Milo — Your voice. Refined.

← Back to HomeMilo ✦

This Privacy Notice for Rao Ahmad (doing business as Milo) ("we," "us," or "our") describes how and why we process your personal information when you use Milo.

Milo is a voice-first content tool. You record short voice notes; Milo transcribes them and generates social posts written for Twitter/X, LinkedIn, Instagram, Facebook, Threads, and TikTok. You can tune Milo's writing style (humor, sarcasm, honesty, emotion, casualness, boldness, storytelling), save tone presets, attach a photo for context, and save ideas for later.

This notice applies when you:

Visit postbymilo.com or any successor domain
Use the Milo iOS app
Contact us or sign up for the beta

Questions? The fastest way to reach us is raomahmed26@gmail.com. If you do not agree with this notice, please do not use Milo.

Summary

What we collect: Your email and password (hashed) for the account; voice recordings, transcripts, and any photos you choose to attach; profile fields you fill in (name, occupation, industry, target audience, key topics, bio, content language); your tone-slider settings, custom instructions, and saved presets; analytics events about your interactions with the app (no identifiers across other apps or websites); basic server logs (IP, timestamp, request path) at our hosting provider.

Who we share it with: Groq (transcription + post generation), Supabase (database and storage), Vercel (hosting and product analytics), and PostHog (in-app event analytics). Nothing else. We do not sell, rent, or share personal data for advertising.

What we don't collect: Sensitive personal information, payment data, biometric voiceprints, location/GPS data, your contacts, your photos library at large (only photos you explicitly attach), or any cross-app/cross-site tracking identifiers.

Your control: You can edit or delete any idea or post at any time. You can delete your entire account from Settings → Danger zone → Delete account; this purges your recordings, transcripts, generated posts, presets, samples, and profile from our systems within 30 days.

Where data lives: US-hosted infrastructure (Supabase, Vercel, PostHog, Groq).

What Information Do We Collect?
How Do We Use Your Information?
Legal Bases We Rely On (EU / UK / Canada)
Who We Share Information With
Cookies and Local Storage
Third-Party AI Processing
International Data Transfers
How Long We Keep Your Information
How We Keep Your Information Safe
Children
Your Privacy Rights
Do-Not-Track and Global Privacy Control
US State Residents
Updates to This Notice
Contact Us
Review, Update, or Delete Your Data

1. What Information Do We Collect?

In Short: We collect what you provide to us, what you record or upload, and a small amount of technical information automatically.

1.1 Information you provide directly

Account information. Email address and a password. The password is hashed by Supabase Auth before it reaches our database; we never see or store your plaintext password.
Voice recordings. Audio you record in the app. Recordings are stored in your account so you can revisit them. You can delete any recording, and account deletion removes all of them.
Photos. Optional images you attach to a recording. We only collect a photo when you choose to attach it; we do not scan or read your photo library otherwise.
Profile fields (optional). Full name, occupation, industry, target audience, key topics, bio, and content language — whatever you fill in to help Milo write content that sounds like you.
Writing style settings. Your tone slider values (humor, sarcasm, honesty, emotion, casualness, boldness, storytelling), custom instructions, saved tone presets, default platform selections, and any sample posts you paste into Style Analysis.
Generated posts. The AI-generated content saved under each idea, plus copy/regenerate/favorite/report activity on each post.
Beta signup email. If you join the beta waitlist, we store your email and source (e.g., "landing page").
Feedback you send. Star rating (1–5), the optional text you include, and the page you submitted from.
Support correspondence. Email you send to raomahmed26@gmail.com.

1.2 Information collected automatically

Server logs. When the app talks to our API (Vercel), the host logs the request path, timestamp, IP address, and user-agent header. These logs are retained for a short period for debugging and abuse prevention.
Product analytics. We send anonymized event data to PostHog and Vercel Analytics — e.g., "record_started", "posts_generated", "post_copied". These events include your Supabase user ID so we can debug account-specific issues, but they do not include the contents of your recordings, transcripts, or posts.
Crash and error reports. If something errors in the app, we may log the error name and stack trace at our hosting provider to fix bugs.

1.3 What we do NOT collect

Precise GPS or coarse location data.
Biometric voiceprints, fingerprints, or facial recognition data. We store the raw audio you record, but we do not generate or use a voiceprint for identification.
Health data, financial data, sexual orientation, religious or political views, or any other "special category" data under GDPR.
Contacts, calendar, or other photos beyond what you explicitly attach.
Cross-app or cross-website tracking identifiers (no IDFA, no third-party ad cookies).
Payment or card data — Milo does not currently process payments.

2. How Do We Use Your Information?

In Short: To run the service you signed up for, talk to you when needed, and improve the app.

To run Milo. Transcribe your voice, generate posts in your style, save your ideas, deliver them back to you.
To authenticate you. Verify your email + password and keep you signed in.
To support you. Reply to support emails, beta inquiries, and feature feedback.
To improve the app. Aggregate product analytics (which features get used, where users drop off, which post platforms are most generated) to inform what we build next.
To keep the app safe. Investigate abuse, rate-limit recording and post generation, and protect against fraudulent signups.
To comply with law. Respond to lawful requests and enforce our Terms of Use.

