Privacy Policy

We collect information you provide directly to us, including:

Account Information: When you create an account, we collect your name, email address, company name, and password.

Call Data: Mylla processes inbound phone calls on your behalf. This includes call recordings, transcripts, caller phone numbers, and data collected during conversations (as configured by you — e.g. name, inquiry, insurance status).

Usage Data: We collect information about how you use Mylla, including pages visited, features used, and timestamps.

Billing Information: Payment details are collected and stored securely by Stripe. We do not store full card numbers.

Communications: If you contact us via email or support channels, we retain those communications.

We use collected information to:

- Provide, operate, and improve the Mylla platform - Process and manage calls on your behalf - Send lead notifications and call summaries to your configured email address - Send SMS confirmations to callers (on your behalf, from your Mylla number) - Process payments and manage billing via Stripe - Communicate product updates, security notices, and support responses - Comply with legal obligations

Call recordings and transcripts are generated and stored securely as part of the Mylla service. Recordings are accessible from your dashboard and included in lead notifications.

You can configure data retention periods in your business settings (default: 365 days). After the retention period, recordings and transcripts are permanently deleted.

Callers have the right to request deletion of their data. You can fulfill such requests from your Mylla admin panel or by contacting us.

We share data only with the services necessary to operate Mylla:

- Twilio — telephony (phone numbers, call routing, SMS) - Stripe — payment processing and billing - SendGrid — transactional email (lead notifications) - Supabase — database and authentication infrastructure

We do not sell, rent, or share your data with advertisers or unrelated third parties.

Call data (recordings, transcripts, leads) is retained for the period configured in your business settings (default 365 days).

Account data is retained for the lifetime of your subscription plus 30 days after cancellation, after which it is permanently deleted.

You may request deletion of your account and all associated data at any time by contacting us at support@mylla.ai.

If you are located in the European Economic Area, you have the following rights under GDPR:

- Right of access: Request a copy of your personal data - Right to rectification: Correct inaccurate data - Right to erasure: Request deletion of your data - Right to data portability: Receive your data in a machine-readable format - Right to object: Object to processing in certain circumstances

To exercise these rights, contact: support@mylla.ai

Barking Studio acts as a data processor on behalf of businesses using Mylla. Businesses (our clients) are the data controllers for their callers' data.

For Canadian businesses using Mylla in healthcare settings, we comply with PIPEDA (Personal Information Protection and Electronic Documents Act) and PHIPA (Personal Health Information Protection Act, Ontario).

Call data containing health information is treated as personal health information. Access is role-restricted, data is encrypted at rest and in transit, and audit logs are maintained.

We implement industry-standard security measures:

- All data encrypted in transit (TLS 1.2+) - All data encrypted at rest (AES-256) - Row-level security (RLS) enforces strict multi-tenant data isolation - Authentication via Supabase Auth with session management - Payment data never touches our servers (Stripe tokenization)

If you discover a security vulnerability, please report it to support@mylla.ai.

Mylla uses cookies and similar tracking technologies to:

- Maintain your authentication session - Remember your preferences - Analyze product usage (aggregated, anonymized)

We do not use advertising or cross-site tracking cookies.

We may update this Privacy Policy periodically. We will notify you via email and an in-app notice at least 14 days before material changes take effect. Continued use of Mylla after changes constitutes acceptance.

For privacy-related inquiries:

Barking Studio Email: support@mylla.ai Website: mylla.ai

We respond to all privacy inquiries within 5 business days.