Mitria

Mitria Privacy Policy

Last Updated: January 10, 2026

Introduction

Mitria Inc. ("Mitria," "we," "us," "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect information when you use our website (mitria.ai), platform, mobile applications, APIs, and related services (collectively, the "Services").

This Policy applies to all users of our Services, including Company administrators ("Admins"), cardholders ("Cardholders"), and visitors to our website ("Visitors"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We encourage you to read this Policy carefully. If you do not agree with our practices, please do not use our Services. If you have any questions, please contact us at privacy@mitria.ai.

Table of Contents

  1. Information We Collect
  2. How We Collect Information
  3. How We Use Your Information
  4. How We Share Your Information
  5. Data Retention
  6. Data Security
  7. Your Privacy Rights
  8. California Privacy Rights (CCPA)
  9. Nevada Privacy Rights
  10. International Data Transfers
  11. Children's Privacy
  12. Third-Party Links and Services
  13. Cookies and Tracking Technologies
  14. Do Not Track Signals
  15. Changes to This Policy
  16. Contact Information

1. Information We Collect

We collect several types of information from and about users of our Services.

1.1 Personal Information

Personal information is information that identifies, relates to, describes, or could reasonably be linked to you or your household. We collect the following categories of personal information:

A. Identity Information

  • Full legal name (first and last name)
  • Date of birth
  • Government-issued identification numbers (for authorized representatives)
  • Social Security Number (SSN) or Tax Identification Number (TIN) for business verification
  • Photographs or images (if provided)

B. Contact Information

  • Email address
  • Phone number
  • Mailing address
  • Business address

C. Business Information

  • Company name
  • Employer Identification Number (EIN)
  • Business type and structure
  • Industry classification
  • Business address
  • Articles of incorporation or formation documents
  • Business licenses
  • Authorized representative information
  • Beneficial ownership information

D. Financial Information

  • Bank account information (account number, routing number)
  • Payment card details (for billing purposes)
  • Credit history (obtained through credit bureaus with your consent)
  • Transaction history
  • Spending patterns
  • Account balances

E. Card and Transaction Information

  • Card numbers and expiration dates
  • Card verification values (CVV)
  • Transaction amounts, dates, and times
  • Merchant names and categories
  • Transaction descriptions
  • Authorization and decline information
  • Dispute and chargeback information

F. Account Information

  • Username and password (encrypted)
  • Account preferences and settings
  • Role and permission levels
  • Team assignments
  • Spending limits and restrictions
  • Approved vendor preferences

G. Device and Technical Information

  • IP address
  • Device type and identifiers
  • Browser type and version
  • Operating system
  • Mobile device identifiers (IDFA, GAID)
  • Hardware model
  • Unique device identifiers

H. Usage Information

  • Pages and features accessed
  • Time spent on pages
  • Click patterns and navigation
  • Search queries within the platform
  • Feature usage frequency
  • Login times and session duration

I. Communication Information

  • Emails and messages sent to us
  • Support ticket contents
  • Phone call recordings (with notice)
  • Chat transcripts
  • Survey responses
  • Feedback submissions

J. Geolocation Information

  • General location based on IP address
  • Precise location (only with explicit consent)
  • Transaction location data

1.2 Aggregated and De-identified Information

We may create aggregated, anonymized, or de-identified information from personal information by removing or modifying information that would identify you. This data is not subject to this Privacy Policy and may be used for any lawful purpose.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Identity verification services: To verify your identity and business
  • Credit bureaus: To assess creditworthiness and fraud risk
  • Banking partners: Transaction and account information
  • Card networks: Transaction processing information
  • Public databases: Business registration and compliance information
  • Marketing partners: Contact information for prospective customers
  • Social media platforms: If you interact with us through social media

2. How We Collect Information

We collect information through various methods:

2.1 Direct Collection

  • When you create an account or register for Services
  • When you complete our Know Your Business (KYB) verification
  • When you add Cardholders to your account
  • When you make transactions using Mitria Cards
  • When you contact our support team
  • When you respond to surveys or provide feedback
  • When you subscribe to our newsletter or marketing communications
  • When you participate in promotions or contests

2.2 Automated Collection

  • Through cookies and similar tracking technologies
  • Through server logs and analytics tools
  • Through our mobile applications
  • Through APIs and integrations
  • Through Card transaction processing

