Mila Privacy Policy

Welcome to Mila ("we", "us", "our"), the European manor floral handcraft guide application committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application (the "Service"). By accessing or using Mila, you consent to the collection and use of information in accordance with this policy.

1. Information We Collect & Transmission Details

We collect information to provide and enhance our floral craft service, focusing on delivering personalized European manor-style floral arrangement guidance. The types of information we collect, transmission methods, and storage locations are explicitly detailed below:

1.1 Personal Information (Collected & Stored Locally/Transmitted to Cloud)

• Account Information: Email address (string type), username (string type), and password (hashed string type) – collected via user voluntary input during account creation, transmitted via SSL/TLS encrypted channels to our AWS cloud server (US region) for identity verification and account management; stored locally on user device (encrypted) and cloud server (AES-256 encrypted)
• Profile Preferences: Floral style selections (enumerated type: French Romantic / English Countryside), saved tutorials (ID list type), favorite floral arrangements (ID list type) – collected via user interaction with style selection cards/tutorial bookmark buttons, transmitted via SSL/TLS encrypted channels to our cloud server for personalized service, stored locally on user device and cloud server
• Contact Information: Name (string type), email address (string type), communication content (text type) – collected via user voluntary submission to support team, transmitted via SSL/TLS encrypted channels to our customer support system, stored on cloud server for inquiry resolution

1.2 Visual and User-Generated Content (Collected & Transmitted to Cloud/Third-Party)

• Uploaded Photos: Portrait photos (JPG/PNG binary type, maximum 10MB per file) of users holding finished floral bouquets – collected via user voluntary upload to community feature, transmitted via SSL/TLS encrypted channels to our cloud storage server and OpenRouter (only for AI-driven content recommendation if enabled by user), stored on cloud server (AES-256 encrypted) and user device; transmission to OpenRouter is limited to photo metadata (resolution, format) and non-identifiable image features (no raw image data)
• Usage Data: Floral style card selection records (timestamp + style ID), tutorial view records (timestamp + tutorial ID), likes (timestamp + content ID + user ID), bookmarks (content ID + user ID) – collected automatically via app interaction tracking, transmitted via SSL/TLS encrypted channels to our cloud server and OpenRouter (for AI optimization of recommendation algorithms), stored on cloud server for 12 months (then anonymized)

1.3 Device and Technical Information (Collected Automatically & Transmitted to Cloud/Third-Party)

• Device Information: Device model (string type), operating system version (string type), unique device identifiers (UUID string type), IP address (IPv4/IPv6 string type), mobile network information (carrier name + network type) – collected automatically upon app launch, transmitted via SSL/TLS encrypted channels to our cloud server and OpenRouter (for AI-driven compatibility optimization), stored on cloud server for app compatibility assurance
• Automatically Collected Data: Log data (app performance metrics: CPU/memory usage, error codes; text type), session duration (timestamp interval), feature usage statistics (count of interactions per feature) – collected automatically during app usage, transmitted via SSL/TLS encrypted channels to our cloud server and OpenRouter (for AI analysis of usage patterns), stored on cloud server for 12 months (then anonymized)
• Optional Location Data: Approximate location (latitude/longitude float type, accurate to 1km) – collected only with explicit user permission via device location services, transmitted via SSL/TLS encrypted channels to our cloud server (never transmitted to OpenRouter), used for region-specific floral material recommendations, stored on cloud server and deleted upon user request or app uninstall

2. Purpose of Information Use (All Scenarios)

We use the collected information for the following legitimate business purposes related to floral craft guidance, with clear delineation of scenarios involving third-party AI services:

• To provide, maintain, and improve the Mila Service: Deliver personalized floral arrangement tutorials based on user style preferences (local device processing + cloud-based AI recommendation via OpenRouter)
• To personalize user experience: Save favorite floral styles and bookmarked arrangement steps for quick access (local device storage + cloud sync)
• To facilitate community features: Display user floral creation photos, enable likes/comments on shared content, connect users with other floral enthusiasts (cloud storage + AI-driven content recommendation via OpenRouter for relevant community content matching)
• To process payments for premium floral content: Handle payments for exclusive European manor-style tutorials via Apple App Store/Google Play Store (no payment data stored by Mila or transmitted to OpenRouter)
• To communicate with users: Send app updates, new floral tutorials, or important policy changes (email/SMS with explicit user consent for promotional communications; no data transmitted to OpenRouter for this purpose)
• To analyze usage patterns: Improve floral recommendation algorithms and app performance (AI analysis via OpenRouter using anonymized usage data and device information)
• To ensure Service security: Prevent fraudulent or unauthorized activities (local device security checks + cloud-based AI threat detection via OpenRouter using device information and usage logs)
• To comply with legal obligations: Respond to lawful requests from regulatory authorities (no data transmitted to OpenRouter for this purpose)

