Privacy Policy

We all value our privacy. Below you will find the rules on which we process your personal data. This is always done in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as ‘GDPR’. This Privacy Policy fulfils the information obligation set out in Article 13 of the GDPR.

1. Who is the collector of your data?

Your data is being collected by the service provider, BML TECH Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, address: Marcina Kasprzaka 31/119, 01-234 Warszawa, hereinafter referred to as the “Controller” or “Service Provider”

2. How can I contact the Controller?

You can contact us by sending an e-mail to: privacy@mylize.com. If you prefer to contact us in writing, please send your correspondence to the address given in point 1.

3. What data do we collect and what is the purpose of processing it?

Platform	Category	Source
User information	Name, surname, email	Provided by you voluntarily by subscribing our app
Instagram	posts liked / shared / saved / commented, accounts followed	Instagram data export (with your permission)
Facebook	posts liked / shared / saved / commented, accounts followed	Facebook data export (with your permission)
Spotify	tracks played, artists discovered, listening time	Spotify API (with your permission)
YouTube	videos watched/liked, creators followed	Google Data Portability API (with your permission) – YouTube
Mylize app	specific actions performed inside the application	Mylize app
LinkedIn	posts liked / shared / saved / commented, company follows	LinkedIn Data Portability API (with your permission)
TikTok	Posts liked / shared / saved / commented	TikTok Data Portability API (with your permission)
Pinterest	Saved “Pins” on your board , followed interests, followed boards	Pinterest data export via API (with your permission)
Other sources	additional integrations you choose to enable	respective third-party APIs

The data will be processed solely for the purpose of performing the agreement for the use of the application and for legitimate purposes of the Controller. Providing data is voluntary, but in some cases necessary to achieve the purposes specified above (use of the Mylize mobile app), and failure to provide such data will result in the inability to use these services.

How We Use Your Data? Below we list the typical uses of your data.

Generate personal posts that summarise your activities;
Display posts to you immediately and to friends you designate within 24 hours;
Operate, maintain, and improve Mylize features and algorithms;
Provide support and respond to inquiries;
Comply with legal obligations and enforce our Terms of Use;
Create aggregate or de-identified analytics that no longer identify you.

4. On what legal basis do we process your data and from whom do we obtain it?

Depending on the case, the legal basis for processing your data may be:

Your explicit consent (e.g. newsletter subscription, consent to receive information about news and current events) – Article 6(1)(a) of the GDPR; please note that consent is voluntary and may be withdrawn at any time, which does not, however, affect the lawfulness of the data processing carried out prior to the withdrawal;
performance of a contract for which you have provided your data, in the case of contact for the purpose of establishing cooperation – Article 6(1)(b) of the GDPR;
fulfilment of a legal obligation – Article 6(1)(c) of the GDPR; if we have concluded a contract, it is a legal obligation to store data, including personal data, as part of accounting and bookkeeping documentation;
the legitimate interest of the Controller – Article 6(1)(f) of the GDPR; depending on the situation, the legitimate interest in processing data is direct marketing of products or services, the desire to provide you with the highest quality services and improve their functioning, building positive relationships with you and other service recipients, responding to enquiries, suggestions, complaints and claims, or establishing, investigating and enforcing claims and defending against claims in proceedings before courts and other state authorities.

In most cases, the data is obtained directly from you. If we obtain your data on another basis, we will inform you immediately, providing all the necessary information specified in Article 14 of the GDPR, in order to enable you to exercise your rights.

5. How We Collect Data

from you directly during the registration;
direct entries you submit in the app;
permissions you grant for integrated accounts and device sensors;
background collection performed by secure software modules;
cookies and similar technologies (see Section 7).

All of the data is provided by you voluntarily but some of them are indispensable to use the App.

6. How long will we process your data?

Your data will be stored for no longer than is necessary.

Data received for marketing purposes will be stored until you object to such activities.

Data related to the application subscription will be processed for the period necessary for the performance of the contract and for the reporting of any claims – for no longer than 6 years, and if legal or administrative proceedings are initiated during that time, for the entire duration of such proceedings and for a period of 10 years from the date of the final judgement or decision in the case. After this time, processing will be limited solely to storing the data for as long as is necessary to delete or anonymize it.

After the expiry of the above periods, your personal data will be deleted or anonymized (converted into a fixed string of characters that makes it impossible to identify the person to whom the data relates).

7. Encryption and Security

All data collected is encrypted. Industry-standard TLS protects data in transit and at rest. We employ logical access controls, periodic security audits, and vulnerability monitoring to safeguard the Service.

