Mini's World

Privacy Policy

Effective: 2026-05-02
Last updated: 2026-05-02

The short version. We collect what we need to run Mini's World — your account, the events from devices you connect, and the conversations you have with your Minis. We do not store camera video or audio in the cloud. We do not sell your data. You can export or delete it at any time. This page is the long version with the specifics that partners (Ring, Wyze) and regulators expect.

1 Who we are

Mini's World is a service operated by Mini World, Inc. CONFIRM LEGAL ENTITY NAME ("we," "us," "our"). We are reachable at founder@minisworld.ai.

This policy explains what personal information we collect, why, how it flows when you connect third-party services, and the choices you have. It applies to minisworld.ai and the apps that ship as part of the service (web app, browser, and Mini Workstation desktop agent for Mac).

2 What we collect

We try to collect the minimum we need to make the product work. Concretely:

Account information

  • Email address (required to sign in)
  • Display name, if you provide one
  • A salted hash of your password if you use email/password sign-in (we never store the plaintext)
  • OAuth refresh tokens for the third-party services you connect, encrypted at rest with a per-user key

Connected device data

  • Event metadata from Ring, Wyze, Sifely, Home Assistant, and similar integrations: motion timestamps, doorbell presses, lock/unlock events, device state changes
  • Device names and types (so we can name them in the UI)
  • AI-generated summaries we produce from the above

What we do not store in the cloud: camera video, camera audio, or biometric data beyond locally-held voice prints. Snapshots may be proxied during event ingestion to generate alert summaries and are then discarded; they are not retained unless you explicitly enable clip retention (off by default).

Mac mini workstation telemetry

  • Health pings (the workstation is alive and connected)
  • Capability versions (which adapters / recipes are installed)
  • Error logs without payload content (so we can debug failures without reading your messages or screen)

Usage telemetry

  • Page views and feature usage, anonymized where possible
  • Error reports (stack traces and the route that produced them)
  • Performance metrics (latency, queue depth) at aggregate level

Family / household data (Kitchen Mini)

  • Household member names, ages, contact handles, and dietary preferences — only the values you enter
  • Meal plan history you generate or accept

AI conversation logs

  • Chat history with each Mini, retained until you delete it
  • Voice transcripts when you use voice mode (transient in-flight; persisted only if the conversation persists)

Outbound communication on your behalf (Local Services)

When you ask a Mini to find a local service provider, send a quote request, or call a contractor, we keep an audit record of every outbound message and call we make in your name. This includes:

  • The provider's phone number (last 4 digits in logs; full number in the secure outbound store, kept 7 days for inbound-reply matching, then auto-pruned)
  • The body of the message we sent
  • The transcript of any call we placed
  • Whether the call was recorded (only if the other party consented — see "Call recording" below)

Every outbound message and call we make on your behalf carries a clear AI-disclosure line so the recipient knows they're talking to an AI assistant, not a human.

Call recording

When a Mini places a call on your behalf, we ask the other party for permission to record before recording starts. In states with two-party-consent laws (California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, Washington), we require an explicit "yes" before recording — silence or ambiguity means no recording. Recordings are auto-purged after 90 days unless you explicitly retain them.

Compliance posture for outbound communication

  • TCPA calling-hours. We default to caller-local 8am–8pm Monday–Saturday for outbound calls. No Sundays. Outside that window we queue and call when allowed.
  • STOP keyword. Any provider who replies STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to one of our texts is added to your private do-not-contact list and never receives another outbound from us.
  • Per-provider rate limit. No more than 2 unanswered calls to a single provider per service request — we don't operate as a robocaller.
  • First-contact gate. The first time a Mini reaches out to a never-contacted provider, you approve once. After a successful job + good rating, that provider is auto-allowed for the future.

Payment information

If we ever charge for the service, payments are processed by Stripe. We do not see or store your card number. We see only the high-level fact of a successful charge and the last four digits for receipts.

What we do not collect

  • Camera video or audio in the cloud
  • Biometric data beyond locally-stored voice prints (those live in macOS Keychain on your Mac mini and never leave it)
  • Browsing history outside the Mini's World app
  • Continuous location data — we ask only when a feature explicitly needs it

3 How we use it

  • Operate the service. Sign you in, route events to the right Minis, deliver alerts.
  • Surface alerts and summaries. The whole point — turn raw events into useful, plain-English notifications.
  • Train per-user behavior. Your Minis adapt to your patterns within your account. We do not train shared models on your private data without your explicit, opt-in consent.
  • Improve the service. Aggregated, anonymized analytics — what features people use, where they get stuck.
  • Comply with law. Respond to lawful requests, enforce our terms, prevent abuse.

4 Connected services and data flow

Mini's World connects to other services on your behalf. Each connection is opt-in, scoped, and revocable. Specifics by integration:

Ring

  • Auth: OAuth via Ring's official developer program. We receive an access token + refresh token, both encrypted at rest.
  • What we receive: your device list, event webhook deliveries (motion, doorbell press, ding), and snapshots when an event fires.
  • What we do with it: generate alerts in your account, populate Sentinel's device list, build summaries.
  • What we store in the cloud: event metadata only (default 30-day retention, configurable). Snapshots are not retained beyond summary generation.
  • What happens when you disconnect: your tokens are revoked at Ring, your local copy is deleted, and your Ring event history in Mini's World is deleted within seven days.

Wyze

  • Auth: Wyze Developer API key + your Wyze account credentials, used by the Wyze Bridge running on your own Mac mini. Bridge credentials are stored only in your Mac mini's macOS Keychain and never transmitted to our servers.
  • What we receive: device list, event polls, and (locally only) RTSP camera streams via the bridge.
  • What we store: metadata only — device list, event timestamps, AI summaries. Camera streams stay on your local network.
  • Disconnect: remove the bridge, delete the API key in Settings → Integrations.

