mimik Technology Inc.

Privacy Policy

 

Last Updated: May 15, 2026

Table of Contents

1. Scope

This Privacy Policy describes how MIMIK TECHNOLOGY INC (“mimik”, “we,” “us,” “our”), located at 4100 Redwood Road, 20-A-137, Oakland, CA, 94619, collects, uses, discloses, and protects personal information when you use any of our Solutions and Services.

1.1 Definition of mimik’s Solutions and Services

mimik’s “Solutions and Services” means mimik websites and all its subdomains, mimik’s software, SDKs, APIs, applications used on any devices in all forms including but not limited to mimik mimOE and mimOE Studio, components, documentation, and related support and services made available through but not limited to the mimik developer portal or other mimik related websites and web portals, including any future improvements or modifications to the aforementioned.

2. Information We Collect

We collect both Personal Information where legally permitted, including based on your consent, the performance of a contract, or our legitimate interests, and non-personal information.

Personal Information means information that identifies or can be reasonably linked to an individual, directly or indirectly.

2.1 Visitors

We may collect limited technical information from website visitors, such as IP address, device type, and usage data, which may be considered Personal Information under applicable law. We classify this information as non-personal information.

2.2 Registered Users

Upon registration and or completion of any related forms, emails or any other method of communication to grant access to our Solutions and Services, with explicit consent from our users, we collect related personal information. For purposes of applicable data protection laws, mimik Technology Inc. acts as the data controller for Personal Information described in this Policy, except where otherwise specified.

2.3 Technical Information

Types of collected information can include:

  • Device information. Device-specific information when you install or update our Solutions and Services. This information includes your hardware make and model, operating system version, mobile service providers, and unique device identifier.
  • Log Information. We collect and store certain information in our secure server and may include:
    • Details of how you used our service, such as the number of times you used our Solutions and Services.
    • Device event information such as notifications, amounts of consumed data, and network conditions.
    • Date, time, and location of your device event. Location is acquired by the use of GPS signals and various other technologies to determine location, such as nearby Wi-Fi access points and cell towers.
    • Application’s identifier (for example, process name and version numbers) for device events related to data consumption.
    • Details of the Solutions and Services crash incidents.

2.4 Use of Information

We use the collected information to provide users with our Solutions and Services, improve performance, communicate updates, support, and ensure security, as well as better understanding how people use our Solutions and Services, and to highlight any network issues.

  • We do not sell or share Personal Information for cross-context behavioral advertising as defined under California law as those terms are defined under CCPA/CPRA, VCDPA, CPA, or other U.S. state privacy laws.
  • We may share personal information with companies, organizations, and individuals outside of mimik where applicable:
    • With service providers, affiliates, and partners who process data on our behalf under contractual obligations.
    • With judicial authorities when we are being legally obliged.
  • We do not use or disclose sensitive personal information except as permitted by applicable law or with your consent.
  • If mimik is involved in a merger, acquisition or asset sale, we will continue to ensure the complete confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
  • We may use non-personal information publicly and with our partners – like service providers. For example, we may use information publicly to show trends about the general use of our services. We may share information with service providers, legal authorities, or in business transactions.

2.5 Legal Basis

Processing is based on consent, contractual necessity, legal obligations, or legitimate interests.

3. Security

We work hard to protect our users and mimik’s Solutions and Services from unauthorized access to, or unauthorized alteration of, disclosure or destruction of information we hold. We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include:

  • We use encryption in transit (e.g., TLS/HTTPS) where appropriate for all our Solutions and Services.
  • We safeguard against unauthorized access to our storage and processing facilities and provide appropriate physical security measures.
  • We restrict access to all your personal information strictly to mimik employees, and a third-party online service provider.

ACKNOWLEDGMENT: NO METHOD OF TRANSMISSION OR STORAGE IS PERFECTLY SECURE; WE CANNOT GUARANTEE ABSOLUTE SECURITY.

In the event of a personal data breach affecting EU/UK residents that is likely to result in a risk to your rights and freedoms, after the time of discovery of the occurrence of such event,

  • We will notify the relevant supervisory authority within 72 hours and, where the risk is high,
  • Notify you without undue delay (GDPR Art. 33–34).
  • For U.S. residents, we will notify you in accordance with applicable state breach notification laws.

4. Cookies, SDKs & Tracking Technologies

We use cookies, software development kits (SDKs), pixels, local storage, and similar technologies to operate our Solutions and Services, remember your preferences, functionality, usage analytics, and security, and (with consent, where required) deliver advertising.

