloud hosting outages, API failures).

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Active Account Data
Retained as long as your account is active.
Invoices & Transaction Data
10 years (Required by Italian Civil/Tax Law).
Marketing Data
Until you unsubscribe or withdraw consent.
Technical Logs
6 months (For security auditing).
AI Input History
Retained securely for user history unless manually deleted by user.

7. Your Rights

Under the UK GDPR, you have the right to:

  • Access your data
  • Rectify incorrect data
  • Request erasure (Right to be forgotten)
  • Restrict processing
  • Data Portability
  • Object to processing

Right to Complain

If you believe we have mishandled your data, you have the right to complain to the Information Commissioner's Office (ICO).