How we handle your data

Mimu is owned and operated by Peter Gangmei, sole proprietor of Mimu Entertainment, registered under the Delhi Shops & Establishment Act, 1954 (Registration No. 2026047297), with principal place of business at H3 Panchsheel Vihar, Malviya Nagar, New Delhi - 110017 (the "Proprietor", "we", "us"). For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Proprietor is the Data Fiduciary in respect of personal data processed through Mimu.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Mimu mobile application, this website, and any related services (together, the "Service"). It applies to Viewers, Hosts, and visitors to our website.

(a) Information you provide directly

• Account details — name, date of birth, email address, mobile number, password, profile photo, gender, language preference, and short bio.
• Host verification — for users who apply to become Hosts: government ID document, selfie for liveness check, payout details (bank account or UPI ID), and PAN where required by law.
• Communications — messages you send to support, reports you file against other users, and survey responses.

(b) Information we collect automatically

• Device data — device model, operating system, app version, language, time zone, advertising identifier, and a unique installation ID.
• Network data — IP address, approximate location derived from IP (city-level), mobile network operator, and connection type.
• Usage data — pages and screens viewed, features used, calls initiated and received, call duration, in-app purchases, crash reports, and diagnostic logs.

(c) Information from third parties

• Payment data from payment gateways (we receive tokenised payment references and transaction status; we do not store full card numbers, UPI PINs, or CVVs).
• Auth providers (e.g. Google) — basic profile information, only if you choose to sign in with that provider.

We do not record your video calls. Audio and video frames are transmitted in real time between you and the other party through our real-time communication partner and are not stored on our servers.

We process your personal data for the following purposes:

• To create and operate your account.
• To enable 1:1 video calls, including matching, signalling, and quality monitoring.
• To process payments, credit coins to your wallet, and process Host payouts.
• To verify Host identity and prevent fraud, impersonation, and underage usage.
• To moderate the platform, investigate reports, and enforce our Terms of Service.
• To respond to support enquiries and grievances.
• To send service notifications (transactional emails, push notifications about calls or payments). Marketing communications are sent only with your consent and can be turned off at any time.
• To improve the Service through analytics on aggregated, de-identified usage data.
• To comply with applicable law, lawful requests from government authorities, court orders, and our legal obligations.

The lawful basis for our processing is the consent you give when you create an account, the performance of our contract with you (these Terms of Service), and compliance with legal obligations.

We share personal data only with the following categories of recipients:

• Real-time communication providers — e.g. ZEGOCLOUD, to deliver low-latency audio/video.
• Cloud infrastructure & database — e.g. Supabase / hosting providers, to store account data, wallets, and application state.
• Payment processors — to charge your payment method and process Host payouts.
• Analytics and crash-reporting tools — to understand product performance and fix bugs.
• AI moderation services — to scan reported content and identify policy violations.
• Professional advisors — lawyers, accountants, auditors, bound by confidentiality.
• Law enforcement and government authorities — where we are legally required to disclose information.

We do not sell your personal data to advertisers or data brokers.

Some of our service providers operate servers outside India. Where personal data is transferred outside India, we ensure such transfers are made only to jurisdictions permitted under the DPDP Act and applicable rules, and we put in place appropriate contractual safeguards with the recipient.

We retain personal data only for as long as is necessary for the purposes set out above, or as required by applicable law:

• Account data — while your account is active, and for up to 12 months after deletion (or longer where law requires).
• Payment and tax records — minimum 8 years, as required under the Income Tax Act and GST law.
• Host KYC records — minimum 5 years from the end of the business relationship, as required by anti-money-laundering norms.
• Moderation logs and abuse reports — up to 24 months, longer where an active investigation requires it.
• Server and security logs — typically up to 90 days.

We follow reasonable technical and organisational security practices in line with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These include encryption in transit (TLS), access controls, principle of least privilege, secrets management, and regular review of vendor security.

No system is perfectly secure. If we become aware of a personal-data breach that is likely to result in risk to you, we will notify you and the Data Protection Board of India as required by law.

Mimu is not directed at, and we do not knowingly collect personal data from, anyone under the age of 18. If you believe a minor has created an account, please write to peter@mimu.online and we will promptly investigate and delete the account.

Subject to the DPDP Act and applicable law, you have the following rights in respect of your personal data:

• Right to access — request a copy of the personal data we hold about you.
• Right to correction — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your account and associated data, subject to legal retention requirements.
• Right to withdraw consent — withdraw consent for processing where consent is the lawful basis. Withdrawing consent may mean we can no longer provide the Service.
• Right to grievance redressal — raise a complaint with our Grievance Officer (see below). If unresolved, you may approach the Data Protection Board of India.
• Right to nominate — nominate another individual to exercise these rights on your behalf in the event of death or incapacity.

To exercise any of these rights, email peter@mimu.online from the email address registered on your Mimu account. We will respond within 30 days.

Our website uses a minimal set of cookies and local-storage entries. We do not use third-party advertising, retargeting, or cross-site tracking cookies. The categories we use are:

• Strictly necessary — session and authentication cookies that keep you signed in, maintain a secure session, and protect against cross-site request forgery. The site cannot function without these. Typically session-based or kept for the duration of your login, and cleared when you sign out.
• Preference — local-storage entries that remember basic choices such as theme and language so the site behaves consistently on your next visit. Kept until you clear your browser storage.

These cookies and entries are read only by us to operate the site; they are not shared with advertisers or data brokers. You can view, block, or delete cookies and local storage at any time through your browser settings — note that blocking strictly-necessary cookies may stop you from signing in or using parts of the site.

The Mimu mobile app does not use web cookies. Instead it uses on-device storage to cache application data and a unique installation identifier used for analytics and crash reporting, as described in Section 3. You can reset the advertising identifier in your device settings.

We may update this Privacy Policy from time to time. The updated version takes effect when posted on this page. Material changes will be notified inside the app or by email. The "Effective" date at the top reflects the latest version.

In accordance with the Digital Personal Data Protection Act, 2023 and the IT Rules, our Grievance Officer is:

• Name: Peter Gangmei
• Address: H3 Panchsheel Vihar, Malviya Nagar, New Delhi, 110017
• Email: peter@mimu.online

The Grievance Officer will acknowledge complaints within 24 hours and resolve them within 15 days of receipt.

For any privacy-related question, write to peter@mimu.online.