Privacy Policy

Last updated: March 12, 2026

1. Who We Are

This website is operated by:

Mill AI

Address: Warsaw, Poland

Email: [email protected]

2. What Data We Collect

We only collect what we need to operate the website:

  • Technical data - IP address, browser type (for security and analytics)
  • Contact data - if you email us (email address, message content)

3. Why We Process Your Data

Purpose Legal Basis (GDPR)
Responding to contact inquiries Art. 6(1)(f) - legitimate interest
Analytics and improving our website Art. 6(1)(a) - consent (cookie banner)
Security and fraud prevention Art. 6(1)(f) - legitimate interest

4. How Long We Keep Your Data

  • Email correspondence - until resolved, max 12 months
  • Technical logs - up to 12 months

5. Who We Share Data With (sub-processors)

We share data only with trusted partners necessary to operate the platform. With each we have a Data Processing Agreement (DPA) compliant with GDPR Art. 28:

  • Anthropic, PBC (USA) — AI text generation via Claude API. Data processed in USA under Standard Contractual Clauses (SCC). Privacy Policy
  • Cloudflare, Inc. (EU + USA) — website hosting, CDN, Workers (form processing), DNS. Privacy Policy
  • Zoho Corporation (India/USA) — Mail (correspondence), Campaigns (email marketing), CRM. Privacy Policy
  • LemonSqueezy, LLC (USA) — payment gateway, VAT handling (Merchant of Record), affiliate program. Privacy Policy
  • Google LLC (EU + USA) — Google Analytics 4, traffic analytics (only with your consent). Privacy Policy
  • Microsoft Corporation (EU) — Microsoft Clarity, heatmaps and session recordings (only with your consent). Privacy Policy
  • Hetzner Online GmbH (Germany) — server infrastructure (VPS Falkenstein, EU). Privacy Policy
  • Formbricks — surveys (PMF, NPS, exit) self-hosted on our Hetzner VPS (no separate third-party processor)

Transfers outside EEA: some providers (Anthropic, LemonSqueezy, partially Cloudflare/Google) process data in the USA. Transfers occur under Standard Contractual Clauses (SCC) of the European Commission, with additional technical safeguards (TLS 1.3 in transit, AES-256 storage, data minimization).

6. Cookies

We use cookies for:

  • Essential - site functionality, remembering your language choice
  • Analytics - Google Analytics, Microsoft Clarity (you can opt out)

You can manage cookies in your browser settings or via our cookie banner.

7. Your Rights

Under GDPR, you have the right to:

  • Access - see what data we have about you
  • Rectification - correct inaccurate data
  • Erasure - request deletion of your data ("right to be forgotten")
  • Restriction - limit how we process your data
  • Portability - receive your data in a machine-readable format
  • Object - object to processing based on legitimate interest
  • Withdraw consent - at any time, without affecting prior processing

To exercise these rights, email us at [email protected]

8. Right to Complain

If you believe we're processing your data unlawfully, you can file a complaint with your local data protection authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

9. Data Security

We use appropriate technical and organizational measures to protect your data:

  • Encrypted connections (HTTPS/SSL)
  • Secure data storage
  • Limited access to data

10. International Transfers

Some of our service providers (e.g., Google) may process data outside the European Economic Area. In such cases, we ensure appropriate safeguards like Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes by updating the date on this page.

12. Contact

For privacy-related questions, contact us at:

Email: [email protected]