Privacy Policy

1. Introduction

MYGIA LLC ("MYGIA," "we," "our"), is committed to protecting the privacy of individuals. This Privacy Policy describes how we collect, use, disclose, store and protect personal information of our clients, website users and business contacts.

This policy applies to all services, products and digital properties operated by MYGIA, including the mygia.online website.

This policy complies with CCPA, CPRA, COPPA, CAN-SPAM Act, TCPA and other US federal and state privacy laws. This policy is NOT subject to European GDPR or any Latin American data protection laws.

By using our Services, you agree to the practices described in this Policy.

2. Information We Collect

We collect the following types of information:

A. Personal Information

Full name and professional titles
Email address
Phone number and WhatsApp number
Postal address and country of residence
Social media profile information (Instagram, TikTok, LinkedIn, Facebook)
Business information (name, industry, size)

B. Usage Information

IP address and approximate geolocation data
Device type, operating system and browser
Pages visited, time on site and traffic source
Actions taken on our platforms and automation flows
Click data, conversions and tracking events
Cookies, tracking pixels and similar technologies

C. AI Interaction Data

Messages, queries and conversations with our AI agents
Content generated as a result of interactions with our AI systems
Feedback and ratings on AI outputs
WhatsApp conversation history managed through our systems
Preferences and settings expressed in AI interactions

D. Payment Information

Billing information (name, billing address)
Last 4 digits of credit/debit card (securely processed by payment providers)
Transaction history and invoices
Note: Full card data is NEVER stored by MYGIA; it is processed directly by our PCI-DSS certified payment processors.

3. How We Collect Information

We collect information through the following methods:

Directly from you: When you register, contract services, fill out forms, or message us.
Automatically: Through cookies, tracking pixels, Google Analytics, Meta Pixel and similar technologies.
Third-party platforms: When you authorize us to connect with your Instagram, WhatsApp Business, Facebook, TikTok or LinkedIn account.
AI agent interactions: Through WhatsApp conversations or other messaging platforms managed by our automation systems.
Business partners: When a partner or affiliate refers your data with your consent.
Public sources: Public social media profiles or business directories, solely for business prospecting purposes.

4. How We Use Your Data

We use the information collected for the following purposes:

Service delivery: To execute the contracted automation, consulting and content creation services.
Communications: To send service updates, invoices, support notifications and respond to inquiries.
Marketing: With your consent, to send commercial communications and updates about new MYGIA services.
Product improvement: To analyze Services usage, identify errors and improve our platforms and AI agents.
Personalization: To tailor Services and communications to your specific preferences and needs.
Security and fraud: To detect, prevent and investigate fraudulent activities or security violations.
Legal compliance: To comply with applicable legal obligations, respond to legal processes or enforce our agreements.
Analytics and statistics: To generate anonymous and aggregated performance reports.
AI training: We may use aggregated and anonymized data to improve our AI models. We never use identifiable personal data for training without express consent.

5. Legal Bases for Processing

The processing of your personal information is based on the following legal bases under US law:

Contract performance: When processing is necessary to fulfill the services you have contracted.
Legitimate interest: For security, fraud prevention, service improvement and direct marketing to existing clients.
Consent: For marketing communications to prospects, non-essential cookies and AI interaction data processing.
Legal obligation: When we must process data to comply with applicable US federal or state laws.

6. How We Share Your Data

We do not sell your personal data to third parties. We may share information in the following circumstances:

Service providers: With companies that help us operate our Services (payment processors, email platforms, analytics tools).
AI providers: With AI technology providers (see Section 7) to generate outputs forming part of the Services.
Messaging platforms: With Meta (WhatsApp Business API) for managing automated communications.
Legal compliance: When required by law, court order, subpoena or valid legal process issued by US authorities.
Rights protection: To protect the rights, property or safety of MYGIA, our clients or the public.
Corporate transactions: In the context of a merger, acquisition, asset sale or corporate reorganization.
With your consent: In any other case, only with your prior express consent.

7. AI Sub-processors

To deliver our AI automation services, we use the following AI technology providers as data sub-processors:

OpenAI View Policy

GPT-4 and other models for text generation, analysis and conversational automation in AI agents.

Anthropic (Claude) View Policy

Claude models for advanced reasoning, document analysis and enterprise content generation.

Google (Gemini / Vertex AI) View Policy

Gemini models and Vertex AI services for semantic search, visual analysis and multimodal processing.

Meta (WhatsApp Business API) View Policy

Official WhatsApp Business API platform for automated client communications.

By using our Services, you acknowledge that your interaction data may be processed by these providers according to their own privacy policies. We recommend reviewing those policies.

8. Your Privacy Rights (CCPA/CPRA)

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

If you are a California resident, you have additional rights under CCPA/CPRA. Similar rights may apply for residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA) and other states with active privacy laws.

Under US privacy laws, you have the following rights:

Right to Know

You may request detailed information about what categories of personal data we have collected about you, for what purpose, with whom we shared it and how long we retain it.

Right to Delete

You may request deletion of your personal data, subject to certain legal exceptions (e.g., data necessary to fulfill a pending contractual obligation, legal retention requirements, fraud prevention).

Right to Correct

You may request correction of inaccurate personal information we hold about you. We will take reasonable steps to update the data.

Right to Data Portability

You may request a copy of your personal data in a structured, commonly used and machine-readable format.