Sifely

  • Auth: API token from your Sifely admin portal, encrypted at rest.
  • What we receive: lock list, lock/unlock events, battery state.
  • What we store: device metadata + event log.
  • Disconnect: revoke the token in Sifely, delete it in Settings.

Home Assistant

  • Auth: long-lived access token from your local Home Assistant instance, stored encrypted on your Mac mini.
  • What we receive: only the events and device states you have exposed (we follow your HA configuration).
  • What we store: event metadata and the device subset you have connected.
  • Disconnect: revoke the token in HA, remove the connection in Settings.

Google (Gmail / Calendar)

  • Auth: Google OAuth with the minimum scopes the connected Mini needs (read or send, never broader).
  • What we read: only what each Mini's job requires — for example, a Mini that books travel reads booking-confirmation emails; it does not read everything.
  • Use of Google data is subject to Google's API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as necessary to provide or improve the user-facing features the user requested, comply with applicable law, or as part of a merger / acquisition / asset sale where the new entity continues to honor this policy. We do not sell Google user data, use it for advertising, or use it to develop or improve generalized AI/ML models.

5 Data sharing

We do not sell user data. We do not share user data with advertisers.

We use a small number of sub-processors strictly to operate the service:

  • HostingCONFIRM HOSTING PROVIDER (Render, AWS, GCP, or similar). Servers in U.S. regions.
  • Email delivery — Google Workspace (Gmail API) and CONFIRM TRANSACTIONAL EMAIL VENDOR if any (Postmark / SendGrid / etc.)
  • Payments — Stripe (when billing is enabled)
  • AI inference — OpenAI and Anthropic. When a Mini needs to generate text or call a tool, the relevant prompt content is sent to one of these providers under their respective data-processing agreements. Both providers commit (in their API terms) not to train on API content by default.

Legal compliance. We disclose information when required by law (subpoena, court order, valid government request). Where legally permitted, we notify the affected user before disclosure.

6 Retention

  • Account data: for as long as your account is active, plus 30 days after deletion (to handle reversal of accidental deletion and to satisfy backup cycles).
  • Event metadata from connected devices: default 30 days, user-configurable.
  • AI conversation logs: retained until you delete them.
  • Audit logs (security-relevant events): 12 months, for legal-compliance and incident-response.
  • Backups: rolling 30-day retention; deleted records are purged from primary stores immediately and from backups within 30 days.

7 Your rights

Regardless of where you live, you can:

  • Access — request a copy of the data we hold about you.
  • Correct — fix anything inaccurate.
  • Delete — full account and data deletion within seven days of request.
  • Export — get a portable JSON archive of your data.
  • Object — opt out of processing that is not strictly necessary to operate the service.

Exercise these rights by emailing founder@minisworld.ai from your account address, or through Settings → Privacy in the app. We respond within 30 days; usually much sooner.

8 Regional rights (GDPR, CCPA, others)

EU / EEA / UK (GDPR / UK GDPR)

You have the rights listed above plus the right to lodge a complaint with your supervisory authority. Our lawful bases for processing are: contract (operating the service you signed up for), legitimate interests (security, debugging, anti-abuse), and consent (for optional integrations and for any future profile-based personalization). Our data protection contact is founder@minisworld.ai. We do not currently appoint an EU representative because the volume of EU processing is below the Article 27 threshold; we will appoint one if and when the threshold is exceeded.

California (CCPA / CPRA)

California residents have the rights to know, delete, correct, and limit the use of sensitive personal information. We do not sell your personal information and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. To exercise your rights, email founder@minisworld.ai — we will verify your identity using information already associated with your account before responding.

Other regions

We extend the same access / correction / deletion / export rights to all users globally as a baseline, and honor specific local requirements where they apply (e.g., Brazil's LGPD, Canada's PIPEDA).

9 Children

Mini's World is not directed at children under 13 (under 16 in the EU/EEA). We do not knowingly create accounts for, or knowingly collect personal information from, anyone under those ages.

Some features, notably Kitchen Mini, allow an adult to add household members including minors. When that happens, we apply enforced safety rules at the server: members under 18 cannot be assigned weight-loss goals or numeric calorie targets, dietary guidance is qualitative only, and any output that approaches medical territory surfaces an explicit "talk to a pediatrician" disclaimer. We do not collect data from a child outside this guarded household context.

If you believe a child has provided us information directly, contact founder@minisworld.ai and we will delete it.

10 Security

  • Encryption at rest: AES-256-GCM for sensitive data including OAuth tokens, integration credentials, and voice prints.
  • Encryption in transit: TLS 1.2+ for all client-to-server and server-to-third-party traffic.
  • Per-user encryption keys for credential vaults — a compromise of one user's key does not affect others.
  • Mac mini workstation: credentials stored in the macOS Keychain, never transmitted to our cloud. Voice prints (used to authenticate sensitive verbal commands locally) are stored only on the workstation.
  • Frame signing: Ed25519-signed messages on the workstation-to-cloud channel, replay-protected.
  • Default-deny policies for sensitive actions, with auditable hash-chained logs.
  • Annual security review. We will publish a summary as the platform matures.

Report a vulnerability to security@minisworld.ai (forwarded to founder@minisworld.ai until a dedicated security contact is staffed). Please do not test against another user's account; coordinate with us first.

11 Changes to this policy

If we make a material change, we notify you by email and prominently in the app at least 30 days before it takes effect. Continued use after the effective date constitutes acceptance. We archive prior versions and link them here when they exist.

12 Contact

If we cannot resolve a privacy concern with you directly and you are in the EU/EEA/UK, you may also contact your local data-protection supervisory authority.