This Privacy Policy explains how MIMBAI (operated by Digital Solutions, Norway) collects, uses and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and Norwegian privacy law (Personopplysningsloven).
1. Data Controller
The data controller for MIMBAI is:
- Company: Digital Solutions
- Organisation number: 996 041 468
- Country: Norway
- Contact: post@barros.no
2. What Data We Collect
2.1 Data you provide
- Messages and prompts you send through the MIMBAI chat interface
- Email address and name when creating an account (coming in v1.1)
- Information submitted through the contact form
2.2 Data collected automatically
- Browser type, language and device type
- Pages visited and time spent (via Google Analytics 4, if accepted)
- IP address (anonymized)
- Cookie preferences
2.3 Data we do NOT collect
- We do not permanently store your AI conversations on our servers
- We do not sell your personal data to third parties
- We do not collect payment data directly (handled by Stripe in v1.1)
3. How We Use Your Data
- To provide and improve the MIMBAI AI platform
- To process your messages through the Anthropic Claude API
- To respond to contact form submissions
- To analyze platform usage and improve performance (analytics cookies, with consent)
- To comply with legal obligations
4. Third-Party Services
MIMBAI uses the following third-party services that may process your data:
- Anthropic (Claude API) — processes your chat messages to generate AI responses. Subject to Anthropic's privacy policy.
- Google Analytics 4 — usage analytics (only if you accept analytics cookies). Subject to Google's privacy policy.
- GitHub Pages — hosts the MIMBAI frontend. Subject to GitHub's privacy policy.
- Domeneshop AS — Norwegian hosting provider for the API server and database.
5. Cookies
MIMBAI uses the following types of cookies:
- Necessary: Required for the platform to function. Cannot be disabled.
- Analytics: Google Analytics 4 — helps us understand how MIMBAI is used. Only set with your consent.
- Marketing: Used for advertising and remarketing. Only set with your consent.
You can change your cookie preferences at any time using the cookie banner at the bottom of the page.
6. Data Retention
- Chat messages are processed in real time and not permanently stored
- Contact form submissions are retained for up to 24 months
- Analytics data is retained according to Google Analytics 4 default settings (14 months)
- Account data (v1.1): retained for the duration of your account plus 6 months after deletion
7. Your Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restriction — request restriction of processing
- Right to data portability — receive your data in a structured format
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, contact us at post@barros.no. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, secure server infrastructure in Norway, and access controls on all systems.
9. International Transfers
Your chat messages are processed by Anthropic (US-based). This transfer is covered by Anthropic's Standard Contractual Clauses and Data Processing Agreement in compliance with GDPR Article 46.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of MIMBAI after changes constitutes acceptance of the updated policy.
11. Contact & Complaints
For privacy-related questions or to exercise your rights, contact us at post@barros.no.
You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet): datatilsynet.no