3. Legal Bases We Rely On (EU / UK / Canada)

In Short: Mainly contract performance (we have to process your data to run the app you signed up for), consent (for AI processing of recordings), and limited legitimate interests (security, analytics).

If you are in the European Economic Area, the United Kingdom, or Canada, the legal bases we rely on under the GDPR / UK GDPR / PIPEDA are:

Performance of a contract. Account creation, authentication, recording, transcription, post generation, idea storage — all directly required to deliver the service to you.
Consent. You explicitly consent in-app before any recording is sent to Groq for transcription. You may withdraw consent at any time by stopping use of the recording feature or by deleting your account.
Legitimate interests. Security and abuse prevention (rate limiting, suspicious activity monitoring), product analytics in aggregate, and bug fixing — balanced against your fundamental rights and freedoms.
Legal obligation. Where we must process or retain data to comply with a legal request, tax law, or court order.

4. Who We Share Information With

In Short: Four service providers. No advertisers, no data brokers, no sale of your data.

We share your personal information only with vendors we need to run the service. Each vendor is contractually bound to use the data only for the purpose we instruct.

Hosting + StorageVercel (front-end, API routes), Supabase (database, auth, file storage)

AI ProcessingGroq (Whisper transcription, Llama post generation, vision for photo analysis)

Product AnalyticsPostHog (in-app event tracking), Vercel Analytics (page views and web vitals)

We may also share information in these limited cases:

Legal requirements. If we are legally compelled by a valid subpoena, court order, or government request.
Vital interests. To protect the safety of any person where we believe there is a serious risk.
Business transfers. In the event of a merger, acquisition, or sale of assets, your information may transfer to the new owner — subject to a privacy policy at least as protective as this one.

We do not sell or rent your personal information. We do not share it with advertisers, data brokers, or marketing networks.

5. Cookies and Local Storage

In Short: We use minimal first-party storage — primarily the browser's localStorage to keep you signed in.

See the Cookie Policy for the detailed table. In summary:

Milo's web app stores your Supabase session in your browser's localStorage. This is what keeps you signed in. It is strictly necessary for the app to function.
Vercel and PostHog each set a small number of cookies for analytics. These are first-party (set under our domain) and not used for advertising or cross-site tracking.
The Milo iOS app does not use traditional cookies. It uses the iOS WKWebView's storage which behaves similarly to localStorage and stays on your device.

6. Third-Party AI Processing

In Short: Milo sends your voice, photos, and post-style preferences to Groq to transcribe and generate posts. Groq's API terms state customer data is not used to train their models.

Milo is built on top of Groq's hosted AI inference. When you record a voice note or generate a post, Milo sends the following to Groq:

Your audio recording, for transcription via the Whisper Large v3 Turbo model.
The resulting transcript and your tone settings, for post generation via the Llama 3.3 70B model.
Any photo you attach, for visual context via Groq's vision model.

Before any of this happens for the first time, the app shows an in-app consent dialog naming Groq, explaining what is sent, and asking you to agree. Your consent is recorded in your profile (ai_consent_at) so we do not re-ask.

Training. Per Groq's API terms of use, customer data submitted via the API is not used to train Groq's models.

How to opt out. The AI features are core to Milo — there is no way to use the app without sending your audio to Groq for transcription. Your options are:

Stop using the recording feature, or
Delete your account from Settings → Danger zone → Delete account.

If a meaningful future change to AI providers occurs, we will update this section and prompt for fresh consent.

7. International Data Transfers

In Short: Our infrastructure is hosted in the United States. If you use Milo from outside the US, your data is transferred to and processed in the US.

Vercel, Supabase, PostHog, and Groq all operate in the United States. By using Milo from the EEA, UK, Switzerland, or any other jurisdiction outside the US, you understand that your personal information will be transferred to and processed in the US.

For EEA / UK / Swiss users, we rely on our vendors' implementations of the European Commission's Standard Contractual Clauses (SCCs) for the transfer of personal data outside the EEA. The relevant SCCs are published by our vendors directly:

Groq does not currently publish a public SCC; for users in the EEA/UK, this is a known limitation, and we recommend that you take that into account in deciding whether to use Milo from a regulated EU jurisdiction.

8. How Long We Keep Your Information

In Short: Until you delete it. Account deletion purges your data within 30 days.

While your account is active:

Voice recordings, transcripts, generated posts, presets, and saved samples are kept until you delete them individually or close your account.
Beta signup emails are kept until you ask us to remove them or you create a full account.
Feedback you submit is kept indefinitely so we can refer back to it; it is associated with your account but not made public.
Server logs are retained for up to 90 days by Vercel and Supabase.

When you close your account via Settings → Danger zone → Delete account:

Your authenticated user record, all recordings, transcripts, generated posts, presets, content samples, attached images, and profile fields are deleted immediately from our active database and storage.
Encrypted backups held by Supabase and Vercel may retain copies for up to 30 days before being purged on their standard rotation.
PostHog event records are retained per PostHog's retention policy (currently up to 7 years by default); we can issue a deletion request to PostHog on request.

