Privacy Policy

Effective date: May 6, 2026 · Last updated: May 6, 2026

Mium (“Mium,” “we,” “us”) builds tools to digitize, organize, and cook from physical cookbooks and personal recipes. This Privacy Policy explains what information we collect when you use the Mium app or getmium.com, why we collect it, who we share it with, and the choices you have. It applies to all Mium services (the “Service”).

Contents

Summary
Information we collect
How we use information
AI processing & OCR
When we share information
Service providers we rely on
Cookies, analytics, and tracking
Data retention
Security
Your rights and choices
Region-specific disclosures (US, EU/UK)
Children’s privacy
International data transfers
Changes to this policy
Contact

1. Summary

We collect the minimum we need to run the Service: your federated sign-in identity, your library content, and operational metadata.
Your private recipe library is yours. We do not publish it broadly, sell it, or use it to train foundational AI models.
AI processing happens on Google Gemini and Google Vision OCR. We send only what is needed to fulfill your request, and we operate under enterprise commitments that prohibit our content from being used for model training.
Payments are processed by Apple, Google, or Stripe depending on platform. We do not see your card data.
You can request access, correction, export, or deletion of your data at privacy@getmium.com.

2. Information we collect

You give us

Account information. When you sign in with Apple or Google we receive a federated identifier and the basic profile information you authorize the provider to share (typically email address and display name). If you use Sign in with Apple’s “Hide My Email” feature, we only see Apple’s relay address.
Library content. Recipes, cookbook records, ingredient lists, photos of pages you scan, photos you attach to recipes, notes, ratings, grocery lists, custom cookbook layouts, and any text you import or type. Photos are compressed and stored in Firebase Storage; recipe data is stored in Firestore.
Imports. When you share a URL, photo, or social-media post into Mium (web import, share-extension), we receive the source URL or media you sent.
Subscriptions and purchases. When you subscribe or buy Credits we receive a confirmation event from Apple, Google, or Stripe with the product identifier, transaction identifier, and subscription state. We do not receive your full payment-card number.
Partner and tax information. If you publish a cookbook, we collect the additional information described in the partner program agreement (display name, bio, payout method intent, and tax form data such as W-9 / W-8BEN fields).
Support correspondence. Anything you send to support@getmium.com or other Mium addresses.

We collect automatically

Device and app signals. Operating system version, app version and build number, device model class, language, time zone, crash and error logs, and Firebase App Check tokens used to verify the request comes from a legitimate Mium build.
Usage metadata. Counts of recipe imports, AI Cooking Chef requests, marketplace unlocks, and similar feature usage. We use this to enforce free-tier limits, detect abuse, and improve the product.
Network metadata. IP address, request paths, response codes, and timing for routine access logging.

We receive from third parties

Subscription state and entitlements from RevenueCat.
Payment confirmation, refund, and dispute events from Stripe (web).
Authentication state from Firebase Authentication, Apple, and Google.

3. How we use information

Purpose	Categories used	Legal basis (EU/UK)
Provide and operate the Service (sign-in, sync your library across devices, run scans, route notifications)	Account, library content, device signals	Performance of contract
Run AI extraction, OCR, and the AI Cooking Chef when you request them	Library content, your prompts, photos you attach	Performance of contract
Process subscriptions, Credit purchases, and refunds; detect failed payments	Account, purchase events, partner tax data	Performance of contract; legal obligation
Enforce free-tier limits, prevent abuse, secure the Service	Usage metadata, device signals, App Check tokens	Legitimate interests in protecting the Service
Customer support, dispute resolution, partner payout review	Account, support correspondence, transaction history	Performance of contract; legitimate interests
Product analytics and improvement, in aggregated or pseudonymized form	Usage metadata, device signals	Legitimate interests in improving the product
Sending transactional and security messages (account, billing, urgent notices)	Account, subscription state	Performance of contract; legal obligation
Comply with legal obligations, respond to lawful requests, enforce our Terms	As required by the request	Legal obligation; legitimate interests

We do not use your private library content to send marketing, sell to data brokers, or train foundational AI models.

4. AI processing & OCR

When you scan a cookbook page, import a URL that requires extraction, or use the AI Cooking Chef, Mium sends the relevant content to Google’s Gemini API and, for image scans, Google Cloud Vision OCR.

What is sent. The image, text, or prompt necessary to fulfill your request, plus instructions to the model. We do not attach your account email to model requests.
How long providers retain it. Google’s commercial Gemini and Vision APIs retain inputs and outputs only as needed to deliver the response and for a short abuse-review window, per their data processing terms. We do not enable optional “use my data to improve the product” settings.
No model training. Mium uses paid commercial endpoints under terms that prohibit your content from being used to train foundational models.
Quality of results. AI output may be wrong. See Section 5 of our Terms of Service for the food-safety waiver.

We share information only as described below.

Service providers (processors). See Section 6 for the list. They process data on our behalf under written contracts.
Marketplace authors. When you unlock or read a marketplace cookbook, the author whose cookbook you unlocked sees aggregated, non-identifying activity in their partner dashboard (number of unlocks, daily totals, in-app surfaces that drove the unlock). They do not receive your name, email, or library.
Public surfaces you opt into. If you publish a cookbook to the marketplace as an author, the author profile information you submitted (display name, bio, links you choose) is publicly visible. If you make a recipe shareable, the recipient(s) you share with can see that recipe. You control these settings.
Legal, safety, and enforcement. We may disclose information if we believe in good faith that it is necessary to (a) comply with law, regulation, or a valid legal process; (b) protect the rights, property, or safety of Mium, users, or the public; or (c) detect, prevent, or address fraud, security, or technical issues.
Business transfers. If Mium is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred to the surviving entity, subject to this Privacy Policy.
With your consent. For anything else, with your explicit permission.

