Privacy Policy

Last updated:

This Privacy Policy explains how Ajourney Technologies Pte. Ltd. (doing business as Mistle) (“Mistle,” “we,” “us,” or “our”) collects, uses, shares, and retains information in connection with Mistle Cloud.

Mistle Cloud is the hosted service operated by Mistle. This Privacy Policy does not apply to self-hosted Mistle deployments operated by someone else.

For privacy requests, contact data-officer@mistle.dev.

1. Information we collect

Account and organization information

We collect information you provide when creating or using an account or organization, such as name, email address, authentication information, organization membership, role, settings, billing details, and support communications.

Customer Content

We collect and process Customer Content submitted to Mistle Cloud by you, your organization, your agents, or your connected systems. Customer Content may include prompts, agent messages, repository contents, sandbox files, terminal output, logs, generated code, integration event payloads, provider metadata, and other data used by hosted agent workflows.

Product and technical information

We collect information about how Mistle Cloud is accessed and used, including IP address, device and browser information, pages and features used, event metadata, timestamps, identifiers, logs, diagnostics, performance data, and approximate location derived from IP address.

Billing and transaction information

If you use paid features, we and our payment processors collect billing information needed to process payments, issue invoices, calculate taxes, prevent fraud, and maintain financial records.

Information from Customer-Configured Services

When you or your organization connects a Customer-Configured Service, Mistle Cloud may receive account, workspace, repository, issue, chat, observability, model-provider, webhook, event, permission, token, and metadata from that service as needed for your configured workflows.

2. How we use information

We use information to:

  • provide, operate, maintain, and improve Mistle Cloud;
  • create and manage accounts, organizations, members, billing, support, and service communications;
  • run sandboxes, sessions, triggers, integrations, agent runtimes, and connected workflows;
  • process Customer Content according to customer instructions;
  • authenticate users, protect accounts, detect abuse, investigate incidents, enforce terms, and maintain service reliability;
  • debug, troubleshoot, monitor, and improve product quality;
  • comply with law, legal process, tax, accounting, and audit obligations; and
  • create aggregated or de-identified analytics where practical.

We may access or inspect Customer Content where reasonably needed for support, debugging, abuse prevention, security, legal compliance, service reliability, or with customer consent.

3. AI and model processing

Mistle does not use Customer Content to train Mistle or third-party foundation models.

Mistle Cloud may send Customer Content to AI, model, or agent runtime providers when you configure those providers or when processing is needed to run the agent workflow you requested. If you connect or configure your own model provider account, that provider’s terms and policies may apply to its processing of Customer Content.

4. How we share information

Mistle Cloud Providers

We share information with vendors selected by Mistle to operate Mistle Cloud. These providers may support hosting, networking, databases, storage, email, analytics, billing, observability, secret management, sandbox infrastructure, and support operations.

Customer-Configured Services

We transmit information to Customer-Configured Services when you or your organization connects or configures those services. For example, Mistle Cloud may send prompts, repository context, generated output, webhook payloads, comments, pull request data, or other Customer Content to the connected service so agents can perform the workflow you requested.

Customer-Configured Services are controlled by you or your organization, and their own terms and policies govern their processing.

Organization administrators and members

Organization owners, administrators, and authorized members may access information associated with the organization, including Customer Content, activity, settings, integrations, members, and billing information according to their permissions.

We may disclose information if we believe it is necessary to comply with law, legal process, government request, enforce our agreements, protect rights and safety, prevent fraud or abuse, or respond to security incidents.

Business transfers

We may disclose information as part of a merger, acquisition, financing, reorganization, bankruptcy, or transfer of all or part of our business.

5. Cookies and analytics

Mistle uses cookies, local storage, similar technologies, analytics, and logs to operate Mistle Cloud, understand usage, improve reliability, and protect the service.

Analytics and logs may include pages or features used, event metadata, device and browser information, technical request metadata, and, for authenticated App usage, Mistle user or organization identifiers. Cloudflare analytics and logs may include country inferred at the network edge, traffic volume, response status, performance, and security-related signals.

We do not intentionally send source code or raw sandbox content to analytics providers, but Customer Content may appear in analytics if it is included in user-entered names, labels, URLs, or metadata shown in tracked product surfaces.

See our Cookie Policy for more detail about how cookies, browser storage, and analytics differ between the Website and App.

6. Security

We use administrative, technical, and organizational safeguards designed to protect information. These include access controls, encryption, secret management, logging, monitoring, and credential-brokering patterns described on our Security page.

No service can guarantee perfect security. You are responsible for configuring organization access, connected-service permissions, secrets, repositories, and sandbox workflows appropriately.

7. Retention

We retain information for as long as needed to provide Mistle Cloud, comply with law, resolve disputes, enforce agreements, maintain security, support backup/audit/debugging windows, and operate legitimate business functions.

When information is deleted, residual copies may remain for a limited period in backups, logs, caches, audit records, or other systems where deletion is not immediate. We may retain billing, security, legal, and abuse-prevention records where required or permitted by law.

Customer-Configured Services may retain copies of information outside Mistle’s control according to their own terms and policies.

8. Your choices and rights

Depending on your location and relationship with Mistle, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal data, or to withdraw consent where processing is based on consent.

To make a request, email data-officer@mistle.dev. We may need information to verify your identity and authority. Some requests may need to be handled through your organization administrator if the data belongs to an organization workspace.

9. International processing

Mistle Cloud and its providers may process information in countries where Mistle, Mistle Cloud Providers, Customer-Configured Services, and their infrastructure operate. Those countries may have data protection laws different from where you live or work.

10. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy, sending email, or notifying you through Mistle Cloud. The updated policy takes effect when posted or as otherwise stated in the notice.