How we collect, use, and protect your information.
Effective Date: April 6, 2026
MYCOBI, Inc. ("MYCOBI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and protect information when you use any MYCOBI platform or service, including mycobi.com and all its subdomains (collectively, the "Platform").
By using the Platform, you agree to this Privacy Policy. If you do not agree, please stop using the Platform.
This Policy should be read alongside our Terms of Service.
We collect information in the following categories:
Account and Identity Information. Information you provide when creating an account, updating your profile, or contacting us, such as your name, email address, and professional or company details.
Assessment and Platform Usage Data. Information generated when you use our tools and assessments, including your responses, results, scores, and the actions you take within the Platform.
Agreement and Consent Records. Records of your acceptance of our Terms of Service and other agreements, including the date, time, and technical identifiers associated with that acceptance, as required by law.
Support and Feedback Submissions. Information you voluntarily submit when contacting support or reporting issues, which may include written descriptions, attachments, and technical context about your session.
Technical and Device Information. Information automatically collected when you access the Platform, such as your IP address, browser type, and session identifiers. We use this information for security, fraud prevention, and to maintain the reliability of our services.
We do not collect sensitive personal information such as government identification numbers, financial account credentials, health or biometric data, or precise geolocation.
We use the information we collect to:
We do not use your personal information to train external AI models or sell your data to third parties. Our assessment scores (IRD, TRA, BRL) are produced by rule-based algorithmic systems, not AI. AI-assisted features are clearly labeled within the Platform and are only activated when you explicitly request them. MYCOBI does not use any automated system to make consequential decisions about you without human oversight.
We do not sell your personal information.
We may share your information in the following limited circumstances:
Service Providers. We share information with trusted vendors who help us operate the Platform, such as cloud infrastructure, authentication, and customer relationship management providers. These vendors are contractually required to protect your data and may only use it to provide services to us.
Legal Obligations. We may disclose information when required by law, court order, or government authority, or when necessary to protect the rights, safety, or property of MYCOBI or others.
Aggregated and De-identified Data. We may share aggregated, de-identified insights — such as industry-level readiness benchmarks — that cannot reasonably be used to identify any individual or organization.
Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before such a transfer occurs.
With Your Consent. We may share information for other purposes when you have given your explicit consent.
Our Platform integrates with or relies on third-party services, each subject to its own privacy policy. We encourage you to review their policies. Current categories of third-party providers include:
We will update this section as integrations are added or changed.
We use authentication session tokens and essential browser storage necessary to operate the Platform. We do not currently use advertising cookies, cross-site tracking technologies, behavioral analytics platforms, or session recording tools.
If we introduce non-essential tracking in the future, we will update this Policy, provide notice, and obtain consent where required by law.
We retain your information for as long as your account is active and for a reasonable period afterward to fulfill our legal obligations, resolve disputes, and enforce our agreements. Certain records — such as agreement acceptance logs — are retained for extended periods as required by applicable law. Temporary files such as support attachments are deleted on a defined schedule.
You may request deletion of your account and associated personal data at any time (see §8).
We implement commercially reasonable technical and organizational safeguards to protect your information from unauthorized access, use, or disclosure. These include encrypted data transmission, access controls, and short-lived authentication tokens.
No method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify affected users and applicable authorities within the timeframes required by law.
Depending on your location, you may have rights regarding your personal information, including the right to:
To exercise any of these rights, contact us at support@mycobi.com with the subject line "Privacy Request." We will verify your identity and respond within the timeframe required by applicable law. We will not discriminate against you for exercising these rights.
The Platform is intended for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal information, please contact us immediately and we will delete it promptly.
MYCOBI is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Platform, you acknowledge this transfer. Where required by applicable law, we will implement appropriate safeguards for international transfers.
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know, correct, delete, and opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
To submit a CCPA request, contact us at support@mycobi.com with the subject line "CCPA Request." We will respond within 45 days, extendable by an additional 45 days with notice.
If you are located in the EEA or UK, we process your personal information under applicable legal bases, which may include performance of a contract, compliance with a legal obligation, or our legitimate interests in operating and improving the Platform. Where we rely on consent, you may withdraw it at any time.
For GDPR-related inquiries, contact us at support@mycobi.com with the subject line "GDPR Inquiry."
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and version number above. For material changes, we will provide advance notice by email or prominent notice on the Platform before the changes take effect. Continued use of the Platform after the effective date of any change constitutes acceptance of the updated Policy.
For privacy-related questions, requests, or concerns:
Email: support@mycobi.com Subject line: "Privacy — [Your Request]"
We will respond within 30 business days for general inquiries.
Our physical address is available upon request and where required by applicable law.