Updated: March 31, 2026
1. Introduction
Mila Support, Inc. ("Mila," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Mila mobile application and related services (collectively, the "Service").
Mila provides educational content, personalized informational support, and emotional support for preconception, pregnancy, postpartum wellness. Mila is not a medical device and does not provide clinical care, medical advice, diagnosis, or treatment. Our Service is not a substitute for professional healthcare. Always consult your healthcare provider for medical concerns.
Our non-clinical support team consists of certified doulas, non-clinical service providers, and maternal wellness experts who provide informational and emotional support within clearly defined non-clinical boundaries. They do not provide medical or clinical advice.
HIPAA Notice. Mila is not currently a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The health and wellness information you share with us is protected under this Privacy Policy and applicable consumer privacy laws rather than HIPAA. As our Services expand to include licensed clinical providers, we will update this Policy to reflect any applicable HIPAA obligations, notify you of material changes, and execute Business Associate Agreements with applicable service providers as required. If you have questions about how your health information is protected, please contact us at support@milasupport.com.
2. Information We Collect
When you create an account and use Mila, we may collect the following types of information:
2.1 Account Information
Name and email address
Password (stored in encrypted form)
Account preferences and settings
2.2 Health and Wellness Information
Preconception information
Fertility information
Pregnancy stage and estimated due date
Pregnancy and birth history
Postpartum status
Symptoms and wellness information you choose to share
Birth preferences and birth plan details
Relevant postpartum information related to mother and child
Infant wellness data
Lifestyle details and personal preferences relevant to your support experience (e.g., tone preference, daily routine)
2.2.1 Special Handling of Mental Health Information.
Mental health disclosures — including information about postpartum depression, postpartum anxiety, birth trauma, mood disorders, or any other mental health condition — are treated as a heightened-sensitivity category within your health and wellness information. We recognize that many members of our community will share deeply personal mental health experiences through the Service, and we take additional care with this information. Specifically: (1) mental health information is never shared with any third party except as strictly necessary to deliver the Service to you, or as required by applicable law including mandatory reporting obligations described in Section 3; (2) mental health information is not used for any marketing, analytics, or product development purpose that would identify you individually; and (3) we comply with all applicable state laws governing the confidentiality of mental health records, including California’s mental health privacy protections. If you have concerns about how your mental health disclosures are handled, contact us at support@milasupport.com.
2.3 Support and Chat Content
Messages you exchange with Mila's AI assistant
Messages you exchange with our certified doulas, non-clinical service providers and support team
Questions, journal entries, and other content you submit through the Service
2.4 Appointment Information
Scheduling details for appointments booked through our Service (processed via Calendly)
Note on Calendly: Appointment scheduling is facilitated through Calendly, a third-party scheduling platform. When you book an appointment through the Service, you may interact directly with Calendly’s platform, which has its own privacy policy and data practices. Mila has a data processing agreement with Calendly, but Calendly may independently collect certain information through its own tools and cookies. We encourage you to review Calendly’s Privacy Policy at calendly.com/privacy for information on how they handle your data.
2.5 Hospital Information
Hospital or birth center preferences
2.6 Optional Location Information
Zip code (only if you choose to provide it, used to personalize local resources)
2.7 Technical and Usage Information
Device type and operating system
App usage patterns and feature interactions
Crash logs and performance diagnostics (collected via Firebase)
IP address
We practice data minimization and only collect information that is necessary to provide and improve our Service.
3. How We Use Your Information
We use your information for the following purposes:
Providing personalized support: To generate AI-powered informational responses and daily insights tailored to your preconception, pregnancy or postpartum stage.
Facilitating expert support: To enable communication between you and our certified doulas and other non-clinical service providers.
Birth planning: To help you track and manage your birth preferences.
Providing resources: To deliver relevant educational content for your preconception, pregnancy and postpartum journey.
Appointment scheduling: To facilitate booking with our support team.
Push notifications: To send you timely, relevant updates about your support and messages (via Firebase Cloud Messaging). Notifications will never contain sensitive health information.
Improving our Service: To analyze aggregated, anonymized usage data to improve features and user experience.
Legal compliance: To comply with applicable privacy, security, and data-handling laws and regulations.
Human Provider Access: When you are connected with a human Provider (such as a doula or, in the future, a licensed clinical professional), that Provider will have access to your health and wellness information, and other content you have shared through the Service that is relevant to your support. Providers access your information only for the purpose of providing you with support and are bound by confidentiality obligations. Providers are independent contractors, not Mila employees, and are subject to applicable professional standards of confidentiality.
Important Notice Regarding Mandatory Reporting: Some Providers on the Platform may be subject to mandatory reporting obligations under applicable state and federal law, including obligations to report suspected child abuse, neglect, or domestic violence. In such circumstances, a Provider may be legally required to disclose certain information to the appropriate authorities, regardless of your wishes or our confidentiality commitments. This is a legal limitation on the confidentiality of information you share through the Service and is determined by applicable law, not by Mila. By using the Service, you acknowledge and understand this limitation.
