Privacy Policy

1. Introduction

This Privacy Policy explains how JSVV SOLS LLC, a Virginia limited liability company ("Company", "we", "us", or "our"), handles your information when you use MiOffice AI — including our website, browser extensions, mobile apps, and any related services (collectively, the "Service") at mioffice.ai and its subdomains.

By using the Service, you agree to the practices described here. If you don't agree, please stop using the Service.

2. How MiOffice AI Works — Two Processing Modes

2.1 In-Browser Processing (Most Applications)

The majority of MiOffice AI applications process files entirely in your browser, on your own device. For these applications:

• Your files stay in your browser's memory — they never leave your device
• Your own device does all the work
• Results are created locally and are never sent to any server
• We literally cannot see, access, or store your files

This includes: all PDF, image, basic video, basic audio, scanner, document conversion, file/archive, and P2P applications.

2.2 Server Processing (AI-Powered Applications)

Some AI-powered applications need powerful GPU servers to work. For these applications:

• Your files are sent over encrypted connections to our secure servers
• Files are processed in isolated, temporary environments that are deleted right away
• All uploaded files and results are automatically and permanently deleted as soon as processing finishes — or within 60 minutes at most, whichever comes first
• No copies, backups, or caches of your files are ever kept
• Our processing servers are stateless — they don't remember anything between requests

This includes: AI background removal, image upscaling, photo colorization, face enhancement, voice cloning, text-to-speech, audio transcription, vocal separation, video enhancement, auto captions, video translation, image generation, music generation, document translation, document summarization, OCR, and other AI applications. These are clearly labeled in the interface.

2.3 Server Fallback

Occasionally, an application that normally works in your browser may need to use our servers instead — for example, if your browser doesn't support a particular file format. When this happens, the same deletion guarantees from Section 2.2 apply, and you'll be notified.

3. Information We Collect

3.1 Your Files

For in-browser applications: Nothing. We have zero access to your files, file names, metadata, or anything about them.

For server-processed applications: Files are processed in memory and immediately deleted. We don't log file names, look at file contents, or keep any part of your files. We may log the file size and what kind of processing was done (e.g., "upscale image, 2.4 MB") for planning purposes — never file contents or names.

3.2 Account Data (When You Sign In)

If you create an account, we collect:

• Email address (from your sign-in provider — Google, GitHub, Apple, Facebook, or X)
• Display name and profile picture (as provided by your sign-in provider)
• Which sign-in provider you used (e.g., "Google")

We never see or store your password — sign-in is handled entirely by your chosen provider (Google, Apple, etc.). You can use MiOffice without creating an account. Signing in is optional and lets you purchase credits and view your processing history.

3.3 Payment Data

Payments are handled entirely by Stripe. We never see or store your full card number, CVV, or bank details. Stripe shares with us only:

• Last four digits of your card (for display only)
• Card brand (e.g., Visa, Mastercard)
• Billing email address
• Transaction amount, currency, and status
• A Stripe customer ID (a random identifier)

Stripe's own privacy policy governs how they handle your payment data: stripe.com/privacy. Stripe holds the highest level of payment security certification.

3.4 Analytics Data

We collect anonymous, aggregated usage statistics:

• Which applications are used (e.g., "Merge PDF" was used — not what was merged)
• General location (country level only — we don't store your IP address)
• Browser type, operating system, and screen size
• Page views, session length, and how you found us
• Site performance metrics

This data cannot identify you personally or reveal anything about your files.

3.5 Technical Data

• IP Address: Recorded in standard server logs for security and abuse prevention. Deleted after 30 days. Not linked to your analytics data or account.
• Browser Identifier: A locally-generated ID stored in your browser for the credit system. It stays in your browser unless you make credit-related requests. It's not used to track you across other sites.
• Push Notifications: If you opt in to browser notifications, we store your push notification settings. You can turn this off anytime in your browser settings.

3.6 Email Communications

If you share your email (by creating an account or signing up for updates), we may send:

• Payment receipts and credit balance updates
• Product updates and new application announcements
• Tips and guides related to applications you've used

Every marketing email has a one-click unsubscribe link. You can also manage your preferences at /account/email-preferences or email [email protected]. We honor all unsubscribe requests within 48 hours.

4. How We Use Information

We use the information we collect only for:

• Running the service: Processing your files, managing credits, signing you in
• Making things better: Analyzing anonymous usage patterns to improve our applications
• Keeping things safe: Detecting abuse, preventing fraud, protecting our systems
• Staying in touch: Sending receipts, responding to support requests
• Following the law: Responding to valid legal requests

We do not:

• Sell, rent, or trade your personal information to anyone
• Use your files to train AI models or any automated systems
• Share your data with advertisers for targeting
• Build profiles about you for automated decision-making
• Use your data for anything not listed in this policy

5. Third-Party Services We Use

We work with the following services. None of them have access to your file contents:

6. Cookies & Local Storage

We don't use advertising cookies, cross-site tracking, or behavioral targeting cookies. You can clear all MiOffice data by clearing your browser's site data for mioffice.ai.

