last updated: july 7, 2026
privacy policy
michi ("michi", "we", "us") helps you turn who you want to become into a living plan. This policy explains, in plain language, what we collect, why, who we share it with, and the control you have over it. If anything here is unclear, email us at barinder.thi@gmail.com.
what we collect
- Account. Your name, email, and a securely hashed version of your password (we never store the password itself). Optionally, an avatar image you upload.
- What you create in michi. The goals, mastery paths and rungs, daily actions, routines, and check-ins you enter; reflections and notes you write; focus sessions; the personality frames and test answers you provide (MBTI, enneagram, the deeper-map test); the interests on your moodboard; collectible glyphs; and, if you use it, the text of a resume you upload. Much of this is personal and reflective by nature.
- Payment information. If you subscribe to a paid plan, your card details are collected and processed by Stripe, not by us. We only store a Stripe customer and subscription identifier and your current plan status.
- Usage and product analytics.A record of meaningful actions you take in the app (for example, completing an action or generating a reading), plus page views, performance metrics, and, through PostHog, session recordings of how the app is used. See "analytics and session recording" below.
- Technical data. Your IP address and basic request metadata, used to rate-limit sign-in attempts and prevent abuse, and an essential cookie that keeps you signed in.
how we use it
To run the service: build and adapt your plan, generate your daily reading and other AI features, keep you signed in, process your subscription, protect the app from abuse, and understand which features help so we can improve them. We do not sell your data, and we do not use it for third-party advertising.
ai processing
To generate plans, readings, insights, and the "ask michi" responses, we send the relevant text you've entered to Anthropic's API (the model behind michi). We never send your password. Under Anthropic's commercial API terms, this content is not used to train their models. If no AI key is configured, michi falls back to non-AI placeholder responses.
analytics and session recording
We use PostHog to understand how the app is used, including session replay, which can reconstruct how a page was navigated and interacted with. Because michi holds personal, reflective content, we work to minimize what recordings capture and to mask text you type. You can opt out of non-essential analytics by using a browser "do not track" or ad-blocking setting; the app remains fully functional without it. PostHog processes this data on our behalf and does not sell it.
who processes your data
We rely on a small set of trusted providers, each handling only what their function needs:
- Vercel — hosting and delivery of the app.
- Neon — the database where your account and content are stored.
- Upstash — short-lived counters used for rate-limiting.
- Stripe — payment processing and subscription management.
- Resend — sending transactional email such as password resets.
- PostHog — product analytics and session replay.
- Anthropic— the language model that generates michi's AI features.
These providers may store and process data in the United States and other countries. By using michi you understand your information may be transferred and processed there.
how long we keep it
We keep your data for as long as your account exists. When you delete your account, we permanently remove your account and everything michi stored for it, with no retention period. Some providers may keep limited records they are legally required to retain (for example, Stripe's payment records).
your controls
From settings you can download everything michi has stored about you at any time, with nothing withheld, and delete your account and all of its data outright. You can also update your name, email, and preferences there. To exercise any other data right, email us at barinder.thi@gmail.com.
security
Passwords are hashed with bcrypt and never stored in the clear. Traffic is encrypted in transit. New passwords are checked against known-breached password lists, and repeated failed sign-ins are locked out. No system is perfectly secure, but we take reasonable steps to protect your information.
children
michi is not intended for anyone under 16, and we don't knowingly collect data from them. If you believe a child has created an account, contact us and we'll remove it.
changes
If this policy changes in a meaningful way, we'll update the date above and, where appropriate, notify you in the app or by email.
contact
Questions about your privacy or this policy: email barinder.thi@gmail.com.