4. AI-Powered Features and Data Practices
4.1 How Mila's AI Works
Mila uses artificial intelligence to provide personalized informational and emotional support. Our AI features are powered by OpenAI and Anthropic, trusted third-party AI service providers.
4.2 What Data Is Shared with AI Providers
When you interact with Mila's AI features, we send deidentified information to our AI providers to generate a response. This means:
What IS sent: Pregnancy stage, estimated due date, relevant health history, lifestyle details, tone preferences, and your chat messages — without any personal identifiers attached.
What is NOT sent: Your name, email address, account ID, zip code, insurance information, or any other information that could directly identify you.
We de-identify your personal information using a process consistent with the HIPAA Safe Harbor standard, removing the categories of personal identifiers specified under 45 C.F.R. § 164.514(b) before any data leaves our servers. The AI providers receive only the information necessary to generate a helpful, personalized response — with no way to connect that information back to your identity.
4.3 AI Provider Data Retention
Neither OpenAI nor Anthropic retains your data for more than 30 days after generating a response. Your deidentified information is processed in real time to produce a response and is not stored by either provider afterward. We have configured our accounts with both providers to ensure zero data retention.
4.4 No AI Model Training
Your data is never used to train or improve OpenAI's or Anthropic's AI models. Both providers are contractually prohibited from using any data received from Mila for model training, fine-tuning, or any purpose other than generating a response.
ng your requested response.
4.5 AI Consent and Opt-Out
Before your data is sent to any AI provider for the first time, we will ask for your explicit consent through a dedicated in-app disclosure screen. You may:
Enable AI features after reviewing how your data is handled.
Decline AI features and still access doula support and limited app features.
Change your preference at any time in the app's Settings.
If you disable AI features, no further data will be sent to our AI providers. Previously processed data was not retained by the providers and cannot be retrieved.
4.5.1 Opt-Out
Opt out of AI features entirely. You may disable all AI-powered features as described in Section 4.5 above. If you do this, no data will be sent to AI providers for any purpose, including generating responses. You will retain access to doula support and other human-delivered features of the Service.
5. Third-Party Service Providers
We work with trusted third-party service providers to operate our Service, including providers for AI processing, database hosting, backend infrastructure, push notifications, appointment scheduling, and website analytics. Each provider is contractually required to protect your data and use it only for the purposes we specify.
Our AI providers (OpenAI and Anthropic) receive only deidentified data and retain nothing after generating a response, as described in Section 4. Website analytics (PostHog) are used on our website only and are not active within the Mila mobile app.
We do not sell your data to any third party. We do not share your data with third parties for advertising purposes. All third-party providers are required to provide the same or greater level of data protection described in this Privacy Policy.
Business Associate Agreements. As Mila expands to include licensed clinical providers and the handling of information that may constitute protected health information (PHI) under HIPAA, we will execute Business Associate Agreements (BAAs) with applicable third-party service providers as required by law. This includes, where applicable, our infrastructure providers, AI providers (OpenAI and Anthropic), and scheduling tools (Calendly). We will update this section to identify which providers operate under BAAs as our Services evolve.
For questions about our specific service providers, contact us at support@milasupport.com.
6. Data Protection and Security
We take the security of your information seriously and implement the following safeguards:
Encryption at rest: All sensitive data is encrypted using Supabase's built-in encryption for stored data.
Encryption in transit: All data transmitted between your device, our servers, and third-party providers is encrypted using SSL/TLS.
Deidentification: Personal identifiers are stripped before data is sent to AI providers, as described in Section 4.
Authentication: Strong password requirements and secure session management.
Access controls: Role-based access controls limit which team members can access user data.
Data minimization: We collect only the data necessary to provide our Service.
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.
7. Cookies and Tracking Technologies
On our website (not in the mobile app), we may use cookies and similar tracking technologies to enhance user experience, analyze website usage patterns, and improve our services. You can manage your cookie preferences through your browser settings.
8. Your Rights and Data Control
You have the right to:
Access your data: Request a copy of the personal information we hold about you.
Correct your data: Update or correct inaccuracies in your personal information through the app or by contacting us.
Delete your account and data: You can delete your account and all associated personal data directly within the Mila app under Settings > Account > Delete Account. You may also request deletion by emailing us at support@milasupport.com. Upon deletion, we will remove your personal data within 90 days, except where retention is required for legal or regulatory compliance.
Opt out of AI features: Disable AI-powered features at any time in the app's Settings, as described in Section 4.5.
Withdraw consent: Revoke consent for data collection at any time by adjusting your settings in the app or contacting us. Withdrawing consent may limit your ability to use certain features of the Service.
California Residents (CCPA/CPRA): Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the following rights: (1) the right to know what personal information we collect, use, disclose, and sell; (2) the right to request deletion of personal information, subject to certain exceptions; (3) the right to correct inaccurate personal information; (4) the right to opt out of the sale or sharing of personal information (we do not sell or share your personal information); (5) the right to limit the use and disclosure of sensitive personal information (SPI); and (6) the right to non-discrimination for exercising your rights.
