Mya Logo

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Mya Labs, Inc. (“Mya,” “we,” “our,” or “us”) provides an AI-native workplace intelligence platform that integrates with workplace tools such as email, messaging platforms, calendars, and project management systems to generate summaries, briefs, and insights for teams.

This Privacy Policy describes how we collect, use, disclose, and protect information when customers and authorized users access or use the Mya platform (the “Service”).

When organizations use the Service, Mya generally acts as a service provider or data processor on behalf of the customer organization, which acts as the data controller. The customer determines what workplace systems are connected and what data is made available to the Service.

2. Information We Collect

2.1 Customer and User Information

We collect information necessary to create and manage accounts, including:

  • Name
  • Work email address
  • Organization name
  • Authentication and identity metadata
  • Account, role, and subscription information

2.2 Integrated Workplace Content (“User Content”)

With customer authorization, Mya ingests and processes content from connected workplace tools, which may include:

  • Emails
  • Chat messages (e.g., Slack or Microsoft Teams)
  • Calendar events and meeting metadata
  • Notifications and activity data from tools such as Jira, Linear, GitHub, Figma, and similar services

Mya uses an event-driven ingestion architecture to maintain contextual continuity and generate summaries, briefs, and insights. While User Content may be ingested broadly to preserve context and accuracy, the Service is not designed to function as employee surveillance software or to make automated employment decisions.

2.3 Usage and Technical Data

We collect technical and usage data such as:

  • IP address and device information
  • Log files and timestamps
  • Feature usage and interaction data

This data may be collected using analytics tools such as PostHog and Google Analytics to help us understand usage patterns and improve the Service.

2.4 Billing Information

Billing is handled by Stripe. Mya stores only limited billing metadata, such as customer and subscription identifiers. Payment card information is processed and stored directly by Stripe and is not stored by Mya.

3. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Generate AI-driven summaries, briefs, prioritizations, and insights
  • Maintain contextual continuity across connected workplace tools
  • Personalize user experiences based on preferences and usage signals
  • Monitor performance, reliability, and security of the Service
  • Improve product features and functionality
  • Comply with legal and contractual obligations

4. Legal Bases for Processing

Where applicable under data protection laws, we process personal data on the following legal bases:

  • Contractual Necessity – to provide and operate the Service requested by customers and users.
  • Legitimate Interests – to improve the Service, maintain security, analyze usage patterns, and develop new features.
  • Consent – where required by law for specific processing activities.
  • Legal Obligations – to comply with applicable laws, regulations, and legal processes.

5. AI Processing and Subprocessors

5.1 AI and Infrastructure Providers

User Content may be processed by trusted subprocessors solely to provide the Service, including:

  • AWS Bedrock (Amazon Web Services) – AI summarization, scoring, and inference
  • ElevenLabs – voice synthesis of generated insight text
  • Nango – OAuth token handling for third-party integrations
  • AWS S3 and AWS KMS – encrypted data storage and key management
  • Vercel – application hosting, request routing, and edge infrastructure

These subprocessors operate under contractual obligations to process data only on our instructions.

5.2 Model Improvement and Training

Mya may use aggregated and de-identified signals derived from User Content to improve summarization quality, relevance ranking, and insight generation.

Mya does not use customer data to build or train models for third-party use.

Enterprise customers may opt out of model improvement usage through a separate written agreement or contract.

6. How We Share Information

We do not sell personal data.

We may disclose information in the following circumstances:

Service Providers
We may share information with vendors and subprocessors that help operate the Service.

Legal Requirements
We may disclose information if required to comply with applicable law, legal process, or government request.

Business Transfers
Information may be transferred as part of a merger, acquisition, financing, or sale of assets.

Protection of Rights
We may disclose information where necessary to protect the rights, property, or safety of Mya, our customers, or others.

7. Data Storage and Security

We implement administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, or misuse.

Examples include:

  • Raw data stored in AWS S3
  • Sensitive credentials and tokens encrypted using AWS KMS envelope encryption (AES-256-GCM)
  • Encryption in transit and at rest
  • Logical tenant isolation between organizations
  • Data classification and tagging for sensitivity levels (public, internal, confidential, restricted)

8. Data Retention and Deletion

User profiles are soft-deleted using a deleted_at timestamp.

Retention periods may vary depending on data type and sensitivity.

Formal retention schedules or deletion obligations may also be defined through customer contracts or internal policies.

Customers may request deletion of their data, subject to operational, contractual, or legal obligations.

9. Cookies and Tracking Technologies

We and our analytics providers may use cookies, local storage, and similar technologies to collect usage data, improve performance, and understand how the Service is used.

These technologies may be used by analytics providers such as PostHog and Google Analytics.

Users can manage cookie preferences through their browser settings.

10. International Data Transfers

Mya is headquartered in the United States.

If users access the Service from outside the United States, information may be transferred to and processed in the United States or other jurisdictions where our service providers operate, subject to appropriate safeguards.

11. User Rights

Depending on applicable laws and jurisdiction, users may have rights to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict or object to certain processing activities

Requests may be submitted to:

privacy@heymya.ai

Where Mya acts as a processor on behalf of a customer organization, requests may need to be directed to the customer organization that controls the relevant data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify users through the Service, by email, or by other reasonable means.

The “Last Updated” date at the top of this policy indicates when it was last revised.

13. Contact Information

Mya Labs, Inc.
22 Stanford Heights Ave
San Francisco, California 94127
United States

Email: privacy@heymya.ai