Soft white clouds on a light background, decorative visual for website design

Privacy Policy

Myla Privacy Policy

Last updated: February 17, 2026

This Privacy Policy explains how ALTFLOW LIMITED ("Myla", "we", "us") collects, uses, shares, and retains information when you use Myla (the "Service"), including our mobile app and related features.

1. Who We Are

Myla is operated by ALTFLOW LIMITED (United Kingdom).

Registered address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Contact: team@joinmyla.com

2. Data We Collect and Why

We collect the following categories of information to operate the Service, provide features, maintain security, and improve performance.

2.1 Summary table

Category

Examples

Primary purposes

Account & authentication

Email, name/photo (if provided), Firebase UID, login method

Account creation, authentication, security

Profile & onboarding

Role, website URL, LinkedIn URL, city, onboarding selections

Personalization, onboarding, recommendations

Saved/imported content

URLs, titles, notes, lists/collections, extracted metadata

Core save/organize/rediscover features

Ask / AI conversations

Questions, responses, conversation context, web search queries (if used)

Ask feature, history, contextual answers

Usage analytics (first-party)

Screen views, feature events, searches, subscription funnel events

Product improvement, reliability, quotas

Firebase Analytics (Google)

Auto-collected app usage + device/app signals

Product analytics, diagnostics

Location (optional)

Foreground GPS coordinates (when using Near You)

Location-based discovery

Subscriptions & purchases

Transaction IDs, product IDs, entitlement state, webhook events

Billing, entitlements, fraud prevention

Operational logs

Request metadata; error logs (may include request body in failure scenarios)

Debugging, security, reliability

2.2 What we do not collect

  • We do not access your contacts, photos, or camera roll unless you explicitly provide content to us.

  • We do not intentionally collect precise background location.

  • We do not sell personal data.

3. Analytics and Tracking Disclosure

3.1 Analytics systems

We use product analytics to understand how Myla is used and to improve performance and reliability. We collect analytics in two ways:

  1. First-party analytics events sent to our backend and stored in our Firestore analytics_events collection.

3.2 Data that may be included in analytics

  • Identifiers and technical context (e.g., Firebase UID, device_id, session_id, platform, app version, timestamps).

  • Event metadata (e.g., screen name, action type, feature usage).

  • User-entered text in limited cases (e.g., search queries, Ask questions) where needed for feature measurement.

3.3 Advertising identifiers (IDFA/GAID) and AppTrackingTransparency (ATT)
Myla does not access the device advertising identifier (IDFA) on iOS and does not request AppTrackingTransparency (ATT) permission. We do not track you across other companies’ apps or websites for advertising or advertising measurement.

3.4 Cookies and similar technologies

The Myla mobile app does not use browser cookies. If you use our website, it may use essential cookies and similar technologies to operate and secure the site and to measure basic usage. Where required, we will request consent for non-essential cookies.

4. How We Use Your Data (Purposes)

  • Provide core features (saving, importing, organizing, rediscovering content).

  • Authenticate users and secure accounts.

  • Power AI features such as Ask, summaries, and tagging.

  • Measure and improve product performance and UX.

  • Enforce quotas, plan limits, and prevent abuse/fraud.

  • Comply with legal obligations (e.g., accounting, tax, dispute handling).

5. Third Parties and Partners

We use a limited set of service providers (processors) to run Myla. They receive only the data needed to perform their services.

5.1 Key service providers (processors)

Examples of key providers we use to operate Myla are listed below. Providers may change over time; we update this policy when changes are material.

Provider

Purpose

Data involved (examples)

International transfer notes

Google Firebase

Authentication, database/storage, analytics

Account identifiers, saved/imported content, analytics events

May be processed outside EEA/UK; safeguards may apply

Apple (App Store / StoreKit)

Payments and subscriptions

Subscription status, transaction IDs, purchase events

Controlled by Apple; may involve international processing

OpenAI

AI processing for Ask/summaries

User prompts, selected context, content snippets/metadata

May be processed outside EEA/UK; safeguards may apply

Bright Data

Import scraping

User-submitted URLs and fetched public page content/metadata

May be processed internationally

Supadata

Transcript fetching

User-submitted URLs and fetched transcript text

May be processed internationally

AWS (S3/CloudFront/Logging)

Hosting assets and operational logging

Stored assets; operational logs and diagnostics

May be processed internationally; safeguards may apply

6. AI Processing

6.1 What may be sent for AI processing

  • Your Ask messages and relevant conversation context.