Sensitive Personal Information (SPI). Under CPRA, certain categories of information we collect qualify as sensitive personal information, including pregnancy status, health conditions, and precise geolocation. We use SPI only for the purpose of providing the Service to you. We do not use SPI to infer characteristics about you or for any secondary purpose without your consent. You have the right to direct us to limit the use and disclosure of your SPI to what is necessary to provide the Service. To exercise this right, contact us at support@milasupport.com.
Do Not Sell or Share My Personal Information. We do not sell or share your personal information with third parties for cross-context behavioral advertising. To submit a request or opt out of any future sale or sharing, contact us at support@milasupport.com.
To exercise any CCPA/CPRA rights, contact us at support@milasupport.com. We will respond to verifiable consumer requests within 45 days, with one extension of an additional 45 days where necessary.
Residents of Other States: Depending on the state in which you reside, you may have additional privacy rights under applicable law. Several states have enacted comprehensive consumer privacy laws that may grant you rights regarding your personal data, including rights to access, correct, delete, or obtain a portable copy of your information. Washington residents should be aware that the Washington My Health MY Data Act provides specific protections for consumer health data, including the right to withdraw consent and the right to delete health data. Residents of Virginia, Colorado, Texas, Florida, and other states with active privacy regimes may also have applicable rights. To exercise any state privacy rights, please contact us at support@milasupport.com. We will respond to your request in accordance with the requirements of applicable law in your state.
8.1 Legal Basis for Processing Your Information.
Mila processes your personal information on the following legal bases depending on the category of data and purpose of processing:
Contract performance. We process account information, health and wellness information, and support content to deliver the Services you have signed up for. This processing is necessary to perform our agreement with you.
Consent. We process sensitive health information and AI feature data on the basis of your explicit consent, obtained through the in-app consent screen described in Section 4.5 and account onboarding. Under Washington’s My Health MY Data Act and similar state laws, we obtain separate affirmative consent before collecting and before sharing consumer health data. You may withdraw consent at any time as described in Section 8.
Legitimate interest. We process technical and usage data for service security, fraud prevention, and aggregate analytics. Our legitimate interest in maintaining a safe and functional platform is balanced against your privacy interests, and this data is processed only in anonymized or aggregated form for analytics purposes.
Legal obligation. We process and in limited circumstances disclose information where required by applicable law, including mandatory reporting obligations and breach notification requirements.
9. Data Retention
We retain your personal data only as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy, subject to applicable legal retention requirements. The following retention periods apply by data category:
Account and Profile Information (name, email, account preferences): retained until account deletion, removed within 90 days of deletion request.
Health and Wellness Information (pregnancy stage, health history, symptoms, preferences): retained until account deletion, removed within 90 days of deletion request. Where clinical records are created by licensed providers, applicable state medical records retention laws may require retention for a longer period (typically 7–10 years), in which case we will retain only the minimum required and notify you.
Chat and Support Content (messages with AI assistant and human Providers): retained until account deletion, removed within 90 days of deletion request.
Technical and Usage Data (device information, usage patterns, crash logs): retained for up to 24 months for service improvement purposes, then deleted or anonymized.
Backup Systems. When you request account deletion, your data will be removed from our active systems within 90 days. Deleted data may persist in encrypted backup systems for up to an additional 90 days before being purged from backups. During this backup retention period, your data is not accessible for operational use. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.
As described in Section 4.3, our AI providers do not retain any data after generating a response.
10. Data Breach Notification
In the event of a data breach that affects your personal information, Mila will take the following steps:
Containment and Investigation. We will promptly investigate and take steps to contain the breach and assess the scope and nature of any affected data.
Member Notification. Where required by applicable law, we will notify affected members without undue delay — and in most cases within hours of becoming aware of a qualifying breach — by email to the address on file. Our notification will describe the nature of the breach, the categories of information affected, the steps we are taking, and the steps you can take to protect yourself.
Regulatory Notification. We will notify applicable state regulators and, where required, federal authorities in accordance with applicable breach notification laws, including the FTC Health Breach Notification Rule and applicable state data breach statutes. Where HIPAA becomes applicable to our Services in the future, we will comply with HIPAA breach notification requirements including HHS notification obligations.
11. Children's Privacy
Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@milasupport.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you through the app, our website, or by email. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
13. Contact Us
If you have any questions about this Privacy Policy, your data, or your rights, please contact us at:
Mila Support, Inc. Email: support@milasupport.com
Response Timeframes. We will acknowledge receipt of your privacy request within 10 business days and respond substantively within 45 days of receipt. Where a request requires additional time to process, we will notify you within the initial 45-day period and may extend our response by an additional 45 days, for a maximum total response time of 90 days. We will not charge a fee for reasonable requests but reserve the right to charge a reasonable fee or decline to act on requests that are manifestly unfounded or excessive.
Mila provides informational and emotional support for preconception, pregnancy and postpartum wellness. Mila is not a medical device and does not provide clinical care, diagnosis, or treatment. Always consult your healthcare provider for medical concerns.