Mycelio Privacy Policy

This Privacy Policy describes how Mycelio AI ("Mycelio," "we," "us," or "our") collects, uses, shares, and protects information when you use the Mycelio AI mobile application (the "App") and any related services (collectively, the "Service").

By creating an account or using the App, you agree to the practices described in this Policy. If you do not agree, do not use the Service.

1. Who We Are

Mycelio is operated by Koss Applications LLC.

Contact for privacy questions: artifexhealth@kossapplications.app

2. Information We Collect

We collect only what we need to run the Service. The categories below describe everything we collect.

2.1 Information you provide directly

• Account information. When you sign up via email/password or Google Sign-In, we collect your email address and (if you choose Google Sign-In) the name and email associated with your Google account.
• Display name. A name you choose during onboarding, used to address you in the App.
• Memory / Notes (Pro feature). Free-form text you optionally save in the "Memory / Notes" feature. This text is shared with the AI model on every chat to give the model context about you (e.g., your job, preferences, recurring projects). Stored in Firestore until you edit or delete it.
• Snippets and collections. Saved prompt templates and image thumbnails you create within the App.
• Chat content. The prompts you submit to the AI, attached images, and the AI's responses. Conversation history is stored so you can return to past chats.
• Voice input (optional). When you tap the microphone, audio is captured and transcribed to text on-device or via Google speech services. We do not retain raw audio on our servers — only the resulting transcript, which is treated as ordinary chat content.
• Feedback and ratings (optional). Thumbs-up / thumbs-down ratings and any feedback you submit.

2.2 Information collected automatically

• Usage data. For each chat: which AI model was selected, token counts, credits charged, timestamps, and message counts. We use this to bill credits, display usage stats, and improve our model-routing logic.
• Authentication metadata. Sign-in timestamps, IP address (transiently, for security checks), and Firebase Authentication identifiers.
• Device and app diagnostic data via Firebase Analytics. This includes a Firebase-generated app instance ID, device model, operating system version, app version, country, language, and aggregated event counts (screen opens, feature use). Firebase Analytics does not include your name, email, or chat content.
• Crash and performance data (if enabled) sufficient to diagnose technical problems.

2.3 Information we do not collect

• Payment card data. All purchases (subscriptions and credit top-ups) are processed by Google Play Billing. We receive only an opaque purchase token and confirmation that a transaction succeeded. We never see, store, or have access to your payment card, billing address, or other financial information.
• Precise location. We do not request or collect GPS location.
• Contacts, SMS, or call history. We do not access these on your device.

3. How We Use Your Information

We use the information described above to:

• Provide the core Service — sign you in, route your prompts to AI models, return responses, and store your conversation history.
• Process and track in-app purchases, credit balances, and subscription state.
• Calculate and display your usage statistics.
• Improve the App, including the prompt optimizer and model-routing logic (using aggregated, de-identified usage data where practical).
• Investigate abuse, prevent fraud, enforce our Terms of Service, and comply with legal obligations.
• Communicate with you about service-critical issues (e.g., security notices). We do not send marketing email unless you opt in.

We do not use your chat content to train our own AI models, nor do we sell your personal information to third parties.

4. How We Share Your Information

We share information only with the service providers and parties listed below, and only as needed to run the Service.

4.1 Infrastructure providers

• Google Firebase / Google Cloud Platform — hosts our database (Firestore), authentication system, cloud functions, and analytics. Your account information, conversation history, memory notes, snippets, and usage data are stored on Google's infrastructure under our control. Google processes this data on our behalf under its standard terms (https://cloud.google.com/terms/data-processing-terms).

4.2 AI model providers (via OpenRouter)

When you send a prompt, it is transmitted through OpenRouter (OpenRouter Inc., https://openrouter.ai), our model-routing provider, which forwards your prompt to the AI model selected for that request. Depending on the model chosen, your prompt is processed by one of the following providers:

• Anthropic (Claude models)
• OpenAI (GPT models)
• Google (Gemini models)
• xAI (Grok models)
• Meta (Llama models)
• DeepSeek
• Perplexity
• Mistral AI

The selected provider receives the contents of your prompt, any attached images, and your saved memory notes (Pro users only) for the duration needed to generate a response. Each provider's handling of that data is governed by their own privacy policy and the data-processing terms OpenRouter has in place with them. We do not control how these third parties handle your data once it leaves our systems.

