Privacy Policy

Who we are

Mittis is an application-to-person (A2P) messaging platform operated by mittis.ai LLC. We provide messaging infrastructure to businesses (our “Customers”), who use it to communicate with their own contacts (“End Users”). For most personal information processed through the platform on behalf of a Customer, that Customer is the data controller and Mittis acts as a processor. This Policy describes both our own practices and, where relevant, how we handle data on our Customers' behalf.

Information we collect

Information you provide

• Account & business details — name, work email, company name, legal entity information, EIN/tax identifiers, and billing contact details used to create and verify your account and to register your brand and campaigns.
• Brand & campaign registration data — the information required by The Campaign Registry and carriers to register A2P brands and campaigns, including use-case descriptions and sample messages.
• Support & sales communications — the content of messages you send us and information you share when you contact us.

Information processed on behalf of Customers

• Message content & metadata — the body of messages sent or received, sender and recipient phone numbers, timestamps, delivery status, and segment counts.
• Contact & consent records — phone numbers and related opt-in / opt-out status that a Customer uploads or collects through the service.

Information collected automatically

• Usage & device data — IP address, browser type, pages viewed, and similar log data when you use our website or dashboard.
• Cookies & similar technologies — see our Cookie Policy.

How we use information

• To provide, operate, secure, and improve the messaging platform.
• To register and maintain brands and campaigns with The Campaign Registry and carriers.
• To route, deliver, and report on messages, including handling STOP, HELP, and other opt-out keywords.
• To bill for the service and prevent fraud and abuse.
• To respond to your requests and provide support, and to send service-related communications.
• To comply with legal, regulatory, and carrier requirements.

We do not use End User mobile opt-in data for our own marketing, and we do not sell personal information.

How we share information

We share personal information only as follows:

• Sub-processors & carriers — service providers and telecommunications carriers that help us deliver messages, register campaigns, host infrastructure, and process payments, bound by contract to protect the data and use it only to provide their service to us. See our Data Processing Addendum.
• The Campaign Registry & regulators — as required to register A2P brands and campaigns and to comply with carrier and regulatory obligations.
• Legal & safety — when required by law, legal process, or to protect the rights, safety, and security of Mittis, our Customers, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

We never share mobile information, opt-in data, or consent with third parties or affiliates for marketing or promotional purposes.

Data retention

We retain personal information for as long as needed to provide the service, comply with our legal and carrier obligations, resolve disputes, and enforce our agreements. Message content and metadata processed on behalf of a Customer are retained according to that Customer's settings and our agreement with them, after which the data is deleted or anonymized. You can request export or deletion of data as described below.

Your rights — California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined). You also have the right to limit the use of sensitive personal information and to not be discriminated against for exercising these rights. To exercise them, contact us at privacy@mittis.ai.

Your rights — EEA/UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. Where we rely on consent, you may withdraw it at any time. Our legal bases for processing include performance of a contract, legitimate interests in operating and securing the service, consent, and compliance with legal obligations. Where Mittis acts as a processor, please direct requests to the relevant Customer (controller); we will assist them as required. You may also lodge a complaint with your local supervisory authority.

International transfers

We may process and store information in the United States and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers of personal data.

Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure; we work continually to strengthen our safeguards.

Children's privacy

The Mittis platform is not directed to children, and we do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction).

Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice.

Contact us

For privacy questions or to exercise your rights, contact privacy@mittis.ai. For other legal matters, contact legal@mittis.ai. See also our Terms of Service, Acceptable Use Policy, and Messaging Policy.