Categories we use:

  • Strictly necessary — required for Solutions and Services to function (login, security, fraud prevention)
  • Functional — remember preferences (language, region)
  • Analytics — measure usage and improve the Services
  • Advertising — deliver and measure marketing communications, including cross-context behavioral advertising

4.1 Consent & Controls

EU/UK/Swiss users: when you first visit, you will see a cookie banner. Non-essential cookies (e.g., analytics, advertising) are only used after you provide consent where required by law. You can accept all, reject all, or set granular preferences. You can change your preferences at any time via Cookie Preferences.

US and all other countries: we honor Global Privacy Control for the device/browser. When you first visit, you will see a cookie banner. Only strictly necessary cookies load before you make a choice.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations.

Depending on the type of data, retention periods will be, but not limited to:

  • Account data: retained while account is active, and afterwards as required by regional financial authorities.
  • Logs and diagnostics: retained for limited operational and security purposes, typically for a defined period unless required longer for legal or security investigations.
  • Legal records: retained as required by law.

After the retention period, we either delete the data or anonymize any personal information in such that it can no longer be associated with you.

6. International Transfers

Data may be transferred internationally with appropriate safeguards.

We are headquartered in the United States of America. We use service providers / processors who perform services on our behalf under written contracts that restrict their use of the data, including but not limited to:

  • CLOUD HOSTING — e.g., AWS, Google Cloud, Azure
  • ANALYTICS — e.g., Google Analytics
  • Commercial email delivery systems
  • Advertising and analytics partners (for users who have not opted out)
  • Affiliates within our corporate group
  • Professional advisors: legal, accounting, insurance
  • Government and law enforcement, when legally required or to protect rights, property, or safety
  • Successors in a merger, acquisition, or asset sale

When we transfer personal data outside the European Economic Area, the United Kingdom, or Switzerland to countries that do not have an adequacy decision, we rely on:

  • EU–U.S. Data Privacy Framework certification (for transfers to participating U.S. entities) — see https://www.dataprivacyframework.gov
  • Standard Contractual Clauses approved by the European Commission (Decision 2021/914), including the UK International Data Transfer Addendum where applicable

7. User Rights

Subject to verification and applicable exceptions, you have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct inaccurate information
  • Deletion / Erasure — request that we delete your personal information
  • Portability — request a copy in a machine-readable format
  • Opt-out of targeted advertising
  • Limit the use of sensitive personal information (CA) / withhold opt-in consent (VA, CO, CT, UT, EU)
  • Object to processing based on legitimate interests or direct marketing (GDPR)
  • Withdraw consent at any time (GDPR / where consent is the lawful basis)
  • Not be subject to solely automated decisions producing legal or similarly significant effects (GDPR Art. 22; CPRA ADMT rights as in effect)
  • Lodge a complaint with a supervisory authority:
    • EU users may contact their national DPA or the lead Privacy Protection authority.
    • California users may file with the California Privacy Protection Agency at https://cppa.ca.gov

To exercise any of these rights, submit a request via privacy@mimik.com. We will acknowledge your request within:

  • Ten (10) business days (CCPA), and
  • Respond within forty-five (45) calendar days (U.S. state laws) or,
  • Thirty (30) days (GDPR), extendable as permitted by law.

8. Children’s Privacy

Without any discrimination our Solutions and Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have collected information from a child under 13, contact us at privacy@mimik.com and we will delete such information.

For users under 16 in the EU/UK (or the applicable age set by your member state, between 13 and 16), we obtain verifiable parental consent before processing based on consent.

9. Non-Discrimination

We will not discriminate or retaliate against you for exercising any of your privacy rights. We will not deny you services, charge different prices, or provide a different level of quality, except where the difference is reasonably related to the value provided to us by your data and disclosed in advance.

10. Changes

Privacy Policy may change from time to time. We will provide notice of material changes through the website or other appropriate means (e.g., email or in-product notification). We will post any privacy policy changes on the mimik website. We will also keep prior versions of this Privacy Policy in an archive for review by request.

11. Governing Law and Dispute Resolution

This Policy will be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles.

Any legal action or proceeding arising out of or relating to this policy shall be brought exclusively in the state or federal courts located within Alameda County, California, including the United States District Court for the Northern District of California, and the parties hereby consent to the personal jurisdiction and venue therein.

12. Contact

Our Privacy team can be reached via email: privacy@mimik.com

Subscribe to our newsletter