Privacy Policy

Sila Technologies B.V., operating as Michi (“Michi”, “we”, “us”, or “our”) is a company incorporated under Belgian law, operating the Michi Relationship Intelligence Platform at michiplatform.com. We are the data controller for personal data collected through our website and platform.

Contact: support@michiplatform.com

Supervisory authority: Gegevensbeschermingsautoriteit (GBA/APD) — https://www.gegevensbeschermingsautoriteit.be

• 2.1 Account data: name, work email address, company name, job title, password (hashed, never stored in plaintext).
• 2.2 Profile data: avatar image, communication preferences, notification settings.
• 2.3 Relationship data you enter: contact records, company profiles, notes, meeting transcripts, tasks, pipeline stages, grant information, and any other content you add to Michi.
• 2.4 Usage data: pages visited, features used, session duration, browser type, operating system, IP address.
• 2.5 Communications: support messages, feedback, and emails you send to us.
• 2.6 Payment data: billing address and payment method details (processed by Stripe; we do not store card numbers).
• 2.7 Cookies and tracking: see Section 8 — Cookies.

We process your personal data on the following legal bases under GDPR Article 6:

Performance of contract (Art. 6(1)(b)):

• Providing, maintaining, and improving the Michi platform
• Processing payments and managing your subscription
• Sending transactional emails (account confirmations, password resets, billing receipts)

Legitimate interests (Art. 6(1)(f)):

• Product analytics to understand how features are used and improve the platform
• Security monitoring and fraud prevention
• Error tracking and performance monitoring

Consent (Art. 6(1)(a)):

• Analytics and session recording cookies (where you have given consent via our cookie banner)
• Marketing communications (where you have opted in)

Legal obligation (Art. 6(1)(c)):

• Retaining financial records for Belgian tax law
• Responding to lawful requests from supervisory authorities

We do not sell your personal data. We share data only with:

• 4.1 Subprocessors: third-party services we use to deliver the platform. A full list is available at michiplatform.com/dpa#subprocessors. Key subprocessors: Supabase (database, EU), Anthropic (AI processing, US), Stripe (payments, US), Resend (email, US), PostHog (analytics, EU), Crisp (support, EU), Google/GA4 (analytics, US), Sentry (error tracking, US), Vercel (hosting, US).
• 4.2 Professional advisers: lawyers, accountants, and auditors bound by confidentiality obligations.
• 4.3 Law enforcement: where required by applicable law or to protect the rights, property, or safety of Michi, our users, or the public.
• 4.4 Business transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

Several of our subprocessors are located outside the European Economic Area (EEA), including in the United States. We ensure these transfers are lawful by relying on:

• European Commission Standard Contractual Clauses (SCCs) where the recipient is not covered by an adequacy decision
• The EU–US Data Privacy Framework where applicable

We maintain a record of all international transfers and the safeguards applied to each.

• Account and profile data: retained for the duration of your subscription plus 30 days (to allow account recovery), then permanently deleted.
• Relationship data (contacts, notes, transcripts, etc.): retained while your subscription is active. Soft-deleted records are permanently deleted after 30 days. On account deletion, all data is permanently deleted within 30 days.
• Usage and analytics data: aggregated after 12 months; individual session data deleted after 90 days.
• Financial records: retained for 7 years per Belgian accounting law.
• Support communications: retained for 3 years.

Under GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your personal data (“right to be forgotten”)
• Restriction: request that we limit how we process your data
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent

To exercise any of these rights, email support@michiplatform.com. We will respond within 30 days. You also have the right to lodge a complaint with the GBA/APD at any time.

Note: You can export your data and request deletion directly from Settings → Data & Privacy inside the Michi platform.

We use cookies and similar technologies. See our Cookie Policy (accessible via the cookie banner) for full details. Essential cookies are necessary for the platform to function and cannot be disabled. Analytics and functional cookies are only placed with your consent.

We implement appropriate technical and organisational measures to protect your personal data, including: encryption at rest and in transit (TLS 1.2+), row-level security on our database, hashed passwords, regular security reviews, and access controls limiting who can view personal data.

Michi is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this policy from time to time. We will notify registered users of material changes by email. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance.

For privacy questions, data subject requests, or to contact our data protection representative:

Email: support@michiplatform.com

Sila Technologies B.V. (operating as Michi), Antwerp, Belgium