GDPR Compliance

Last updated: April 6, 2026

Mihari, operated by ACAILLER, is committed to protecting the personal data of its users in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (the "General Data Protection Regulation" or "GDPR") and the French "Loi Informatique et Libertés" of January 6, 1978 as amended.

1. Data Controller

The Data Controller for the personal data processed through the Mihari platform is:

  • ACAILLER
  • 12 rue Chantemerle, 44190 Clisson, France
  • SIRET: 952 347 359 00012
  • Email: privacy@mihari.io

2. Legal Basis for Processing

We process personal data under the following legal bases (Article 6 GDPR):

  • Performance of a contract - to provide the Mihari Service to our subscribers and account holders.
  • Legal obligation - to comply with accounting, tax, and other regulatory requirements.
  • Legitimate interest - to secure our infrastructure, prevent abuse, and improve the Service.
  • Consent - for non-essential cookies, marketing communications, and any optional features that require it.

3. Categories of Data Processed

  • Identification data: name, email, organization, role.
  • Connection data: IP address, browser, session timestamps, audit logs.
  • Billing data: billing address, VAT number, transaction history (payment card data is processed directly by our PCI-DSS compliant payment provider).
  • Telemetry & monitoring data: data you choose to send to Mihari (logs, metrics, traces, monitor results).

4. Data Hosting and Sub-processors

All data is hosted within the European Union, primarily on infrastructure provided by OVHcloud (OVH SAS, France). We carefully select sub-processors that offer guarantees equivalent to GDPR standards. The list of sub-processors is available on request at privacy@mihari.io.

Where data must be transferred outside the European Economic Area, we ensure that appropriate safeguards are in place, including the Standard Contractual Clauses approved by the European Commission.

5. Data Retention

Personal data is retained only for the time necessary for the purposes for which it was collected. Detailed retention periods are described in our Privacy Policy.

6. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate or incomplete data (Art. 16)
  • Request the deletion of your data (Art. 17)
  • Restrict the processing of your data (Art. 18)
  • Receive your data in a portable format (Art. 20)
  • Object to processing based on legitimate interest or for direct marketing (Art. 21)
  • Withdraw your consent at any time, where processing is based on consent
  • Define directives regarding the fate of your data after death (French law)

To exercise these rights, contact us at privacy@mihari.io. We will respond within one month, which may be extended by two additional months for complex requests.

7. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption in transit (TLS 1.3) and at rest (AES-256), strict access controls, audit logging, regular backups, and continuous monitoring of our infrastructure.

8. Data Breach Notification

In the event of a personal data breach likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority (CNIL in France) within 72 hours and, where required, inform the affected users without undue delay.

9. Right to Lodge a Complaint

If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr.

10. Contact

For any question regarding the processing of your personal data, please contact us at privacy@mihari.io.