2.3 Third-Party Collection

  • From our identity verification partners
  • From our banking and card issuing partners
  • From credit bureaus and fraud prevention services
  • From public records and databases
  • From business data providers

3. How We Use Your Information

We use the information we collect for various purposes:

3.1 Providing and Managing Services

  • To create and manage your account
  • To verify your identity and business
  • To issue and manage Mitria Cards
  • To process transactions and payments
  • To enforce spending limits and merchant restrictions
  • To provide customer support
  • To send transactional communications (receipts, alerts, notifications)
  • To generate reports and insights

3.2 Improving Our Services

  • To analyze usage patterns and trends
  • To develop new features and products
  • To personalize your experience
  • To conduct research and analytics
  • To test new features and functionality
  • To improve platform performance and reliability

3.3 Security and Fraud Prevention

  • To detect and prevent fraud
  • To verify transactions and authorizations
  • To monitor for suspicious activity
  • To protect against unauthorized access
  • To investigate potential violations of our Terms
  • To comply with legal and regulatory requirements

3.4 Communications

  • To send service-related notifications
  • To respond to your inquiries and requests
  • To send marketing communications (with your consent)
  • To notify you of changes to our Services or policies
  • To send alerts about your account or Cards

3.5 Compliance and Legal Obligations

  • To comply with applicable laws and regulations
  • To respond to legal process and government requests
  • To enforce our Terms of Service
  • To protect our rights, privacy, safety, or property
  • To fulfill our obligations to financial regulators
  • To comply with anti-money laundering (AML) requirements
  • To comply with Know Your Customer (KYC) requirements

3.6 Benchmarking and Analytics

  • To create aggregated industry benchmarks
  • To provide comparative spending insights
  • To generate anonymized reports
  • To improve our pricing and offerings

3.7 Business Operations

  • To process billing and payments
  • To manage our relationship with you
  • To administer our rewards program
  • To facilitate corporate transactions (merger, acquisition)

4. How We Share Your Information

We may share your information with the following categories of recipients:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Issuing Bank Partners: To issue and manage Cards
  • Card Networks (Visa, Mastercard): To process transactions
  • Payment Processors: To process payments and billing
  • Identity Verification Services: To verify identity and business information
  • Credit Bureaus: To assess creditworthiness
  • Fraud Prevention Services: To detect and prevent fraud
  • Cloud Hosting Providers: To host our platform and data
  • Analytics Providers: To analyze usage and improve Services
  • Communication Providers: To send emails, SMS, and notifications
  • Customer Support Tools: To provide customer service
  • Accounting and Tax Services: To manage our finances

4.2 Financial Partners

We share information with our financial partners as necessary to provide the Services:

  • Issuing Banks: Transaction data, cardholder information, and account details necessary for Card issuance and management
  • Card Networks: Transaction data required for payment processing
  • Banking Partners: Account information for funding and billing

4.3 Your Company

If you are a Cardholder, we share information with your Company's Administrators, including:

  • Your name and contact information
  • Your Card details (masked card number)
  • Your transaction history and spending
  • Your spending limits and restrictions
  • Alerts and notifications related to your Card

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Legal and Regulatory Disclosures

We may disclose your information when required or permitted by law:

  • To comply with legal process (subpoenas, court orders)
  • To respond to government or regulatory requests
  • To cooperate with law enforcement investigations
  • To protect our legal rights or defend against claims
  • To prevent fraud or other illegal activities
  • To protect the safety of any person
  • To comply with financial regulations and reporting requirements

4.6 Business Transfers

In connection with a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

4.7 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for various purposes, including:

  • Industry benchmarking reports
  • Research and analytics
  • Marketing and promotional materials
  • Public reports on AI tool spending trends

4.8 Affiliates

We may share information with our corporate affiliates and subsidiaries for purposes consistent with this Privacy Policy.