8. Sharing and Disclosure

Recipient	Purpose
Your chosen friends	show your posts within 24 h
Service providers (cloud hosting, crash reporting, analytics in aggregate form)	operate the Service
Spotify (third-party beneficiary)	enable music insights
Google (third-party beneficiary)	obtain YouTube activity
Meta (third-party beneficiary)	obtain Instagram & Facebook activity
LinkedIn (third-party beneficiary)	obtain LinkedIn activity
TikTok (third-party beneficiary)	obtain TikTok activity
Pinterest (third-party beneficiary)	obtain Pinterest activity
OpenAI (third-party beneficiary)	Generate comments (data anonymized)

The Controller may transfer your data to other entities, including its subcontractors providing services supporting the Controller's activities, to the extent necessary to achieve the purposes of processing, e.g. providers of marketing tools, accounting services, legal advisors. Depending on the circumstances, these entities may be subject to the Controller's instructions regarding the purposes and methods of processing such data (processors) or may independently determine the purposes and methods of processing personal data (controllers).

Processors. The Controller uses the services of entities that process personal data exclusively on its behalf and on the basis of documented instructions. These include entities providing hosting services, cloud storage space, marketing systems (e.g. for sending newsletters and other emails), website traffic analysis, marketing campaign effectiveness analysis, etc.

Persons authorized to process data by the Controller. The Controller makes personal data available to all associates authorized to process data on its behalf, which results from the fact that people are behind the day-to-day operations :).

State authorities. Personal data is also made available when requested by authorised state authorities, in particular organisational units of the public prosecutor's office, the police, courts or the supervisory authority for personal data protection (the President of the Personal Data Protection Office).

Location. The above entities are mainly based in Poland and other countries of the European Economic Area (EEA). However, some of the above entities may be based outside the EEA. In connection with the transfer of personal data outside the EEA, the Controller has ensured that service providers provide guarantees of a high level of personal data protection. These guarantees result in particular from participation in the programme established under the EU-US Data Privacy Framework and the Commission (EU) Decision of 10 July 2023 on the adequacy of protection with regard to the EU-US data protection framework. In cases where the above requirement has not been met, the Controller will ensure compliance of data processing with the GDPR by obtaining consent for such transfer from the data subjects, and in the absence of such consent, the transfer of personal data of such persons to a third country will be excluded.

9. Automated decision-making and profiling

The Controller shall make every reasonable effort to tailor its own products and services, as well as all marketing communications addressed to portal users, to their interests and preferences. To this end, it may carry out automated processing of personal data, which, however, does not take the form of profiling, i.e. the use of data collected by the Controller to evaluate certain personal factors of a natural person, in particular their analysis or prediction of aspects relating to data collected by the Controller or inferences about personal characteristics and factors other than those collected by the Controller. However, the Controller may use the results of profiling carried out by third parties (e.g. Google, Facebook) when directing marketing and remarketing messages to portal users.

The Controller also notes that the targeting and personalisation of the controller's marketing communications, in particular offers and commercial information, based on collected behavioural data (related to the behaviour of the portal user and their activity on the portal, in particular the history of visited subpages), does not constitute profiling, unless it is the result of inferences about other personal characteristics and factors of the portal user based on data collected by the Controller.

10. Cookies & Similar Technologies

Our website uses:

Essential cookies – required for site functionality and security.
Analytics cookies – help us understand usage patterns (aggregated).

We do not allow third-party advertisers to place marketing cookies. Selected service providers may set their own analytics cookies solely to provide services to us.

Cookie management: You can disable non-essential cookies via our cookie banner or through your browser settings. Essential cookies cannot be disabled as they are strictly necessary for the site to function.

11. Spotify - Specific Disclosures

Mylize uses the Spotify Platform to surface listening insights. Spotify does not warrant the accuracy of data and is an express third-party beneficiary of this Privacy Policy and our Terms of Use. Your Spotify data is processed only to provide the music-related functionality you request and is not shared outside Mylize or your designated friends.

12. Google - Specific Disclosures

We use Google’s Data Portability API for you to share your Google data with us. You will have to authorise Mylize to connect with Google to enable us to use your data. We cannot access this data until you give your explicit consent.

Our use of information received from Google’s Data Portability API adheres to the ‘Data Portability API user data and developer policy’, including the Limited Use Requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the app or by email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance of the revised Policy.

14. Contact Us

Questions or concerns?
Email: privacy@mylize.com

You want to report security or privacy issues? Please use this form.