You can review the providers' policies directly: Anthropic, OpenAI, Google, xAI, Meta, DeepSeek, Perplexity, Mistral, OpenRouter.

OpenRouter and the underlying providers may retain prompts and responses transiently for abuse-monitoring purposes, typically for 30 days, and do not use Mycelio user prompts for model training under the API tiers we use. We do not guarantee this on their behalf — please consult each provider's policy.

4.3 Payments

• Google Play Billing processes all purchases. We receive only a purchase token and product ID. Your payment information is handled entirely by Google under their privacy policy (https://policies.google.com/privacy).

4.4 Legal disclosures

We may disclose information when we believe in good faith that disclosure is required by law, court order, or valid government request, or is necessary to investigate fraud, protect the safety of users, or enforce our Terms of Service.

4.5 Business transfers

If Mycelio is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any change in this Policy.

5. Where Your Data Is Stored

Your data is stored on Google Cloud infrastructure, primarily in the United States. Some processing may occur in other regions where Google or the AI providers operate. If you are accessing the Service from outside the United States, you consent to the transfer of your information to the United States, which may have data-protection rules different from those in your country.

6. Data Retention

• Account data and conversation history are retained for as long as your account is active. You can delete individual conversations from within the App at any time.
• Memory notes, snippets, and saved images are retained until you delete them.
• Usage and billing records are retained for as long as needed to operate the Service, comply with tax and accounting obligations (typically 7 years), and resolve disputes.
• Firebase Analytics events are retained per the default Firebase retention period (typically 14 months) unless you opt out.
• When you delete your account, we delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or accounting purposes.

7. Your Rights and Choices

Depending on where you live, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request that we correct inaccurate data (you can also edit most of it directly in the App).
• Deletion. Request that we delete your account and associated data. You can delete your account from within the App's Settings, or by emailing us.
• Export. Request a portable copy of your data.
• Withdraw consent / opt out. Stop using the App at any time. Opt out of Firebase Analytics by signing out and uninstalling the App.

To exercise any of these rights, email artifexhealth@kossapplications.app. We will respond within 30 days (or sooner where required by law).

7.1 If you are in the European Economic Area, UK, or Switzerland

You have additional rights under the GDPR / UK GDPR, including the right to lodge a complaint with your local data-protection authority. Our legal bases for processing are:

• Contract performance — to provide the Service you've signed up for.
• Legitimate interests — to improve and secure the Service, prevent fraud.
• Consent — for optional features (e.g., voice input, where applicable).
• Legal obligation — for tax, accounting, and regulatory requirements.

7.2 If you are in California

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, to delete it, and to opt out of any "sale" or "sharing" of personal information. We do not sell your personal information. Submit requests to artifexhealth@kossapplications.app.

8. Security

We use industry-standard measures to protect your data, including:

• TLS encryption in transit for all network requests.
• Firestore Security Rules that prevent any client from reading or writing another user's data.
• Server-side validation of all credit and subscription changes (clients cannot tamper with credit balances).
• Authentication via Firebase Authentication with optional Google Sign-In.

No security measure is perfect. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

9. Children's Privacy

Mycelio is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under those ages. If you believe a child has provided us with information, contact us at artifexhealth@kossapplications.app and we will delete it.

10. Third-Party Links and Services

The App may link to third-party websites (e.g., manage your subscription in Google Play). Those services have their own privacy policies; we are not responsible for their practices.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you in-app or by email at least 14 days before the change takes effect. The "Last updated" date at the top tells you when this Policy was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

Privacy questions, complaints, and rights requests:

Koss Applications LLC
Email: artifexhealth@kossapplications.app

---

Mycelio AI is an independent product and is not affiliated with, endorsed by, or sponsored by Anthropic, OpenAI, Google, xAI, Meta, DeepSeek, Perplexity, Mistral, or OpenRouter. All trademarks are the property of their respective owners.