Home My Apps About Contact
← Back to My Apps
Mitra

Privacy Policy

Effective date: 30 May 2026  ·  Last updated: 30 May 2026

Summary: Mitra is a personal AI companion. To work, it stores your conversation history and personal facts in the cloud so it can remember you across sessions. This data is encrypted, never sold, and never used to train AI models. You can request deletion at any time.

1. Who we are

Mitra is developed and published by DojoLabz, an indie software studio. Questions about this policy? Contact us at vishu.kv.dev@gmail.com.

2. What data we collect and why

Account information

Mitra requires an account to use. We collect the information you provide at sign-up (such as your name or display name) to identify your data and personalise your experience. Authentication is handled via Amazon Cognito.

Conversation data

Your text and voice messages are sent to our backend to generate AI responses. We store conversation history in the cloud so Mitra can remember past interactions across sessions and devices. Voice input is transcribed to text using Amazon Transcribe — audio is processed in transit and not stored permanently.

Personal facts and memory

Mitra learns facts about you (preferences, important dates, personal context) to provide a personalised experience. These are stored in our database and associated with your account.

Usage and technical data

We collect basic technical information such as device type, OS version, and app version to diagnose issues and improve the app. We do not use third-party analytics SDKs.

3. How we use your data

  • To generate AI responses personalised to you
  • To maintain memory of past conversations and facts across sessions
  • To send proactive nudges and reminders you have set up
  • To diagnose bugs and improve app performance

We do not use your conversation data to train AI models. We do not sell your data to third parties. We do not use your data for advertising.

4. Third-party services

Mitra uses the following third-party services to operate:

  • Amazon Web Services (AWS) — cloud infrastructure, database storage (DynamoDB), and compute (Lambda). Data is stored in AWS data centres with encryption at rest.
  • Amazon Bedrock — AI inference (Claude / Amazon Nova models). Your messages are sent to Bedrock to generate responses. AWS's data processing agreements apply.
  • Amazon Transcribe — speech-to-text for voice input. Audio is processed in transit and not retained by Transcribe beyond the transcription request.
  • Amazon Cognito — user authentication and session management.

All data transmitted to these services is encrypted in transit using TLS 1.2 or higher.

5. Data storage and security

We apply encryption at every layer of the stack:

  • In transit — all communication between the app and our backend uses TLS 1.2 or higher. Voice streaming uses secure WebSocket connections with the same encryption standard.
  • At rest (cloud) — conversation history, personal memory, and user profile data stored in AWS (DynamoDB, pgvector/RDS) are encrypted at rest using AWS-managed AES-256 keys.
  • At rest (device) — locally cached data (responses, preferences) is encrypted using AES encryption. The encryption key is stored in Android Keystore (hardware-backed secure enclave where supported), never written to disk in plaintext.
  • Authentication tokens — session tokens issued by Amazon Cognito are short-lived JWTs, transmitted only over TLS, and stored securely on device.
  • User isolation — all cloud data is partitioned by your unique user ID. No user can access another user's data.

We retain your data for as long as your account is active. You may request full deletion at any time — see Section 6.

6. Your rights and data deletion

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and all associated data, including conversation history and memory

To exercise any of these rights, contact us at vishu.kv.dev@gmail.com. We will respond within 30 days.

7. Children's privacy

Mitra is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Changes to this policy

If we make material changes to how we handle your data, we will update this policy and notify you via the app or email. Continued use after changes constitutes acceptance of the updated policy.

9. Contact

Questions or data requests: vishu.kv.dev@gmail.com.