Last updated: June 2026 · Effective immediately
This Privacy Policy explains how INTLEACHT RESEARCH LIMITED trading as rotneMIA ("rotneMIA", "we", "us", "our"), a limited company registered in Ireland and based in Coachford, Co. Cork, collects, uses, stores, and protects the personal data of people who use our website and services ("you", "your").
We are the data controller for personal data processed through rotneMIA. Our contact address for all data protection matters is hello@rotnemia.com.
We are based in the European Union (Ireland) and are subject to the EU General Data Protection Regulation (GDPR). The supervisory authority responsible for overseeing our compliance is the Data Protection Commission (DPC) Ireland, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 — dataprotection.ie.
The table below lists every category of personal data we collect, why we collect it, the legal basis under GDPR Article 6, and which system holds it.
| Data | Purpose | Legal basis | Stored by |
|---|---|---|---|
| Email address | Account creation, authentication, notifications | Contract (Art. 6(1)(b)) | Supabase |
| Password (hashed) | Account security | Contract (Art. 6(1)(b)) | Supabase |
| Full name | Account profile | Contract (Art. 6(1)(b)) | Supabase |
| Business plan content | Generating and storing your AI business plan | Contract (Art. 6(1)(b)) | Supabase |
| Mentor conversation history | Providing ongoing AI mentoring | Contract (Art. 6(1)(b)) | Supabase |
| Goals, targets, task board | Execution planning within the service | Contract (Art. 6(1)(b)) | Supabase |
| IP address (incidental) | Security, abuse prevention, Vercel infrastructure logs | Legitimate Interest (Art. 6(1)(f)) | Vercel |
| Payment information | Processing subscriptions | Contract (Art. 6(1)(b)) | Stripe (not stored by us) |
| Telegram chat_id + username | Connecting your Telegram account to MIA (optional) | Contract (Art. 6(1)(b)) | Supabase |
| Marketing consent record | Recording your consent to receive product update emails | Consent (Art. 6(1)(a)) | Supabase |
| Support email correspondence | Responding to help requests sent to help@ | Legitimate Interest (Art. 6(1)(f)) | Email inbox |
Your Anthropic API key(optional): if you choose to supply your own Anthropic API key for unlimited mentor access, it is stored exclusively in your browser's local storage and is never transmitted to or stored on our servers.
Business plan content is primarily commercial data about your business idea. To the extent it relates to you as an individual (e.g. your qualifications, residence, or business role), we treat it as personal data and protect it accordingly.
We use your personal data only for the purposes stated in the table above. Specifically:
AI processing: your business plan content and mentor messages are sent to the Anthropic API to generate AI responses. Anthropic does not use API inputs or outputs to train its models — data sent via the API is deleted within 7 days by Anthropic. We do not store raw API responses; only the parsed text replies are retained in your session record.
We share personal data with the following processors who act on our behalf. Each is bound by a Data Processing Agreement (DPA) or equivalent contractual safeguard.
Provides our database and authentication infrastructure. All user account data, plan content, mentor history, tasks, and Telegram connections are stored here. DPA available at supabase.com/legal/dpa. Data is processed in EU regions where selected.
Hosts and serves the rotneMIA web application. Vercel processes IP addresses and request metadata through its CDN and serverless infrastructure. DPA available at vercel.com/legal/dpa. Participates in the EU–US Data Privacy Framework.
Provides the Claude AI model used to generate business plans and run mentor conversations. Your plan content and messages are transmitted to Anthropic for inference only — not for training. API data is deleted within 7 days. DPA available from Anthropic on request.
Processes subscription payments. Stripe collects and stores your payment card details directly under their own privacy policy and are an independent data controller for payment processing. We receive only a transaction confirmation. Stripe participates in the EU–US Data Privacy Framework. stripe.com/privacy
If you choose to connect your Telegram account, your Telegram chat_id and username are stored to link your account. Messages you send via Telegram are processed through Telegram's infrastructure before reaching our servers. See telegram.org/privacy.
If you choose to export your task board to Plane, your task and epic data is transmitted directly to your own Plane account using your personal API token. We act as an intermediary processor on your instruction; no Plane data is retained by us.
Hosts the source code of the rotneMIA application. No user personal data is stored in our code repository. GitHub acts as a processor for our development workflow only.
All third-party processors listed above are based outside the European Economic Area (EEA), primarily in the United States. Transfers are protected by one or more of the following mechanisms:
You can request a copy of the applicable transfer safeguards by contacting us at hello@rotnemia.com.
We retain your data for as long as your account is active and for as long as needed to provide the service.
If your account has no active paid subscription and has been inactive, we will delete your account and all associated personal data 2 years after your last payment lapses. We will send you reminder emails at 6 months, 3 months, 1 month, 1 week, and 1 day before deletion. You can prevent deletion by logging in or reactivating at any point.
When you delete your account, your personal data enters a 30-day grace period during which your data is retained in case you change your mind. After 30 days, your account and all associated personal data are permanently and irreversibly deleted from our primary systems. Deletion propagates to backups as backups are rotated.
Server and infrastructure logs (held by Vercel and Supabase) are retained for a maximum of 90 days.
Stripe retains payment transaction records under their own retention policy. We do not hold copies of payment data independently of Stripe.
Under GDPR, you have the following rights in relation to your personal data:
To exercise any right, email hello@rotnemia.com. We will respond within 30 days (the GDPR maximum). For complex requests we may extend this to 60 days and will notify you. We will not charge a fee unless a request is manifestly unfounded or excessive.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC): dataprotection.ie / 01 765 0100.
We send weekly product update emails to users who have given explicit opt-in consent during registration. Every marketing email includes a one-click unsubscribe link. We do not pre-tick consent boxes. We do not share your email address with third parties for their marketing purposes.
We send transactional and service emails (account confirmations, password resets, inactivity warnings) without requiring separate consent, as these are necessary to operate the service.
We use only essential cookies — session tokens and authentication cookies necessary to keep you logged in and to maintain security. These cookies do not track you across websites and do not require consent.
We do not currently use analytics cookies, advertising cookies, or third-party tracking. If we introduce analytics tools in the future, our Cookie Policy will be updated and any non-essential cookies will require your consent before being set.
rotneMIA is an AI business mentoring tool intended for adults. We do not knowingly target, market to, or collect data from children under the age of 16. If you are under 16, please do not create an account. If we become aware that we have collected personal data from a child under 16, we will delete it promptly. If you believe a child has registered, please contact us at hello@rotnemia.com.
We implement appropriate technical and organisational measures to protect your personal data, including:
No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the DPC within 72 hours and, where required, notify you directly without undue delay.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email. Continued use of rotneMIA after changes are posted constitutes acceptance of the updated policy.
For any questions about this Privacy Policy, to exercise your rights, or to make a data subject request:
INTLEACHT RESEARCH LIMITED trading as rotneMIA
Coachford, Co. Cork, Ireland
Email: hello@rotnemia.com
We aim to respond to all enquiries within 5 business days and to complete data subject requests within 30 days.