3. Third-Party Service Data Processing (Including AI Services)

We engage trusted third-party service providers to perform functions on our behalf, including specific AI service providers. These third parties may access your information only to perform specific tasks and are contractually obligated not to disclose or use it for any other purpose:

• Payment Processors: Apple App Store, Google Play Store – process payments for premium floral content; we do not store payment details, and no payment data is transmitted to AI service providers
• Analytics Providers: Google Analytics – help understand app usage to improve floral tutorial relevance; no data is shared with OpenRouter from Google Analytics
• Cloud Storage Providers: Amazon S3 – secure storage for uploaded floral creation photos (encrypted and only accessible to users); photo metadata (not raw photos) may be shared with OpenRouter for AI recommendation optimization
• Customer Support Services: Zendesk – assist with user inquiries about floral tutorials or account issues (access only to necessary contact information; no data shared with OpenRouter)
• AI Service Provider: OpenRouter – provides AI-driven content recommendation, usage pattern analysis, and app performance optimization services; receives anonymized device information, usage data, and photo metadata (no identifiable personal information or raw photo data); data shared with OpenRouter is transmitted via end-to-end encrypted channels and used exclusively for improving Mila's floral craft guidance features

We ensure all third-party providers (including OpenRouter) adhere to strict data protection standards compliant with global privacy regulations (including GDPR and CCPA) and maintain confidentiality agreements to protect your information. OpenRouter has demonstrated data protection capabilities equivalent to or exceeding Mila's standards, including compliance with ISO 27001, GDPR Article 44-50 (standard contractual clauses), and implementation of end-to-end encryption for all transmitted data, regular security audits, and strict access controls limiting employee access to data on a "need-to-know" basis.

4. Information Sharing and Disclosure (Full Details)

We do not sell your personal information to third parties for commercial purposes. We may share your information only in the following limited circumstances, with explicit disclosure of transmission to AI service providers:

• With Your Explicit Consent: Sharing floral creation photos to social media platforms at user request (no data shared with OpenRouter for this purpose); enabling AI-driven content recommendation via OpenRouter (requires separate user consent during feature activation)
• With Service Providers: As described in Section 3 – sharing anonymized device information, usage data, and photo metadata with OpenRouter for AI-driven floral craft guidance optimization; sharing contact information with Zendesk for customer support; sharing payment transaction data with Apple App Store/Google Play Store (no AI service provider access to payment data)
• Legal Requirements: When required by law, court order, or governmental request, or to protect our rights, property, or safety (or the rights/safety of other users) – data disclosed to legal authorities does not include data transmitted to OpenRouter unless explicitly required by law
• Business Transfers: In connection with a merger, acquisition, or sale of assets – data shared with acquiring entity includes all information (including data transmitted to OpenRouter), and the acquiring entity is contractually bound to maintain the same data protection standards; users will be notified of any such change
• Aggregated/Anonymous Data: Sharing non-personally identifiable, aggregated data (e.g., popular floral styles by region, average tutorial view duration) with research institutions, advertisers, or OpenRouter for AI model training (no identifiable user information included)

We will never disclose your personal photos (raw image data) or identifiable personal information to OpenRouter or any other third party for their marketing purposes without your explicit written consent. All data shared with OpenRouter is anonymized or pseudonymized to prevent user identification.

5. Security Measures

We implement industry-leading technical and organizational security measures to protect your information – especially your floral creation photos – from unauthorized access, disclosure, alteration, or destruction, and ensure third-party AI service providers maintain equivalent standards:

• End-to-end encryption of personal data and photos in transit (SSL/TLS 1.3) and at rest (AES-256 encryption) – OpenRouter uses the same encryption standards for all data received from Mila
• Secure authentication protocols for account access (including optional two-factor authentication) – OpenRouter requires multi-factor authentication for all employee access to Mila-related data
• Local processing of user preferences whenever possible (minimizing cloud data transfer) – reduces volume of data transmitted to OpenRouter
• Regular security assessments and penetration testing (quarterly) to identify and address vulnerabilities – OpenRouter undergoes annual third-party security audits and shares audit reports with Mila
• Access controls limiting employee access to personal information on a "need-to-know" basis – OpenRouter maintains role-based access control (RBAC) for all Mila data, with access logs retained for 12 months
• Automatic deletion of temporary data (e.g., tutorial preview cache) after 24 hours – OpenRouter deletes temporary Mila data within 72 hours of processing
• Secure backup systems with encryption to prevent data loss – OpenRouter maintains encrypted backups of Mila data with 30-day retention, compliant with data minimization principles

While no method of transmission over the internet or electronic storage is 100% secure, we continuously update our security measures and audit OpenRouter's security practices to mitigate risks and protect your floral craft data. We require OpenRouter to notify us within 72 hours of any data breach involving Mila user data, and we will notify affected users in accordance with applicable law.

