Last updated: May 1, 2026 · GDPR & UAE PDPL compliant
Mycel Inc., registered in the Dubai International Financial Centre (DIFC), UAE. Data Controller. Contact: privacy@mycel.ai
Account data: name, email, phone number, company name, billing information.
Business data: offers you create, descriptions, prices, images you upload.
Lead data: contact information of people who express interest in your offers (collected through forms, WhatsApp, AI channels). This is third-party personal data — you are the data controller for your leads; we are the processor.
Usage data: IP addresses (hashed), session data, feature usage analytics. We do not use advertising trackers.
AI Pixel data: anonymized page views and intent signals. No PII collected without explicit consent. K-anonymized (minimum 10 users per intent bucket).
We process data under: Contract (to provide the Service); Legitimate interests (fraud prevention, security, platform improvement); Consent (marketing emails, optional AI model training). You may withdraw consent at any time.
We use your data to: provide and improve the Service; send transactional emails (lead notifications, billing); detect fraud and abuse; generate anonymized aggregate insights (we never sell individual data). We do not use your data for advertising targeting on other platforms.
We share data only with: Service providers necessary to operate (Supabase/AWS for hosting, Stripe for payments, Postmark for email, Anthropic/OpenAI for AI processing) under data processing agreements; Law enforcement when legally required. We never sell data.
Content you upload (offer descriptions, images) is processed by Anthropic Claude and OpenAI to generate DNA, hooks, and embeddings. This is done under our data processing agreements. By default, your content is not used to train third-party AI models. You can opt out of all AI processing in Settings → Privacy, though this will disable AI features.
Account data: retained while account is active + 30 days after deletion request. Lead data: retained per your account settings (default 2 years). Audit logs: 1 year. Backups: 30-day rolling.
Under GDPR and UAE PDPL you have the right to: Access your data (export via Settings → Privacy → Download); Rectify inaccurate data; Erase your data (Settings → Danger zone); Port your data (JSON export); Object to processing; Withdraw consent for optional processing.
Requests fulfilled within 30 days. Contact: privacy@mycel.ai
We use only essential cookies (session management, CSRF protection). No advertising or tracking cookies. No third-party cookie networks. Cookie preferences can be managed in your browser settings.
We use: TLS 1.3 for all data in transit; AES-256 for data at rest; row-level security (each tenant's data isolated); regular penetration testing; SOC 2 Type II in progress. If you discover a security vulnerability: security@mycel.ai
DPO contact: privacy@mycel.ai
Mycel Inc., DIFC, Dubai, UAE
EU representative: [appointed upon EU expansion]
You may also lodge a complaint with your local data protection authority.