Privacy Policy
Last updated April 2026 · SIA “MIGLAI” (reg. 40203733943), Latvia
1. Data Controller
The controller responsible for processing your personal data under Regulation (EU) 2016/679 (GDPR) is SIA "MIGLAI", a limited liability company registered in the Republic of Latvia under number 40203733943, operating the Migla service. You can contact us at support@migla.io for any question relating to your personal data or this policy.
2. Information We Collect
We collect information you provide directly to us, including your name, email address, and account credentials when you register. When you generate content we process the images, videos, prompts, and settings you submit. We also collect usage data such as the features you use and your interaction patterns with the platform, and automatically collected technical information including IP address, browser type, device information, and operating system when you access our service. Payment metadata (amount, date, last four digits of card) is received from Stripe after a purchase; we never store full card numbers or banking credentials.
3. Legal Bases for Processing
We rely on the following GDPR legal bases: (a) performance of a contract — to operate your account, deliver generations, process purchases and provide support; (b) legitimate interest — for security, fraud prevention, abuse monitoring, service improvement and analytics; (c) legal obligation — to retain invoices and accounting data under Latvian tax law and to respond to lawful requests; and (d) consent — for optional cookies and marketing communications, which you may withdraw at any time.
4. How We Use Your Information
We use your information to provide and maintain the Migla platform and its AI generation services: processing your generation requests, personalizing your experience, communicating with you about your account and service updates, analyzing usage patterns to improve features, detecting abuse, and ensuring the security and integrity of our platform. We do not sell personal data, and we do not use your uploaded content to train our AI models without your explicit consent.
5. Retention Periods
Account data is retained for as long as your account exists. Generation inputs (uploaded images and videos) are stored for up to 90 days and then deleted from our active systems. Generation outputs are stored for as long as you keep them in your library. Billing and accounting records are retained for 10 years as required by Latvian tax and accounting law. Support messages and content reports are retained for up to 3 years. When you delete your account, we erase or anonymise personal data within 30 days, except where retention is required by law.
6. Third-Party Services and International Transfers
We rely on the following sub-processors to operate the service: Supabase (authentication, database, storage), Stripe (payments), Cloudflare R2 (media storage), Vercel (hosting), and RunPod (AI inference). Some of these providers process data outside the European Economic Area, including in the United States. Where that is the case, transfers are safeguarded by Standard Contractual Clauses adopted by the European Commission pursuant to Article 46 GDPR. A list of current sub-processors and safeguards is available on request at support@migla.io.
7. Data Storage and Security
Your data is stored on secure servers with industry-standard encryption both in transit (TLS) and at rest. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including access controls, row-level security on our databases, rate limiting, CSRF protection and webhook signature verification. While we strive to protect your information, no method of electronic storage is 100% secure.
8. Your GDPR Rights
As a data subject you have the right to access, rectify, erase, restrict, object to, and port your personal data, and to withdraw consent at any time where processing is based on consent. To exercise these rights, use the Export and Delete buttons in your account footer or email support@migla.io. We will respond within 30 days. If you believe we are not handling your data correctly you have the right to lodge a complaint with the Latvian data protection authority — Datu valsts inspekcija (DVI), Elijas iela 17, Riga, LV-1050, www.dvi.gov.lv — or with the supervisory authority of your EU country of residence.
9. Cookies
We use essential cookies for authentication, session management, CSRF protection and referral tracking. These cookies are strictly necessary for the service to work and do not require consent. We do not use advertising or cross-site tracking cookies. You can instruct your browser to refuse cookies, but some parts of the service may not function correctly without them.
10. Age Restriction
Migla is an adult-only service. You must be at least 18 years old to create an account or use the service. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has registered, we will delete the account and any associated personal data without delay. If you are a parent or guardian and believe a minor has provided us with personal data, please contact support@migla.io.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date, and — for material changes — via email or in-app notice. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
For any question about this policy, your personal data, or to exercise your GDPR rights, contact SIA "MIGLAI" at support@migla.io. We will respond within 30 days. You may also file a complaint with Datu valsts inspekcija (DVI) at www.dvi.gov.lv.