Privacy Policy

Introduction

Hire Mika ("Mika," "we," "us," or "our") is a service of Dcipher LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website at hiremika.com, our dashboard, our API, and the Mika chat widget embedded on customer websites (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Information We Collect

From Customers (Business Owners)

When you create an account, we collect:

• Name, email address, and password (hashed, never stored in plain text)
• Business name, website URL, and domain
• Business details provided during onboarding: services offered, hours of operation, location, goals, and custom knowledge base content
• Billing information (processed and stored by Stripe; we do not store your full card number)
• Usage data: message counts, conversation counts, lead counts, and feature usage

From Website Visitors (End Users of the Widget)

When a visitor interacts with the Mika widget on a customer's website, we may collect:

• Messages sent to Mika during the conversation (processed in real time, not permanently stored after the session ends)
• Contact information voluntarily provided by the visitor (name, email, phone number) as part of lead capture
• A brief automated summary of the conversation when a lead is captured
• IP address (used for rate limiting and abuse prevention, not linked to conversation content)

Automatically Collected Information

• Server logs: IP address, request timestamps, HTTP status codes, and response times
• Essential cookies for authentication and session management (no third-party tracking cookies or advertising pixels)

How We Use Your Information

• To configure and operate your Mika assistant using the business information you provide
• To process visitor messages through our language model system and generate real-time responses
• To capture and deliver lead information to the business owner
• To process billing and manage subscriptions
• To send transactional emails (lead notifications, payment receipts, appointment confirmations, account alerts)
• To send marketing emails with tips and product updates, only if you opt in during signup. You can unsubscribe at any time.
• To enforce rate limits, prevent abuse, and maintain the security of the Service
• To generate aggregate, anonymized usage statistics for service improvement

Language Models and Data Processing

Mika uses advanced language models provided by Anthropic (Claude) to generate conversational responses, with Google (Gemini) as a fallback provider. When a visitor sends a message through the widget:

• The message is sent to Anthropic's API for processing alongside the business's system prompt (which contains business information, not visitor data)
• Anthropic processes inputs and outputs to provide the service but does not use them to train their models, per their usage policy
• Visitor conversation content is not permanently stored in our database after the session ends
• We do not use visitor conversations to train, fine-tune, or improve any models

For more information about Anthropic's data practices, see Anthropic's Privacy Policy.

Data Sharing and Disclosure

We do not sell, rent, or share personal information for marketing purposes. We share data only in the following circumstances:

• Service providers: We use third-party services to operate the platform (see "Third-Party Services" below). These providers process data only as necessary to perform their function.
• Business owners: Lead information captured through the widget is shared with the customer whose website the visitor was on.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Safety: We may disclose information when we believe it is necessary to prevent fraud, protect the safety of any person, or protect our rights.

Third-Party Services

We rely on the following third-party providers:

• Anthropic (Claude) — Primary language model for generating conversational responses
• Google (Gemini) — Fallback language model used when the primary provider is unavailable
• Stripe — Payment processing and subscription management (see Stripe's Privacy Policy)
• Resend — Transactional email delivery
• Neon — Database hosting
• Vercel — Web application hosting
• Railway — API server hosting
• Sentry — Error tracking and performance monitoring (no personal data is sent)

Each provider operates under its own privacy policy and data processing terms.

Data Security

We implement industry-standard measures to protect your data:

• All data in transit is encrypted via TLS/HTTPS
• Passwords are hashed using bcrypt before storage
• Customer data is isolated at the application level — each customer can only access their own data
• API keys are generated with high-entropy randomness and can be rotated at any time
• Security headers (HSTS, CSP, X-Content-Type-Options) are enforced on all responses
• Rate limiting protects against brute-force and abuse attacks

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Cookies and Tracking

We use only essential cookies required for authentication and session management. We do not use:

• Third-party tracking cookies
• Advertising pixels or retargeting scripts
• Analytics cookies that track individual users

The Mika chat widget does not set any cookies on visitors' browsers.

Data Retention

• Visitor conversations: Not permanently stored. Content is processed in real time and discarded after the session ends.
• Lead data: Retained for as long as the customer account is active, or until the customer deletes it.
• Customer account data: Retained for as long as your account is active. Deleted permanently when you delete your account.
• Server logs: Retained for up to 30 days for operational purposes, then automatically purged.
• Scrape cache: Cached website data is automatically purged after 45 days of inactivity.

Your Rights and Choices

You have the right to:

• Access your data: Export all your account data in JSON format from the Account page in your dashboard.
• Correct your data: Update your business information at any time through the dashboard Settings page.
• Delete your data: Permanently delete your account and all associated data from the Account page. This action is irreversible.
• Revoke API access: Rotate your public API key at any time, immediately invalidating the old key.
• Opt out of marketing emails: Unsubscribe from marketing communications at any time via the unsubscribe link in any email, or from the Account page in your dashboard. Transactional emails (lead notifications, billing alerts) are not affected.

If you are a website visitor and wish to have your lead information removed, please contact the business that operates the website where you interacted with Mika.

Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly.

International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify customers of material changes via email or through the dashboard. The "Effective date" at the top of this page indicates when the policy was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at labs@dcipher.dev.

Hire Mika is a service of Dcipher LLC.