Right to Opt-Out of Sale/Sharing

You have the right to instruct us not to sell or share your personal data with third parties for cross-context behavioral advertising purposes.

Right to Non-Discrimination

We will not discriminate against you or deny services, charge higher prices or provide inferior service quality for exercising your privacy rights.

Right to Limit Use of Sensitive Information

Under CPRA, you may limit the use and disclosure of your sensitive personal information to the purposes necessary to provide the services.

How to Exercise Your Rights

To exercise any of these rights, submit your request to:

[email protected] WhatsApp: +1 (954) 228-3490

We will respond to your verifiable request within 45 days of receipt. For complex cases, we may extend this deadline by up to 45 additional days with prior notice.

9. Do Not Sell / Do Not Share Disclosure

MYGIA does NOT sell personal data to third parties.

We do not engage in the sale of personal information as defined under CCPA/CPRA.

Under CCPA/CPRA, "sale" includes certain types of data exchanges, including the use of behavioral advertising cookies. Regarding this:

We may use Meta and Google tracking pixels on our website for advertising, which under a broad CCPA definition could constitute "sharing" of usage data for cross-context advertising.
You can opt out of this type of use by managing your cookie preferences or submitting a request to [email protected].
We also do not share your personal information with data brokers.
If you are a California resident, exercise your "Do Not Sell or Share My Personal Information" right by emailing [email protected] with subject "CCPA Opt-Out".

For users in other states with similar laws (Virginia, Colorado, Connecticut, Utah, Texas), you may also request opt-out of use of your data for personalized advertising through the same process.

10. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected.

Active client data: Throughout the business relationship and up to 3 years after contract termination.
Transaction records: 7 years for tax and accounting compliance under US law.
WhatsApp/AI conversations: Up to 12 months unless the contract specifies otherwise.
Analytics data: Up to 26 months in aggregated and anonymized form.
Opt-out requests and rights: Permanently, to verify compliance with your requests.
Post-termination: Following a valid deletion request, we will destroy or anonymize your data within 90 days.

11. Data Security

We implement reasonable technical and organizational measures to protect your personal data.

Encryption: Data in transit is protected by TLS/SSL. Sensitive data at rest is encrypted on our servers.
Restricted access: Only authorized personnel with a legitimate need can view personal data.
Secure infrastructure: Our servers are protected with firewalls, fail2ban, SSH key-only access and intrusion monitoring.
Audits: We conduct periodic security reviews of our systems and vendors.
Breach notification: In the event of a security breach affecting your data, we will notify you in accordance with applicable US state breach notification laws.

No security system is impenetrable. We cannot guarantee the absolute security of your data, but we commit to maintaining security standards appropriate to the processing risk.

12. International Data Transfers

MYGIA is based in the United States of America. If you access our Services from outside the US, your data will be transferred, processed and stored in the US, where data protection laws may differ from those of your country of residence.

By using our Services, you expressly consent to the transfer of your data to the US and other countries where we operate or where our AI sub-processors operate (OpenAI, Anthropic, Google).

For clients from countries outside the US, we may implement appropriate contractual safeguards to protect your data during international transfers.

This policy does NOT serve as a transfer mechanism to or from the European Union. MYGIA does not direct its services to EU residents and is not subject to GDPR.

13. Children's Privacy (COPPA)

Our services are NOT directed to children under 13 years of age.

MYGIA does not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). Our Services are designed for businesses and adults.

If we discover we have inadvertently collected data from a child under 13, we will take immediate steps to delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

For users between 13 and 17, use of our Services requires verifiable consent from a parent or legal guardian.

14. Third-Party Websites and Services

Our website and Services may contain links to third-party websites, applications or services. This Privacy Policy does not apply to those third parties.

We are not responsible for the privacy practices of third-party sites or services. We recommend reading the privacy policies of any third-party site before providing your personal information.

The following third-party services may be integrated into our platforms:

Google Analytics, Google Ads
Meta Pixel, Meta CAPI
WhatsApp Business API (Meta)
Stripe (procesamiento de pagos)
n8n (plataforma de automatización)
Chatwoot (gestión de comunicaciones)

15. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements or other operational reasons.

When we make material changes, we will notify you through:

Notice on our homepage (mygia.online) at least 30 days in advance.
Email to registered users when changes are significant.
Update of the 'Last updated' date at the top of this page.

Continued use of the Services after publication of changes will constitute your acceptance of the updated policy.

16. Contact Information & State-Specific Disclosures

Data Controller: MYGIA LLC

Privacy Email: [email protected]

General Email: [email protected]

WhatsApp: +1 (954) 228-3490

Social Media: @getmygia (Instagram, TikTok, Facebook, LinkedIn)

California Residents

Under California Civil Code Section 1798.83 (Shine the Light), California residents may request information about the disclosure of personal data to third parties for their own direct marketing purposes. For CCPA/CPRA requests, use subject line 'California Privacy Rights'.

Virginia Residents (VCDPA)

Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have similar rights to those described in Section 8. Use subject line 'Virginia Privacy Rights'.

Colorado and Connecticut Residents

Residents of Colorado (CPA) and Connecticut (CTDPA) have similar rights under their respective privacy laws. Use subject line 'Colorado/Connecticut Privacy Rights'.

Appeal Process

If your rights request is denied, you may appeal by sending an email with subject 'Privacy Rights Appeal'. We respond within 60 days. You may also file a complaint with the Attorney General of your state.