1. Who we are
MimoLabs ("we", "us", "our") operates the website mimolabs.ai and the Mimo product platform. We are the data controller responsible for your personal data.
For privacy-related questions, contact us at [email protected].
2. Data we collect
Information you provide
- Email address — when you join our waitlist
- Survey responses — if you complete the optional waitlist survey (role, experience, equipment, use cases)
- Project descriptions — if you share what you're building
Information collected automatically
- IP address — for rate limiting and bot prevention
- Device and browser information — user agent, screen resolution, operating system
- Usage data — pages visited, time on page, referral source (collected via PostHog analytics)
- Referral data — if you arrived via a referral link, we associate your signup with the referrer
Information from third parties
- Email validation results — we verify email addresses via DeBounce to prevent invalid or disposable signups
- Bot detection signals — Cloudflare Turnstile provides an invisible challenge to distinguish humans from bots
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Process your waitlist signup and manage your account | Contract performance |
| Send verification and transactional emails | Contract performance |
| Send product updates and launch announcements | Legitimate interest (you can unsubscribe anytime) |
| Analyze site usage and improve our service | Legitimate interest |
| Prevent fraud, abuse, and bot signups | Legitimate interest |
| Build advertising audiences for retargeting | Consent (via cookie banner) |
4. Third parties who receive your data
We share data only with service providers who process it on our behalf:
| Provider | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosting, CDN, bot protection, database | IP address, request data |
| Resend | Transactional and marketing email | Email address |
| PostHog | Product analytics | Usage data, device info (cookieless mode) |
| DeBounce | Email validation | Email address |
| Tag management, advertising (via GTM, consent-gated) | Page views, conversion events | |
| Meta | Advertising (via GTM, consent-gated) | Page views, conversion events |
Advertising pixels (Google, Meta, LinkedIn, TikTok) only fire after you grant marketing cookie consent. PostHog runs in cookieless mode and does not require consent.
5. Cookies and tracking
Essential cookies are used for site functionality (e.g., bot protection). These do not require consent.
Analytics — PostHog operates in cookieless mode. No analytics cookies are set.
Marketing cookies — Retargeting pixels from Google, Meta, LinkedIn, and TikTok are loaded only after you provide explicit consent via our cookie banner. You can withdraw consent at any time.
6. Data retention
- Waitlist data — retained until you request deletion or until the waitlist program concludes
- Analytics data — retained for 12 months, then automatically deleted
- Email communication records — retained for 24 months for deliverability and compliance
- Server logs — retained for 30 days by Cloudflare
7. Your rights
Under GDPR and applicable data protection laws, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interest
- Withdraw consent — for processing based on consent (e.g., marketing cookies)
To exercise any of these rights, email [email protected]. We will respond within 30 days.
8. Data security
We protect your data with:
- HTTPS encryption on all connections
- Encrypted database storage (Cloudflare D1)
- Email authentication (SPF, DKIM, DMARC) to prevent spoofing
- Rate limiting and bot protection on all API endpoints
- No passwords stored — the waitlist system uses email-based verification
9. International transfers
MimoLabs is based in the United States. Your data may be processed by our service providers in the US and other countries. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or the provider's EU-US Data Privacy Framework certification.
10. Children's privacy
Our service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at [email protected] and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to waitlist members or by a prominent notice on the site. The "Last updated" date at the top reflects the most recent revision.
12. Contact
For any privacy-related questions or to exercise your rights:
- Email: [email protected]
- Company: MimoLabs
- Location: United States