6. User Data Rights

Depending on your jurisdiction (including GDPR for EU users and CCPA for California users), you have the following rights regarding your personal information, including data shared with third-party AI services:

• Right to Access: Request a copy of all personal information and photos we hold about you, including data transmitted to OpenRouter (in machine-readable format)
• Right to Correction: Request correction of inaccurate or incomplete personal information (e.g., profile preferences), and we will instruct OpenRouter to update corresponding data within 7 business days
• Right to Deletion: Request deletion of your account, personal information, and uploaded floral creation photos (subject to legal retention requirements) – we will instruct OpenRouter to delete all Mila-related user data within 7 business days of request
• Right to Data Portability: Request a copy of your data (e.g., saved floral tutorials, usage history) in a machine-readable format, including data processed by OpenRouter
• Right to Opt-Out: Opt out of non-essential data processing (e.g., marketing communications, AI-driven content recommendation via OpenRouter) – opting out of AI services will disable personalized content recommendations but not affect core floral tutorial features
• Right to Withdraw Consent: Withdraw your consent to data processing at any time (may affect access to certain community features) – withdrawal of consent for OpenRouter data sharing will result in immediate cessation of data transmission and deletion of existing user data by OpenRouter

To exercise these rights, contact us at Mila@gmail.com with your request. We will respond to valid requests within the timeframes required by applicable law (typically 30 days) and verify your identity before processing requests. For requests related to data processed by OpenRouter, we will coordinate with OpenRouter to fulfill the request within the same timeframe.

7. Children's Privacy Protection

Mila is not intended for children under the age of 13. We do not knowingly collect personal information – including photos – from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will immediately delete such information and instruct OpenRouter to delete any related data within 24 hours.

For users between 13 and 18 years of age, we require parental/guardian consent before collecting any personal information or photos. Parents/guardians may contact us at Mila@gmail.com to review, correct, or delete their child's personal information and uploaded floral content, including data transmitted to OpenRouter.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, and require OpenRouter to adhere to the same retention periods:

• Account information: Retained until you request account deletion – OpenRouter deletes corresponding anonymized device/usage data within 7 days of account deletion
• Uploaded floral photos: Retained on our servers only if you opt for cloud backup (you may delete photos at any time via the app) – OpenRouter never stores raw photos, only metadata (deleted within 30 days of photo deletion by user)
• Usage data: Retained for up to 12 months for analytics purposes (then anonymized) – OpenRouter retains anonymized usage data for 12 months, then deletes it
• Customer support records: Retained for up to 2 years to resolve inquiries – OpenRouter has no access to customer support records
• Payment records: Retained for 7 years to comply with financial regulations – OpenRouter has no access to payment records

When we no longer need your personal information, we securely delete or anonymize it to prevent identification, and ensure OpenRouter performs the same deletion/anonymization for any related data.

9. Policy Updates Mechanism

9.1 We will notify you of material changes to this policy by:

• Posting the updated policy in the Mila app with a prominent notice
• Sending an email notification to registered users
• Displaying a pop-up notice in the app upon launch

9.2 The updated policy will become effective 30 days after notification (or sooner if required by law). Your continued use of the Service after the effective date constitutes acceptance of the changes, including changes to data sharing with OpenRouter.

9.3 If you do not agree to the updated policy, you must stop using the Service and terminate your account. We archive all previous versions of this Privacy Policy for at least 5 years and make them available upon request, including records of changes to third-party AI service collaborations.

10. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in the United States (where our cloud servers and OpenRouter servers are located) or other countries where our service providers operate. We ensure these transfers comply with applicable data protection laws (including GDPR standard contractual clauses) and maintain the same high level of privacy protection regardless of where your data is processed. OpenRouter has executed GDPR standard contractual clauses with Mila to ensure compliance with EU data protection requirements for international data transfers.

Last updated: January 9, 2026
Mila - European Manor Floral Craft Guide | Protecting Your Privacy