Privacy First: How We Handle Your Data

When you chat with an AI assistant about your personal life — your schedule, your health questions, your finances — you're trusting it with sensitive information. We take that trust seriously.

Here's exactly how Mizar handles your data, with no marketing spin.

What we collect

Messages: We store your conversation history so Mizar can maintain context and memory. Messages are encrypted at rest using AES-256 encryption.

Personal memories: Facts Mizar learns about you (your name, preferences, etc.) are stored separately and are fully visible and editable in your dashboard.

Documents: Files you upload to the knowledge base are processed into searchable chunks and stored encrypted. Original files are deleted after processing.

Usage metadata: We collect basic analytics — message counts, feature usage, error rates — to improve the product. This data is aggregated and anonymized.

What we don't do

We don't train on your data. Your conversations are never used to train, fine-tune, or improve AI models. Not ours, not anyone else's.

We don't sell your data. We have no advertising business. Your information is never shared with third parties for marketing purposes.

We don't read your messages. No human at Mizar reads your conversations. The only time a human might see message content is if you explicitly report a bug and include conversation details.

We don't keep data after deletion. When you delete a conversation, a memory, or your entire account, it's gone. We don't maintain shadow copies or backups that persist after deletion.

How encryption works

All data in transit is encrypted using TLS 1.3. All data at rest is encrypted using AES-256. Your messages travel encrypted from WhatsApp to our servers, are processed in memory, and stored encrypted in our database.

We use Supabase as our database provider, which itself provides row-level security and encryption at the infrastructure level.

Third-party AI providers

Mizar uses Google's Gemini models to generate responses. When we send your message to Google's API, it's covered by Google's API terms of service, which state that API data is not used for model training.

We don't send your entire conversation history with every request — only the relevant context needed to generate a good response. This minimizes the data exposure to third-party providers.

Your controls

From your Mizar dashboard, you can:

• •View all memories: See everything Mizar has learned about you
• •Edit or delete memories: Remove anything you don't want Mizar to remember
• •Delete conversations: Remove any conversation from history
• •Delete documents: Remove uploaded files from your knowledge base
• •Delete your account: Permanently remove all data associated with your account

Our infrastructure

Mizar runs on infrastructure hosted in the EU (Frankfurt). We use:

• •Supabase for database and authentication
• •Google Cloud for AI model inference
• •Cloudflare for edge protection and DDoS mitigation

We conduct regular security audits and follow OWASP guidelines for application security.

Questions?

If you have questions about how we handle your data, reach out at privacy@mizar.app. We're committed to being transparent about our practices and will update this post as our infrastructure evolves.