Privacy & Compliance
MiOffice processes all files locally in your browser. No uploads, no servers, no cross-border transfers. Every privacy framework is satisfied by architecture.
International Privacy Frameworks
GDPR
European Union
General Data Protection Regulation. No personal data collected, no cross-border transfers of file data, no data processing agreements needed for file operations.
UK GDPR
United Kingdom
UK implementation of GDPR (Data Protection Act 2018). Same client-side architecture means no UK data processing obligations for file operations.
CCPA / CPRA
California, USA
California Consumer Privacy Act & California Privacy Rights Act. No personal information from file processing is sold, shared, or collected.
LGPD
Brazil
Lei Geral de Protecao de Dados. Client-side processing means no dados pessoais are collected or transferred. No DPO appointment required for file data.
DPDPA
India
Digital Personal Data Protection Act 2023. No personal data fiduciary obligations for file processing — all data stays on the user's device.
PIPEDA
Canada
Personal Information Protection and Electronic Documents Act. No collection, use, or disclosure of personal information from file processing.
APPI
Japan
Act on Protection of Personal Information. No handling of personal information from file content. No cross-border data transfer of user files.
Privacy Act 1988
Australia
Australian Privacy Act & APPs. No collection of personal information from file processing. Files processed entirely in the user's browser.
EU-U.S. Data Privacy Framework
EU / USA
Framework for EU-U.S. personal data transfers. Self-certification in progress. Note: MiOffice does not transfer file data between jurisdictions.
Why Client-Side = Inherently Compliant
No Data Collection
Files are processed entirely in your browser using WebAssembly (FFmpeg, ONNX Runtime, Tesseract). No file content ever reaches our servers.
No Cross-Border Transfer
Since files never leave your device, there are no international data transfers to regulate. SCCs, BCRs, and adequacy decisions are not applicable to file data.
No Subprocessors for Files
No third-party services process your files. Our subprocessors (listed below) only handle anonymous analytics and infrastructure — never file content.
Data Residency
Your Files Stay on Your Device
MiOffice uses WebAssembly to run FFmpeg (video), ONNX Runtime (AI), Tesseract (OCR), and ZetaJS (office documents) directly in your browser. Files are loaded into browser memory, processed, and the output is saved to your local disk. At no point do files transit through any server.
This means your data residency is always your own device — regardless of where you access MiOffice from. There is no server-side storage, no cloud backup, and no data retention policy needed for file content.
Subprocessors
These services support MiOffice infrastructure and analytics. None process user file content.
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Cloudflare | CDN, DNS, DDoS protection | HTTP requests (no file content) | Global edge network |
| Google Analytics | Anonymous page view analytics | Anonymized page views, no PII | United States |
| Umami | Privacy-first analytics (self-hosted) | Anonymous page views, no cookies | Self-hosted (NYC VPS) |