Privacy Policy - MIMICX AI | Advanced AI Foundation Models & Physical Robotics

At MIMICX AI, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI foundation models, physical robotics platforms, and related services.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, company name, job title, and authentication credentials
Billing Information: Payment details, billing address, and transaction history
Demo Requests: Information submitted through demo request forms including use cases and company size
Communications: Messages, feedback, and support inquiries you send to us
API Usage Data: Training data, prompts, and inputs submitted to our AI models

1.2 Automatically Collected Information

Usage Data: API calls, model interactions, feature usage, and performance metrics
Device Information: IP address, browser type, operating system, and device identifiers
Cookies and Tracking: Session data, preferences, and analytics information (see our Cookie Policy)
Technical Logs: Error logs, system diagnostics, and security event data

2. How We Use Your Information

2.1 Service Provision

Provide access to our AI foundation models and physical robotics platforms
Process API requests and deliver model responses
Maintain and improve our AI models and services
Provide customer support and respond to inquiries
Send service-related notifications and updates

2.2 Model Improvement and Research

Train and improve our AI models (with your consent)
Conduct research and development in AI and robotics
Analyze usage patterns to enhance user experience
Develop new features and capabilities

Important: We do not use your proprietary data or model inputs to train our foundation models without your explicit consent. Custom training data remains your property.

2.3 Business Operations

Process payments and manage subscriptions
Prevent fraud and ensure security
Comply with legal obligations
Send marketing communications (with your consent)

3. Data Sharing and Disclosure

3.1 We Share Your Information With:

Service Providers: Cloud hosting (AWS, Google Cloud), payment processors, and analytics providers
Business Partners: NVIDIA Inception Program, Google for Startups, and integration partners
Legal Requirements: When required by law or to protect our rights and safety
Business Transfers: In connection with mergers, acquisitions, or asset sales

3.2 We Do Not:

Sell your personal information to third parties
Share your proprietary training data without consent
Use your API inputs for advertising purposes
Provide your data to competitors

4. Data Security

We implement industry-standard security measures to protect your data:

Encryption: Data in transit (TLS 1.3+) and at rest (AES-256)
Access Controls: Role-based access, multi-factor authentication, and audit logs
Infrastructure Security: SOC 2 compliant data centers, regular security audits
Model Security: Isolated training environments and secure API endpoints
Incident Response: 24/7 monitoring and rapid response protocols

5. Data Retention

Account Data: Retained while your account is active and for 90 days after closure
API Logs: Retained for 30 days for debugging and security purposes
Training Data: Retained as specified in your agreement or until deletion request
Billing Records: Retained for 7 years to comply with tax and accounting regulations

6. Your Rights and Choices

6.1 Access and Control

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal data (subject to legal requirements)
Export: Download your data in a portable format
Opt-Out: Unsubscribe from marketing communications

6.2 AI-Specific Rights

Opt-out of having your data used for model training
Request deletion of custom training data
Access information about model decision-making (where applicable)

7. International Data Transfers

MIMICX AI operates globally. We transfer and process data in the United States and other countries where we or our service providers operate. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) for EU data transfers
Adequacy decisions where applicable
Privacy Shield principles (where relevant)
Data localization options for enterprise customers

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. AI and Machine Learning Specific Practices

9.1 Model Training

We use aggregated, anonymized data to improve foundation models
Custom training data is isolated and used only for your specific models
You retain ownership of your training data and model outputs

9.2 Bias and Fairness

We implement bias detection and mitigation techniques
Regular audits of model outputs for fairness
Transparent reporting of model limitations

9.3 Explainability

We provide model cards with performance metrics and limitations
Documentation of training data sources and methodologies
Tools for understanding model behavior (where available)

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Email notification to your registered email address
Prominent notice on our website
In-app notification (for API users)

Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Contact Information

Email: privacy@mimicx.ai
Data Protection Officer: dpo@mimicx.ai
Website: https://mimicx.ai
Address: MIMICX AI by Speedpresta, 7 Rue de Madrid, 75008 Paris, France

Response Time: We will respond to privacy requests within 30 days.

12. Legal Compliance

This Privacy Policy complies with:

GDPR: EU General Data Protection Regulation
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act
PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
AI Act: EU Artificial Intelligence Act (in preparation)

This policy is effective as of December 27, 2025. For previous versions, please contact us.