Privacy Policy

Last updated: March 2026

1. Data Controller

Mithilab, registered in the Netherlands (KVK: 99454785), is the data controller for personal data collected through this website. Contact: admin@mithilab.ai

2. What we collect and why

We collect the minimum data needed to serve you:

  • Contact form data (name, email, company, service interest) — collected when you submit the form with your explicit consent.
    Legal basis: Art. 6(1)(a) GDPR — consent
  • Chat messages — messages you send to our AI assistant are processed in real-time to provide service recommendations. Messages are not stored after your browser session ends.
    Legal basis: Art. 6(1)(f) GDPR — legitimate interest (providing the service you are using)
  • Essential cookies — theme preference and language selection only. No advertising or tracking cookies.
    Legal basis: Art. 6(1)(f) GDPR — legitimate interest (website functionality)
  • Page view analytics — if you accept cookies, we track which pages you visit, your device type, browser, and country (derived from IP, not stored). This is self-hosted — no data is sent to third parties. Data is retained for 90 days.
    Legal basis: Art. 6(1)(a) GDPR — consent (only after accepting cookies)

We do not serve advertising. We do not use third-party analytics services.

3. How we use your data

  • To respond to your inquiries and follow up on service requests
  • To provide AI chat assistance on our website
  • To send you information you explicitly requested (never unsolicited marketing)

4. Third-party processors and international transfers

Your data may be processed by the following services, all of which are bound by data processing agreements:

  • Anthropic (US)— powers our AI chat assistant. Chat messages are sent to Anthropic's API for processing. Messages are not stored by Anthropic beyond the API request. Transfer mechanism: Standard Contractual Clauses (SCCs).
  • Amazon Web Services (EU) — hosts our website on EC2 in the EU region. Your data stays within the European Union. Transfer mechanism: Data remains in the EU; AWS GDPR DPA applies.
  • Resend (US) — sends email notifications when you submit the contact form. Your name, email, and service interest are included in the notification. Transfer mechanism: DPA with SCCs.

We do not sell, share, or otherwise transfer your data to any other parties.

5. Data retention

  • Contact form submissions: retained for 12 months, then deleted.
  • Chat conversations: not stored — they exist only during your browser session.
  • Cookies: theme and language preferences persist in your browser until you clear them.

6. Your rights under GDPR

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email admin@mithilab.ai. We respond within 30 days.

7. Automated decision-making and EU AI Act

Our AI chat assistant provides service recommendations based on your conversation. This is not automated decision-making with legal or significant effect — it is an informational tool. All binding agreements are made through written proposals only.

Under the EU AI Act (Regulation (EU) 2024/1689), our chat assistant is classified as a Limited Risk AI system subject to the transparency obligations of Article 50. We comply by clearly labeling the assistant as AI, allowing instant escalation to a human, and publishing a dedicated AI Transparency Notice.

8. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Contact

Questions about this policy? Reach us at admin@mithilab.ai.