  • Selected saved/imported content context (snippets, metadata) used to answer your request.

  • Optional profile/onboarding context you provide to personalize outputs.

6.2 Important notes

  • We send the minimum data needed to provide AI features.

  • AI outputs may be inaccurate or incomplete and are provided “as is”.

  • We do not use your content to train our own AI models. Where we use third-party AI processors, we use arrangements and settings intended to prevent your personal information from being used to train their models.

7. Discover and Public Content

Some imported public content may appear in the Discover area so other users can explore popular or relevant items. When we show such content, we do not display your personal identifiers.

If you are the original author of a post and want it removed from Discover, contact team@joinmyla.com.

Import transparency: When you submit a URL for import, we retrieve information that is publicly accessible at that URL. We do not intentionally access private, password-protected, or paywalled content. You are responsible for ensuring you have the right to save or import the content you submit.

8. Location Data

If you use the “Near You” discovery feature, we collect foreground location (GPS coordinates) on demand and use it to filter results. You can revoke location permission in your device settings at any time.

9. Retention and Deletion

9.1 Retention while your account is active

We retain account and content data for as long as your account remains active so we can provide the Service.

9.2 Account deletion

You can initiate account deletion within the Myla app (Settings > Account > Delete Account) or by contacting team@joinmyla.com.

We aim to complete deletion of core account and content data from active systems within 30 days. Backup copies (where applicable) are typically overwritten or deleted within 60 days.

9.3 Data that may be retained after account deletion

Some records may be retained after account deletion for legitimate interests or legal/compliance reasons, including:

  • Behavioral analytics: upon account deletion we irreversibly de-identify analytics by removing account identifiers (such as user_id) and retaining only aggregated, non-identifiable usage statistics.

  • App Store transaction and subscription lifecycle records (for example, app_store_transactions and app_store_webhook_events) as required for accounting, compliance, and fraud prevention.

  • Operational and security logs (for example, server logs) retained for debugging, security monitoring, and reliability (generally retained for a limited period, typically up to 90 days); error logs may include request bodies in certain failure scenarios.

Where feasible, we minimize retained data and de-identify or aggregate it.

10. Your Choices, Consent, and How to Request Deletion

10.1 Request deletion or exercise rights

To request deletion, access, correction, or other privacy rights, email team@joinmyla.com. Please send requests from the email address associated with your Myla account so we can verify your identity.

10.2 Withdraw consent / revoke permissions

  • Location: disable location permission in your device settings.

  • Analytics: your device/OS may offer settings to limit analytics and ad tracking; where required by law, we rely on consent for certain processing.

  • Marketing: if we send product-related marketing emails, you can unsubscribe at any time (where applicable) or contact us to opt out.

10.3 Your privacy rights (EEA/UK and similar jurisdictions)

Depending on where you live, you may have rights to: access, correct, delete, port, restrict processing, object to processing, and withdraw consent (where processing is based on consent).

We aim to respond to verified requests within 30 days, unless local law permits a longer period.

11. Legal Bases (EEA/UK)

  • Contract: provide the Service and its features.

  • Legitimate interests: security, fraud prevention, service improvement, analytics.

  • Consent: optional permissions such as location; marketing (where applicable).

  • Legal obligation: accounting, tax, compliance, and dispute handling.

12. International Transfers

Our service providers may process data in different countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses, the UK Addendum/IDTA, or equivalent protections) to protect personal data transferred internationally.

13. Security

We use technical and organizational measures designed to protect your information. No system is 100% secure.

Security measures we use may include:

  • Encryption in transit (HTTPS/TLS) for app-to-server communication.

  • Access controls and least-privilege permissions for internal systems.

  • Monitoring and logging to detect abuse, fraud, and operational issues.

  • Backups and recovery procedures for availability.

  • Incident response processes designed to investigate and remediate security issues.

14. Children

Myla is intended for users aged 16+. We do not knowingly collect data from children under 16.

15. Changes to This Policy

We may update this policy from time to time. If changes are material, we will provide notice in-app or by other means. The “Last updated” date indicates when the policy was most recently revised.

16. Contact

ALTFLOW LIMITED, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Email: team@joinmyla.com