9. How We Keep Your Information Safe

In Short: Encryption in transit and at rest, row-level security in the database, and strict access controls.

We rely on the following technical safeguards:

Encryption in transit. All traffic between your device and Milo is HTTPS / TLS 1.2+.
Encryption at rest. Supabase and Vercel encrypt data at rest.
Row-level security. Every row in our database is gated by Supabase Row Level Security policies that check the authenticated user ID. Even if a query bug existed, you cannot retrieve another user's data.
Bearer-token auth. API access requires a short-lived Supabase JWT.
Rate limiting. Recording, generation, and feedback endpoints are rate-limited per account.

No system is 100% secure. If we ever experience a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

10. Children

In Short: Milo is for users 18 and older.

Milo is not directed to and not intended for children under 18 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, please contact us at raomahmed26@gmail.com and we will delete that information promptly.

11. Your Privacy Rights

In Short: You can access, correct, export, or delete your data at any time — most of it directly inside the app.

Depending on where you live, you may have rights under the GDPR, UK GDPR, PIPEDA, CCPA/CPRA, and other state privacy laws. You can exercise the following at any time:

Access. See your data in the app (recordings, transcripts, posts, profile, presets). For a machine-readable export, email raomahmed26@gmail.com.
Correction. Edit your profile fields and transcripts directly in the app.
Deletion. Delete any idea, post, or preset directly in the app. Delete your entire account via Settings → Danger zone → Delete account.
Portability. On request we will export your data as JSON.
Withdraw consent. Stop using the recording feature, or delete your account.
Object to processing. Contact us; we will pause non-essential processing where lawful.
Lodge a complaint. EEA / UK users may complain to their local data protection authority — see EU authorities or the UK ICO.

We will respond to verifiable requests within 30 days (or the timeline required by your jurisdiction, whichever is shorter).

12. Do-Not-Track and Global Privacy Control

Milo does not engage in cross-site or cross-app tracking and does not sell or share personal information for targeted advertising. We do, however, recognize the Global Privacy Control (GPC) browser signal as a valid opt-out request under the California Consumer Privacy Act and similar US state laws. If your browser sends GPC, we treat that as a request to opt out of any "sale" or "sharing" (as defined by CCPA), even though we do not sell or share data in the first place.

We do not currently take separate action on the Do-Not-Track (DNT) header because no uniform industry standard for DNT has been adopted.

13. US State Residents

In Short: Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia have specific rights. We have not sold or shared personal information for advertising in the last 12 months.

Categories of personal information we collect

Category	Examples (Milo-specific)	Collected
A. Identifiers	Email address, Supabase user ID, IP address, device user-agent	YES
B. Personal info (CA Customer Records statute)	Name (optional), email, occupation/industry (optional)	YES
C. Protected classification characteristics	Race, gender, age, religion — not collected	NO
D. Commercial information	Purchase history — Milo does not process payments today	NO
E. Biometric information	Voice recordings — collected as raw audio; we do not extract or use voiceprints for identification	YES
F. Internet activity (cross-site)	Browsing history across other sites — not collected	NO
G. Geolocation data	Precise GPS — not collected	NO
H. Audio, electronic, sensory	Voice recordings, photo uploads, generated text	YES
I. Professional or employment-related	Occupation, industry, target audience — only if you fill them in	YES
J. Education Information	School/student records — not collected	NO
K. Inferences drawn from collected information	Inferred "writing vibe" / personality profile based on your tone settings and style samples	YES
L. Sensitive personal information	Health, religion, sexuality, etc. — not collected	NO

Retention. All collected categories are retained only as long as your account is active. Account deletion purges them within 30 days; see Section 8.

Your rights under US state law

You have the right to know, access, correct, delete, port, and opt out of "sale" / "sharing" / profiling for targeted advertising. To exercise these rights, email raomahmed26@gmail.com from your account email. We may need to verify your identity by sending a confirmation email to that address. We do not discriminate against users who exercise their privacy rights.

Sale / sharing for advertising. We do not sell your personal information, and we have not shared it for cross-context behavioral advertising in the preceding twelve (12) months.

Appeals. If we decline a request, you may appeal by replying to our decision email. We will respond to appeals within 45 days.

14. Updates to This Notice

In Short: We update this notice when we change how we handle data. The "Last updated" date at the top will move forward.

If we make a material change — for example, adding a new third-party AI provider or changing how long we retain recordings — we will notify you via the email address on your account before the change takes effect.

15. Contact Us

For any privacy question, data request, or complaint:

Email: raomahmed26@gmail.com
Mailing address: Rao Ahmad, Dubai, United Arab Emirates (a specific street address can be provided on legitimate request)

16. Review, Update, or Delete Your Data

Most actions you can take directly inside the Milo app:

Edit your profile and tone settings in Settings.
Edit any transcript or post inside its idea page.
Delete any individual idea or generated post.
Delete your entire account in Settings → Danger zone → Delete account.

For machine-readable data exports or any other request, email raomahmed26@gmail.com.

Privacy Policy