7. Data Security

We take security seriously. Here's what we do:

• Everything is encrypted in transit: All connections use HTTPS, always. Our site always uses encrypted connections and cannot be accessed over unencrypted HTTP.
• Data is encrypted at rest: Database information is encrypted using strong encryption.
• Locked-down servers: Firewalls, isolated processing environments, DDoS protection via Cloudflare, and automatic security certificate management.
• Nobody can access your files: In-browser files never reach our servers, and server-processed files are deleted immediately.
• Email security: We use industry-standard email security protocols to protect our communications.
• Payment security: We never touch your card details — that's all handled by Stripe.
• Temporary AI processing: GPU servers are stateless and isolated. No permanent storage is attached — everything is wiped after each use.

While we take reasonable measures to protect your information, no system is 100% secure. We can't guarantee absolute security, but we work hard to get as close as possible.

8. GDPR — European Union & UK Users

Under the General Data Protection Regulation (GDPR) and UK GDPR, you have these rights:

• Right of Access (Art. 15) — Get a copy of your personal data
• Right to Rectification (Art. 16) — Fix inaccurate data
• Right to Erasure (Art. 17) — Have your data deleted ("right to be forgotten")
• Right to Restrict Processing (Art. 18) — Limit how we use your data
• Right to Data Portability (Art. 20) — Get your data in a portable format
• Right to Object (Art. 21) — Say no to processing based on our legitimate interests
• Right to Withdraw Consent — Take back your consent anytime
• Right to Lodge a Complaint — File a complaint with your local data protection authority

Why we process your data:

• To provide the service (Art. 6(1)(b)): Processing your files, managing your account and credits
• Our legitimate interests (Art. 6(1)(f)): Analytics to improve the service, security, fraud prevention
• Your consent (Art. 6(1)(a)): Marketing emails, push notifications

To exercise any of these rights, email [email protected]. We'll respond within 30 days. We may need to verify your identity first.

Data Protection Officer: For GDPR questions, contact [email protected].

9. CCPA / CPRA — California Residents

Under California's privacy laws (CCPA and CPRA):

• We do not sell your personal information. Never have, never will.
• We do not share your personal information for cross-site advertising.
• You can ask what personal information we've collected (see Section 3).
• You can ask us to delete your personal information.
• You can ask us to correct inaccurate information.
• You can opt out of the sale or sharing of personal information (not applicable — we don't sell or share).
• We will never discriminate against you for exercising your rights.

What we've collected in the past 12 months: Identifiers (email, IP address), internet activity (pages visited, applications used), and commercial information (purchase history). We do not collect sensitive personal information.

To make a request, email [email protected] with the subject line "CCPA Request".

10. International Privacy Laws

10.1 LGPD — Brazil

Under Brazil's data protection law (LGPD), Brazilian users have rights similar to GDPR — including access, correction, anonymization, deletion, and data portability. Contact [email protected] to exercise these rights.

10.2 PIPEDA — Canada

Under Canada's privacy law (PIPEDA), Canadian users may request access to and correction of their personal information.

10.3 POPIA — South Africa

Under South Africa's privacy law (POPIA), South African users have the right to access, correct, and delete personal information.

10.4 DPDPA — India

We comply with India's Digital Personal Data Protection Act (DPDPA) 2023. Indian users have rights to access, correction, erasure, and grievance redressal.

11. International Data Transfers

Our main servers are in the United States, with an additional server in Mumbai, India for faster performance. By using the Service, you agree that your information may be processed in these locations, which may have different data protection laws than your country.

For transfers from the EU/EEA/UK, we use EU-approved data transfer agreements where applicable. Cloudflare and Stripe maintain their own protections for international data transfers.

12. Data Retention

13. Children's Privacy

MiOffice is not designed for children under 13 (or under 16 in the EU/EEA). We don't knowingly collect information from children. If we find out a child has given us personal information, we'll delete it right away. If you believe a child has shared information with us, please let us know at [email protected].

14. Do Not Track Signals

We respect Do Not Track (DNT) browser signals. When DNT is on, our self-hosted analytics (Umami) won't record your visit. Google Analytics follows Google's own DNT policies. You can also opt out of Google Analytics entirely by installing the Google Analytics Opt-out Add-on.

15. Data Breach Notification

If there's ever a data breach that affects your personal information, we'll notify you by email within 72 hours of finding out, as required by GDPR. We'll also notify the relevant authorities where required by law. We'll tell you what happened, what it might mean for you, and what we're doing about it.

16. Browser Extensions & Mobile Applications

Our browser extensions (Chrome, Firefox, Edge, Safari) follow the same privacy principles as the website. They don't access your browsing history, bookmarks, passwords, or data from other websites. They only do anything when you actively use them. Mobile applications follow the same practices described in this policy.

17. Peer-to-Peer (P2P) Features

Some features (Screen Share, File Transfer, Collaborative Notes) connect you directly to other people's browsers. Data flows straight between you and them — it doesn't go through our servers. P2P file transfers use end-to-end encryption. Our server only helps set up the initial connection and can't see what you're sharing.

18. AI Model Training Disclaimer

19. Changes to This Policy

We may update this policy as things change. When we make significant changes, we will:

• Update the "Last updated" date at the top
• Show a notice on the site (like a banner)
• Email registered users about major changes

If you keep using MiOffice after changes take effect, that means you accept the updated policy.

20. Contact Us

For privacy questions, data requests, or complaints:

• Email: [email protected]
• General Contact: [email protected]
• Company: JSVV SOLS LLC
• Address: 4100 Lafayette Center Dr #111, Chantilly, VA 20151, United States

We aim to respond to all privacy-related inquiries within 30 days.