Legal

Privacy Policy

Last updated: June 2026  ·  Effective immediately

This Privacy Policy explains how INTLEACHT RESEARCH LIMITED trading as rotneMIA ("rotneMIA", "we", "us", "our"), a limited company registered in Ireland and based in Coachford, Co. Cork, collects, uses, stores, and protects the personal data of people who use our website and services ("you", "your").

We are the data controller for personal data processed through rotneMIA. Our contact address for all data protection matters is hello@rotnemia.com.

We are based in the European Union (Ireland) and are subject to the EU General Data Protection Regulation (GDPR). The supervisory authority responsible for overseeing our compliance is the Data Protection Commission (DPC) Ireland, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 — dataprotection.ie.

1. What data we collect

The table below lists every category of personal data we collect, why we collect it, the legal basis under GDPR Article 6, and which system holds it.

DataPurposeLegal basisStored by
Email addressAccount creation, authentication, notificationsContract (Art. 6(1)(b))Supabase
Password (hashed)Account securityContract (Art. 6(1)(b))Supabase
Full nameAccount profileContract (Art. 6(1)(b))Supabase
Business plan contentGenerating and storing your AI business planContract (Art. 6(1)(b))Supabase
Mentor conversation historyProviding ongoing AI mentoringContract (Art. 6(1)(b))Supabase
Goals, targets, task boardExecution planning within the serviceContract (Art. 6(1)(b))Supabase
IP address (incidental)Security, abuse prevention, Vercel infrastructure logsLegitimate Interest (Art. 6(1)(f))Vercel
Payment informationProcessing subscriptionsContract (Art. 6(1)(b))Stripe (not stored by us)
Telegram chat_id + usernameConnecting your Telegram account to MIA (optional)Contract (Art. 6(1)(b))Supabase
Marketing consent recordRecording your consent to receive product update emailsConsent (Art. 6(1)(a))Supabase
Support email correspondenceResponding to help requests sent to help@Legitimate Interest (Art. 6(1)(f))Email inbox

Your Anthropic API key(optional): if you choose to supply your own Anthropic API key for unlimited mentor access, it is stored exclusively in your browser's local storage and is never transmitted to or stored on our servers.

Business plan content is primarily commercial data about your business idea. To the extent it relates to you as an individual (e.g. your qualifications, residence, or business role), we treat it as personal data and protect it accordingly.

2. How we use your data

We use your personal data only for the purposes stated in the table above. Specifically:

AI processing: your business plan content and mentor messages are sent to the Anthropic API to generate AI responses. Anthropic does not use API inputs or outputs to train its models — data sent via the API is deleted within 7 days by Anthropic. We do not store raw API responses; only the parsed text replies are retained in your session record.

3. Third-party processors

We share personal data with the following processors who act on our behalf. Each is bound by a Data Processing Agreement (DPA) or equivalent contractual safeguard.

Supabase Inc. (USA)

Provides our database and authentication infrastructure. All user account data, plan content, mentor history, tasks, and Telegram connections are stored here. DPA available at supabase.com/legal/dpa. Data is processed in EU regions where selected.

Vercel Inc. (USA)

Hosts and serves the rotneMIA web application. Vercel processes IP addresses and request metadata through its CDN and serverless infrastructure. DPA available at vercel.com/legal/dpa. Participates in the EU–US Data Privacy Framework.

Anthropic PBC (USA)

Provides the Claude AI model used to generate business plans and run mentor conversations. Your plan content and messages are transmitted to Anthropic for inference only — not for training. API data is deleted within 7 days. DPA available from Anthropic on request.

Stripe Inc. (USA)

Processes subscription payments. Stripe collects and stores your payment card details directly under their own privacy policy and are an independent data controller for payment processing. We receive only a transaction confirmation. Stripe participates in the EU–US Data Privacy Framework. stripe.com/privacy

Telegram Messenger Inc. (UAE) — optional

If you choose to connect your Telegram account, your Telegram chat_id and username are stored to link your account. Messages you send via Telegram are processed through Telegram's infrastructure before reaching our servers. See telegram.org/privacy.

Plane Technologies Inc. (USA) — optional

If you choose to export your task board to Plane, your task and epic data is transmitted directly to your own Plane account using your personal API token. We act as an intermediary processor on your instruction; no Plane data is retained by us.

GitHub Inc. (USA, Microsoft)

Hosts the source code of the rotneMIA application. No user personal data is stored in our code repository. GitHub acts as a processor for our development workflow only.

4. International data transfers

All third-party processors listed above are based outside the European Economic Area (EEA), primarily in the United States. Transfers are protected by one or more of the following mechanisms:

You can request a copy of the applicable transfer safeguards by contacting us at hello@rotnemia.com.

5. How long we keep your data

Active accounts

We retain your data for as long as your account is active and for as long as needed to provide the service.

Inactive accounts

If your account has no active paid subscription and has been inactive, we will delete your account and all associated personal data 2 years after your last payment lapses. We will send you reminder emails at 6 months, 3 months, 1 month, 1 week, and 1 day before deletion. You can prevent deletion by logging in or reactivating at any point.

Deleted accounts

When you delete your account, your personal data enters a 30-day grace period during which your data is retained in case you change your mind. After 30 days, your account and all associated personal data are permanently and irreversibly deleted from our primary systems. Deletion propagates to backups as backups are rotated.

Application logs

Server and infrastructure logs (held by Vercel and Supabase) are retained for a maximum of 90 days.

Payment records

Stripe retains payment transaction records under their own retention policy. We do not hold copies of payment data independently of Stripe.

6. Your rights

Under GDPR, you have the following rights in relation to your personal data:

To exercise any right, email hello@rotnemia.com. We will respond within 30 days (the GDPR maximum). For complex requests we may extend this to 60 days and will notify you. We will not charge a fee unless a request is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC): dataprotection.ie / 01 765 0100.

7. Marketing communications

We send weekly product update emails to users who have given explicit opt-in consent during registration. Every marketing email includes a one-click unsubscribe link. We do not pre-tick consent boxes. We do not share your email address with third parties for their marketing purposes.

We send transactional and service emails (account confirmations, password resets, inactivity warnings) without requiring separate consent, as these are necessary to operate the service.

8. Cookies

We use only essential cookies — session tokens and authentication cookies necessary to keep you logged in and to maintain security. These cookies do not track you across websites and do not require consent.

We do not currently use analytics cookies, advertising cookies, or third-party tracking. If we introduce analytics tools in the future, our Cookie Policy will be updated and any non-essential cookies will require your consent before being set.

9. Children

rotneMIA is an AI business mentoring tool intended for adults. We do not knowingly target, market to, or collect data from children under the age of 16. If you are under 16, please do not create an account. If we become aware that we have collected personal data from a child under 16, we will delete it promptly. If you believe a child has registered, please contact us at hello@rotnemia.com.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the DPC within 72 hours and, where required, notify you directly without undue delay.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email. Continued use of rotneMIA after changes are posted constitutes acceptance of the updated policy.

12. Contact us

For any questions about this Privacy Policy, to exercise your rights, or to make a data subject request:

INTLEACHT RESEARCH LIMITED trading as rotneMIA
Coachford, Co. Cork, Ireland
Email: hello@rotnemia.com

We aim to respond to all enquiries within 5 business days and to complete data subject requests within 30 days.