miyo

Privacy Policy

Last updated 2026-05-21

TLDR

  • miyo runs entirely on your device. Your notes, files, and vault content never leave your computer.
  • We collect no telemetry and no usage data. There is no server-side analytics of your activity.
  • The miyo relay service exists solely to let ChatGPT and Claude connect to your desktop app. It acts as a secure transport layer, never reads or stores your content, and only forwards what the caller agent explicitly requests.
  • We collect only the minimum account information required to authenticate you and manage your subscription.

Introduction

This Privacy Policy applies to all users of miyo, a desktop application and associated services offered by Brevilabs LLC (“Brevilabs,” “we,” or “us”). It describes how we handle personal information in connection with the miyo desktop app, the miyo.md website, and the miyo relay service. Please read this policy carefully. By using miyo, you acknowledge these practices.

What miyo does not collect

Because miyo is a local-first desktop application, the following data stays entirely on your device and is never sent to us or any third party:

  • Your notes, documents, and vault contents
  • File names, folder structures, or metadata
  • Queries you run against your local data
  • Any content returned by the MCP server to an AI agent (this data travels directly between your device and the AI application you’re using, not through our infrastructure)
  • Usage patterns, feature interactions, or behavioral telemetry
  • Crash reports or error logs from the desktop app

What we do collect

To run the miyo.md website and manage accounts, we collect:

  • Account information — email address, and optionally your name and profile image if you sign in with GitHub or Google.
  • Subscription data — your current plan (Free or Relay), subscription period, and Stripe customer ID. This is stored in our database so we can gate desktop and relay access appropriately.
  • Authentication tokens — short-lived session cookies on miyo.md, and signed JWTs that allow your desktop app and the relay to verify your entitlement without calling home on every request.
  • Standard web server logs — IP address, browser type, and request metadata produced by Vercel when you visit miyo.md. These are retained according to Vercel’s standard log retention policy.

The miyo MCP server

miyo implements the Model Context Protocol (MCP). When an AI agent (such as Claude or a ChatGPT plugin) calls a miyo MCP tool, the request goes to the miyo server running on your device. The server reads only the specific data the tool requires — for example, a “search notes” tool reads matching note content; it does not scan unrelated files. The response is returned directly to the requesting AI application. At no point does this content pass through Brevilabs infrastructure. We have no visibility into what your AI agents ask for or receive.

The miyo relay service

AI applications like ChatGPT and Claude cannot connect directly to software running on your local machine. The miyo relay (relay.miyo.md) bridges this gap by acting as a secure tunnel.

Here is what the relay does and does not do:

  • Does: forwards MCP requests from the AI application to your desktop, and forwards responses back. Traffic is authenticated using signed JWTs so only verified Relay or Believer users can use the tunnel.
  • Does not: read, log, store, or inspect the content of MCP messages passing through the tunnel.
  • Does not: retain any data about what your AI agent requested or what your device returned.

The relay is operated by Brevilabs on Railway. Standard infrastructure logs (connection timestamps, error codes) may be retained for operational purposes, but these logs do not contain message content.

Payment processing

Subscription payments are handled by Stripe. When you purchase miyo relay, your payment details are entered directly into Stripe’s hosted checkout — we never see or store your card number. Stripe is subject to its own privacy policy.

Third-party services we use

  • Vercel — hosts miyo.md. Standard web request logs.
  • Railway — hosts the relay service. Standard infrastructure logs.
  • Stripe — processes payments and manages subscriptions.
  • Resend — sends authentication emails (magic links). Only your email address is shared.
  • GitHub / Google — optional OAuth sign-in providers. We receive only what you authorize during the OAuth flow (email, name, profile image).

Data retention and deletion

Account and subscription data is retained for as long as your account is active. If you cancel your subscription, your account record is retained so you can sign back in and resubscribe. To request full account deletion, email us at info@brevilabs.com.

Because your vault content is stored only on your device, deleting the miyo desktop app removes all local data. We have no copy to delete on your behalf.

Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal information. To exercise these rights, contact us at info@brevilabs.com with the subject line “Privacy Request.” We will respond within 30 days.

Children

miyo is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have, we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page and, where appropriate, by email. Continued use of miyo after changes constitutes acceptance.

Contact

Brevilabs LLC is the data controller for personal information processed in connection with miyo. Questions or concerns: info@brevilabs.com.

← Back to miyo