Data Privacy Policy

Last Updated: December 4, 2025

Background

At Mima Health, we are committed to protecting and respecting your privacy. This Data Privacy Policy defines the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The framework of reference of the current Data Privacy Policy is the European Global Data Privacy Regulation (EU 2016/679), in this document referred to as “GDPR”. Mima Health is a company incorporated in France – ZA COURTABOEUF, 7 AVENUE DE LAPONIE, 91940 LES ULIS, in this document referred to as “Mima”.

Data Controller

Mima is the Data Controller, as defined in the GDPR. You can contact the Data Privacy Officer of Mima by writing to datapolicy@askmima.com, or in writing to France – ZA COURTABOEUF, 7 AVENUE DE LAPONIE, 91940 LES ULIS.

What data we collect

Mima processes the following types of personal data:

  • Personal identification: first and last name, gender, age, address, nationality.
  • Usage Data: information about how you interact with the app, such as usage patterns, app settings, and technical data (e.g., device information, IP address, etc.).
  • Health-related Data: information about your condition, therapies and symptoms.
  • Conversation Data: all interactions and conversations you have with Mima, which may include symptoms or health-related data.
  • Other Data: any other information you voluntarily provide while using Mima.

Purpose and legal basis for the processing of personal data

We collect and process your data for the following purposes:

  • Provision of the Mima App services: to provide responses based on the information you share (for example, process voice recordings using speech-to-text to extract symptom data), and to display the evolution over time of the information you have provided.
  • Improvement of Mima's Capabilities: to enhance Mima’s performance, improve user experience, and refine our algorithms to better understand and extract symptom data.
  • Personalization: to customize your experience and offer personalized feedback or responses, such as displaying in your personal timeline content relevant to your medical history.
  • Service Maintenance: to maintain and optimize the app's functionality and technical performance.
  • Invitation to research: to identify relevant research opportunities and invite you to participate, if you choose.

Legal bases:

  • Provision of the service, service maintenance, personalization, invitation to research opportunities: Contractual obligation
  • Improvement of Mima capabilities: Legitimate Interest
  • Collection and processing of Health Data: Explicit consent

We process your health data under GDPR Art. 9(2)(a), as necessary for the provision of services, with your explicit consent. We do not sell, share, or use your data for advertising purposes.

Account creation and agreement to Terms

To use the Mima App, you must download and install the Mima App on your smartphone. Then, you will be asked to:

  • agree to our Terms of Service;
  • provide explicit consent to process your health data.

Both agreements are required to use Mima: if you do not provide both, we cannot create your account and you cannot use the service. You understand that you can withdraw this consent at any time by deleting your account.

Who Has Access to Your Data

Your data is only accessible to:

  • Mima and Its Servers: The data is processed and stored securely within our servers. We utilize encryption technologies to safeguard your personal information.
  • Authorized Personnel: Only authorized employees of Mima or contractors who need access to this data to improve the app or provide technical support will have access.
  • Third-Party Service Providers: In certain cases, we may use trusted third-party service providers (e.g., cloud hosting services) who process your data under strict confidentiality and security obligations. These providers will never access your personal data for purposes other than service provision.

Participation in research activities

From time to time, you may be invited to participate in research activities; in this case:

  • Participation is voluntary: your participation is entirely optional and will not affect your access to Mima's services in any way.
  • Participation is for each research activity separately: for every research opportunity, you will receive an invitation with more details (such as the purpose, methods, and estimated time required) and you can choose whether to participate. Even if you have participated in a previous research, you remain free to decline any future one.
  • No impact if you do not participate: if you do not want to participate in the research, you can simply ignore the invitations. This will not affect the Mima services you are receiving.

Your Rights

You have the following rights with respect to your data:

  • Access: You may request a copy of the personal data we hold about you.
  • Deletion: You may request that we delete your personal data from our systems. Upon such request, we will erase all your data unless we are required by law to retain it.
  • Correction: If your data is inaccurate or incomplete, you may request that we correct or update it.
  • Restriction: You can request that we limit the processing of your data in certain cases (e.g., if you contest its accuracy).

How Long We Keep Your Data

We retain your data for as long as necessary to provide our services or as required by law. If you request deletion of your data, we will ensure it is deleted within 90 days, unless a longer retention period is required by law or for operational reasons.

Security Measures

We take data security seriously and implement industry-standard measures to protect your data. This includes encryption, regular security assessments, and access controls to prevent unauthorized access, disclosure, or alteration of your data.

Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Any update to this policy will be published on Mima Health homepage and communicated to you through the app. Your continued use of Mima after the changes go into effect will indicate your acceptance of the revised policy.