5. Data Retention

5.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations:

Data CategoryRetention Period
Account InformationDuration of account + 7 years
Transaction Data7 years from transaction date
Identity Verification7 years from verification date
Communication Records3 years from communication
Usage Data2 years from collection
Marketing PreferencesUntil you opt out or account closure
Support Tickets3 years from resolution

5.2 Legal Requirements

We may retain information longer if required by law, regulation, or legal proceedings, including:

  • Tax and accounting requirements
  • Anti-money laundering regulations
  • Financial services regulations
  • Litigation holds
  • Regulatory investigations

5.3 Deletion

When information is no longer needed, we will securely delete or anonymize it. Some information may persist in backups for a limited time.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • Encryption of data in transit using TLS 1.2+
  • Encryption of data at rest using AES-256
  • Secure key management practices
  • Regular security assessments and penetration testing
  • Vulnerability scanning and patch management
  • Intrusion detection and prevention systems
  • DDoS protection
  • Web application firewalls

Administrative Safeguards

  • Employee background checks
  • Security awareness training
  • Access controls based on least privilege
  • Regular access reviews
  • Incident response procedures
  • Business continuity planning
  • Vendor security assessments

Physical Safeguards

  • Secure data center facilities
  • Physical access controls
  • Environmental controls
  • 24/7 monitoring

6.2 PCI-DSS Compliance

We maintain Payment Card Industry Data Security Standard (PCI-DSS) compliance for handling cardholder data.

6.3 SOC 2 Compliance

We maintain SOC 2 Type II compliance for security, availability, and confidentiality.

6.4 Your Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Enabling multi-factor authentication
  • Reporting any suspected security incidents promptly
  • Ensuring authorized users comply with security requirements
  • Protecting Card information from unauthorized access

6.5 Security Incidents

In the event of a security incident affecting your personal information, we will notify you as required by applicable law and take appropriate remedial measures.

7. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights:

7.1 Right to Access

You have the right to request access to the personal information we hold about you, including:

  • The categories of information we collect
  • The sources of information
  • The purposes for processing
  • The categories of third parties with whom we share information
  • The specific pieces of information we have collected

7.2 Right to Correction

You have the right to request that we correct inaccurate or incomplete personal information about you.

7.3 Right to Deletion

You have the right to request that we delete your personal information, subject to certain exceptions such as:

  • Completing a transaction or providing a service
  • Detecting and preventing fraud
  • Complying with legal obligations
  • Exercising legal rights

7.4 Right to Portability

You have the right to receive your personal information in a structured, commonly used, machine-readable format.

7.5 Right to Opt-Out

You have the right to opt out of:

  • Marketing communications
  • Sale of personal information (we do not sell personal information)
  • Certain targeted advertising
  • Automated decision-making in certain circumstances

7.6 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@mitria.ai
  • Online: Through your account settings
  • Mail: Mitria Inc., [Address]

We will respond to your request within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.

7.8 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and identity verification.

7.9 Appeals

If we deny your request, you have the right to appeal our decision by contacting us at privacy@mitria.ai.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

8.1 Categories of Information

In the preceding 12 months, we have collected the following categories of personal information:

CategoryCollectedDisclosed for Business Purpose
IdentifiersYesYes
Personal Information (Cal. Civ. Code § 1798.80)YesYes
Protected ClassificationsNoNo
Commercial InformationYesYes
Biometric InformationNoNo
Internet/Network ActivityYesYes
Geolocation DataYesYes
Sensory DataNoNo
Professional/Employment InformationYesYes
Education InformationNoNo
InferencesYesYes
Sensitive Personal InformationYesYes

8.2 Sale and Sharing

We do not sell your personal information as defined by the CCPA. We do not share your personal information for cross-context behavioral advertising.

8.3 Sensitive Personal Information

We collect sensitive personal information (SSN, financial account information) solely for purposes permitted under the CCPA, such as providing the Services and fraud prevention. We do not use or disclose this information for purposes other than those permitted.

8.4 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information to uses that are necessary to provide the Services. However, given the nature of our Services, we require this information to operate.

8.5 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

8.6 How to Exercise Your Rights

California residents may exercise their rights by:

  • Emailing privacy@mitria.ai
  • Calling [Phone Number]
  • Submitting a request through the platform

We will verify your identity by matching information you provide with information in our records.

9. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain personal information. While we do not currently sell personal information as defined by Nevada law, you may submit an opt-out request to privacy@mitria.ai.

10. International Data Transfers

10.1 Data Location

Our Services are primarily operated in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States.

10.2 Transfer Mechanisms

When we transfer personal information internationally, we use appropriate safeguards such as:

  • Standard Contractual Clauses approved by relevant authorities
  • Binding Corporate Rules
  • Consent (where appropriate)
  • Other legally recognized transfer mechanisms

10.3 European Economic Area (EEA) and UK

If you are located in the EEA or UK, we process your personal information based on the following legal bases:

  • Contract: Processing necessary to provide our Services
  • Legitimate Interests: Processing for our legitimate business purposes
  • Legal Obligation: Processing required by law
  • Consent: Where you have provided consent

You have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us at privacy@mitria.ai.