6. Service providers we rely on

The following third parties process your data on our behalf:

Provider	What they do	Where
Google Firebase (Authentication, Firestore, Storage, App Check)	Identity, primary database for your library, image storage, integrity attestation	Google Cloud (United States and other regions)
Google Cloud (Gemini API, Vision API)	AI extraction and OCR for scans, imports, and the AI Cooking Chef	Google Cloud (regions per Google’s terms)
RevenueCat	Cross-platform subscription state for iOS and Android purchases	United States
Stripe	Web subscription billing, marketplace cookbook payments, partner payouts	United States; EU for EU customers under their data terms
Apple App Store, Google Play	iOS and Android subscription billing and refund processing	Per the platform operator
Railway	Hosting and access logs for the Mium API	United States

This list reflects the providers in use today. We update it when we materially change processors.

7. Cookies, analytics, and tracking

The Mium mobile app does not use third-party advertising trackers and does not display ads. iOS App Tracking Transparency is therefore not required for ad personalization, and we do not ask for it.

The Mium website (getmium.com) and the Stripe-hosted checkout flow use a small number of strictly necessary cookies and local storage entries to keep you signed in, remember your cart-equivalent context for marketplace flows, and preserve your preferences. Stripe operates its own anti-fraud signals on its checkout pages (per their privacy policy). We do not use third-party advertising or cross-site tracking cookies on the Mium domain.

8. Data retention

We keep your information for as long as your account is active or as needed to provide the Service:

Library content. Retained while your account is active and accessible to you across devices.
Account and subscription records. Retained while your account is active. After deletion, we keep limited transactional and tax records as required by law (typically up to 7 years for financial records).
Logs and analytics. Routinely deleted after operational windows (typically 30–90 days for verbose logs; longer for anti-abuse and security signals).
Partner earnings, tax forms, payout records. Retained for the period required by tax law and partner agreements.

9. Security

We use industry-standard safeguards including TLS in transit, encryption at rest in our managed databases, App Check to verify request authenticity, scoped admin SDK access on the server, and strict Firestore security rules that lock server-managed fields (such as your subscription status and free-tier counters) so they cannot be modified by clients. No system is perfectly secure; we cannot guarantee that information will always remain confidential, and you are responsible for safeguarding the federated identity you sign in with.

10. Your rights and choices

Access & portability. You can request a copy of the personal data we hold about you.
Correction. You can correct inaccurate information directly in the app or by emailing us.
Deletion. You can delete your account directly in the Mium app: go to Profile › Delete account and confirm. Deletion is permanent and immediate. You can also request deletion by emailing privacy@getmium.com from the address on the account. After deletion, we may retain limited records as described in Section 8.
Withdraw consent. Where we rely on consent, you can withdraw it at any time without affecting prior processing.
Object & restrict. Where applicable law gives you the right to object to or restrict processing based on our legitimate interests, you can do so.
Communication preferences. Transactional and security messages cannot be turned off while your account is active. We do not send marketing email by default.
Subscription cancellation. Manage subscriptions in Apple, Google, or Stripe per your purchase channel; see Section 6 of our Terms.

To exercise these rights, email privacy@getmium.com from the address on your account. We will respond within the time required by applicable law (generally within 30 days). We may need to verify your identity before acting.

11. Region-specific disclosures

California residents (CCPA / CPRA)

In the past 12 months we have collected the categories of personal information described in Section 2 (identifiers, commercial information, internet/network activity, geolocation inferred from IP, and inference data limited to product usage). We do not “sell” personal information for monetary value, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. California residents have the right to know, delete, correct, and opt-out of sale/sharing (not applicable here), and the right to be free from discrimination for exercising these rights. Submit requests to privacy@getmium.com.

We do not knowingly collect or sell the personal information of consumers under 16 years of age.

European Economic Area, United Kingdom, and Switzerland

For users in the EEA, the UK, and Switzerland, the legal bases on which we rely are listed in the table in Section 3. You have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR / UK GDPR. You can also lodge a complaint with the supervisory authority in your country of residence (for example, the ICO in the UK or your national DPA in the EU), although we encourage you to contact us first so we can try to resolve the matter directly.

International transfers: see Section 13.

Other jurisdictions

If you are located in Australia, Brazil, Canada, or another jurisdiction with comprehensive privacy law, you have the rights granted by your local law. Contact us at the address below to exercise them.

12. Children’s privacy

Mium is not directed to children under 13, and we do not knowingly collect personal information from children under 13. In the EEA, this minimum age is 16 (or the age set by your member state). If you believe a child has provided us with personal information, contact privacy@getmium.com and we will delete it.

13. International data transfers

Mium is operated from the United States and our primary processors (Firebase, Google Cloud, Stripe, RevenueCat, Railway) operate global infrastructure. When you use the Service from outside the United States, your information may be transferred to and processed in the United States and other countries that may have different data-protection laws than your jurisdiction. Where required by law (such as transfers from the EEA, UK, or Switzerland), we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

14. Changes to this policy

We may revise this Privacy Policy. We will update the “Last updated” date and, for material changes, give reasonable advance notice in-app or by email before the change takes effect.

15. Contact

Privacy and data-rights requests: privacy@getmium.com
General support: support@getmium.com
Legal notices: legal@getmium.com

See also our Terms of Service and Store Policy.