This policy explains how Mitra (“we,” “us,” or “our”) handles personal information when you use our website, the Mitra web app, the agents you build and run, and related services (together, the “Service”). If you do not agree, please do not use the Service.
Who we are and how to reach us
The Service is provided by the team behind the Mitra product. For privacy questions and requests, contact us at help@mitra.run.
What this policy covers
This policy describes our practices for information we process in connection with the Service. It does not govern the third-party sites, apps, or services you connect to Mitra, or that we link to. Those services have their own policies.
Information we collect
Depending on how you use the Service, we may collect:
- Account and contact information. For example, your email address, authentication details, and similar identifiers you provide when you sign in or get started.
- Agents and instructions. The plain-English descriptions, configurations, schedules, and triggers you create to define what your agents do.
- Connected-app data. When you connect a third-party app or service, we access the data and permissions you authorize so your agents can read information and take actions in those accounts, as described when you connect. This may include content, records, and identifiers within the scope you grant.
- Agent activity and run records. Data we generate or store as part of the product: agent runs, inputs and outputs, action history, logs, and credit usage — including a timeline of what your agents did.
- Technical and usage data. For example, device or browser type, general log data, IP address, and diagnostic information from our hosting and background systems, used to operate and secure the Service and understand reliability issues.
- Billing data. If you subscribe or buy credits, our payment provider processes card or wallet details. We receive limited subscription status and billing-related records from the provider (for example, customer identifiers and payment events), not your full card number.
How we collect information
We obtain information when:
- you provide it to us through the web app or onboarding;
- you connect third-party apps and services with your consent;
- your agents create, read, or infer it in the course of running (for example, run outputs and action records);
- our service providers and infrastructure generate logs or records as part of operating the Service.
How we use information
We use personal information to:
- provide, maintain, and improve the Service, including building and running your agents;
- run agents on your behalf using the connections and instructions you configure, and take the actions you authorize in those connected apps;
- notify you about agent activity, results, or product updates you expect as part of the Service;
- authenticate users, protect security, and prevent abuse;
- process payments, meter credit usage, and fulfill refund policies we publish;
- comply with law, respond to lawful requests, and enforce our terms;
- analyze and improve our models, workflows, and reliability, including through trusted subprocessors and AI providers, as described below.
We do not sell your personal information in the conventional sense of selling data to data brokers, and we do not use it for third-party marketing unrelated to the Service.
AI and automated processing
Mitra uses artificial intelligence and automation to interpret your instructions, decide how agents run, and carry out the actions you configure. You stay in control of what your agents are allowed to do through the connections you grant and the settings you choose.
You should expect automated outputs and actions to be fallible. Review what an agent is set up to do before relying on it, especially for high-stakes decisions.
Legal bases (EEA, UK, and similar regions)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases, depending on the activity:
- Contract — processing necessary to provide the Service you ask for, including account setup and running the agents you configure.
- Legitimate interests — for example, securing the Service, understanding aggregate reliability, preventing fraud, and improving the product, where your interests and fundamental rights do not override those interests.
- Consent — where we ask for it (for example, for certain connections or marketing beyond core service messages), and you may withdraw it as described in those flows.
- Legal obligation — where the law requires us to process or retain data.
How we share information
We share personal information with vendors that help us run the Service (“subprocessors”). Depending on your use, this may include providers for:
- cloud hosting, edge compute, databases, and file storage;
- the third-party apps and APIs you choose to connect;
- payment processing and, through them, card networks;
- AI and developer infrastructure, including the model providers we configure for language and reasoning tasks;
- background jobs and queueing for durable, always-on execution;
- observability, logging, and analytics for reliability.
We can provide more detail about our current subprocessors on request. We may also share information if we in good faith believe it is required by law, to protect our users or the public, or in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards where the law allows.
International transfers
We are based in the United States. If you use the Service from elsewhere, your information will be processed in the United States and in other countries where our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers. You may request more detail on these safeguards by contacting us.
Retention
We keep personal information only as long as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Actual periods depend on the type of data and your use of the product; in many cases you can request deletion of your account data as described below, subject to legal and technical limits (for example, limited backups or records we must retain for financial compliance).
Security
We implement technical and organizational measures appropriate to the nature of the Service, including access controls, encryption in transit where industry-standard for our stack, and vendor diligence. No system is completely secure; we cannot guarantee absolute security.
Your rights and choices
Depending on where you live, you may have the right to access, correct, delete, or export your personal information; to object to or limit certain processing; to withdraw consent where processing was consent-based; and to lodge a complaint with a data protection authority.
California and other U.S. states. Residents may have rights under applicable state laws (for example, to know the categories of personal information collected, to request deletion, and, where applicable, to opt out of “sale” or “sharing” as defined in those laws). We do not sell your personal information as those terms are commonly used for data monetization, and we describe our practices above.
To exercise a right, contact help@mitra.run. We will verify and respond in line with applicable law. We will not discriminate against you for exercising these rights, where prohibited.
Website and cookies
Our site and app use essential cookies and similar technologies needed for login, security, and basic operation, and we use privacy-respecting product analytics to understand usage and reliability. If we make material changes to how we use cookies or analytics, we will update this policy and any consent experience accordingly.
Children
The Service is not intended for anyone under 18, and we do not knowingly collect personal information from them. If you believe we have, contact us and we will take appropriate steps to delete it.
Changes to this policy
We may update this policy from time to time. When we do, we will change the “last updated” date at the top of this page and, for material changes, take additional steps as appropriate (such as in-product notice). Continued use of the Service after the effective date of an update means you accept the revised policy, to the extent permitted by law.
Contact
Questions about this policy? Write to help@mitra.run.