12. Third-Party Links and Services

12.1 Third-Party Websites

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

12.2 Third-Party Integrations

Our platform may integrate with third-party services (e.g., accounting software, communication tools). When you enable an integration, you may be sharing information with that third party according to their privacy policy.

12.3 Social Media

If you interact with us through social media platforms, your interactions are governed by the privacy policies of those platforms.

13. Cookies and Tracking Technologies

13.1 Types of Cookies

We use cookies and similar technologies for various purposes:

Essential Cookies

Required for the operation of our Services. They enable core functionality such as security, authentication, and accessibility.

Performance Cookies

Help us understand how visitors interact with our Services by collecting and reporting information anonymously.

Functionality Cookies

Enable enhanced functionality and personalization, such as remembering your preferences.

Analytics Cookies

Allow us to analyze usage patterns to improve our Services. We use services such as Google Analytics.

Marketing Cookies

Used to track visitors across websites to display relevant advertisements. We use these only with your consent.

13.2 Other Tracking Technologies

  • Pixels/Web Beacons: Small graphic images used to track user behavior
  • Local Storage: Data stored in your browser
  • Session Storage: Temporary data stored during your session
  • Device Fingerprinting: Collecting device attributes for fraud prevention

13.3 Cookie Management

You can manage cookies through:

  • Your browser settings
  • Our cookie preference center
  • Third-party opt-out tools

Note that disabling certain cookies may affect the functionality of our Services.

13.4 Analytics Partners

We use the following analytics services:

  • Google Analytics: Privacy Policy at https://policies.google.com/privacy
  • Mixpanel: Privacy Policy at https://mixpanel.com/legal/privacy-policy/
  • Amplitude: Privacy Policy at https://amplitude.com/privacy

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

14. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Our Services do not currently respond to DNT signals. However, you can manage tracking preferences through our cookie settings and browser controls.

15. Changes to This Policy

15.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.2 Notification

If we make material changes to this Policy, we will notify you by:

  • Posting the updated Policy on our website
  • Updating the "Last Updated" date
  • Sending an email to the address associated with your account
  • Providing notice through our platform

15.3 Continued Use

Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated Policy.

15.4 Review

We encourage you to review this Policy periodically to stay informed about our privacy practices.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Mitria Inc.

Privacy Inquiries:

  • Email: privacy@mitria.ai
  • Subject Line: "Privacy Inquiry"

General Support:

  • Email: support@mitria.ai
  • Website: https://mitria.ai/support

Legal Inquiries:

  • Email: legal@mitria.ai

Mailing Address:
Mitria Inc.
[Street Address]
[City, State ZIP]
United States

Data Protection Officer:

  • Email: dpo@mitria.ai

Response Time:
We aim to respond to all privacy inquiries within 30 days.

17. Additional Disclosures

17.1 Financial Services Regulations

As a provider of financial services, we are subject to various regulations that may require us to collect, use, and retain certain information. These requirements take precedence over deletion requests in certain circumstances.

17.2 Bank Secrecy Act / Anti-Money Laundering

We are required to maintain records and report certain transactions to comply with the Bank Secrecy Act and anti-money laundering regulations.

17.3 Card Network Rules

Our use of your information is also governed by the rules and regulations of the card networks (Visa, Mastercard) through which transactions are processed.

17.4 Issuing Bank Privacy Notices

Our Issuing Bank partners may provide additional privacy notices that apply to the issuance and use of Mitria Cards. Those notices are incorporated by reference.

18. Accessibility

We are committed to making our Privacy Policy accessible to all users. If you need this Policy in an alternative format, please contact us at privacy@mitria.ai.

19. Language

This Privacy Policy is provided in English. If there is any conflict between the English version and any translated version, the English version shall prevail.

20. Acknowledgment

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.

© 2026 Mitria Inc. All rights reserved.

Summary of Key Points

  • We collect information to provide corporate card services for AI tool spending
  • We share information with our banking partners, card networks, and service providers
  • We implement strong security measures to protect your data
  • We do not sell your personal information
  • You have rights to access, correct, and delete your information
  • We retain information as required by financial regulations
  • Contact privacy@mitria.ai with any questions

This Privacy Policy is effective as of January 10, 2026.