Skip to content
MIBI
NL Request a demo

Privacy notice

Last updated: 2025-10-28 · Version 1.0

This privacy notice explains how MIBI Building Ltd collects, uses and protects personal data when you use the MIBI mobile and web application to track project time, capture receipts, and integrate that data with your business workflows.

1. Data controller

MIBI Building Ltd is the data controller for personal data processed through the MIBI application. If you have any questions about how we handle your data, please contact us at [email protected].

2. Personal data we collect

  • Account & identity — name, email address, phone number, job title
  • Time entries — start and end times, dates, project assignments, activity descriptions, total hours
  • Expenses & receipts — receipt photos, merchant names, amounts, dates, notes
  • Device & usage — device model, operating system, app version, crash reports, aggregated analytics
  • Support communications — messages you send us and your email address

3. Why we collect your data

  • To provide the MIBI service — time tracking, expense management, and project reporting
  • To send account notifications and operational messages
  • To improve the app through aggregated analytics and crash reporting
  • To enable authorised connections to third-party accounting integrations
  • To comply with legal and tax obligations

4. Legal basis (EU / UK GDPR)

  • Contract performance — processing necessary to deliver the MIBI service
  • Legitimate interests — security, fraud prevention, and product improvement
  • Consent — optional features such as analytics and marketing communications
  • Legal compliance — where required by law (e.g. tax record retention)

5. Third-party sharing

We do not sell your personal data. We may share data with:

  • Accounting providers — only when you authorise an integration
  • Cloud infrastructure — Google Firebase (data stored in the EU, eur3 multi-region)
  • Service providers — email delivery, crash reporting, and payment processing, each bound by data processing agreements
  • App stores — Apple App Store and Google Play for app distribution

6. International data transfers

Application data is stored within the EU (Google Cloud eur3 multi-region). Some service providers may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Data retention

We retain your personal data for as long as necessary to fulfil the purposes described in this notice and to comply with legal obligations. Following a verified account deletion request, we will delete your data within 30–90 days, except where we are required by law to retain certain records (such as tax receipts).

8. Your rights

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention requirements)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email [email protected]. We will respond within 30 days where possible. If you are unsatisfied with our response, you can lodge a complaint with your national data protection authority (e.g. the Dutch AP or UK ICO).

9. Account deletion

To delete your account, email [email protected] with the subject line "Delete my account" and include your full name and the email address associated with your account. We will acknowledge your request within 30 days and complete deletion within 90 days, except for data we are legally required to retain.

10. Security

We use encryption, access controls, and monitoring to protect your data. However, no system is completely secure. If you have concerns about the security of your data, please contact us at [email protected].

11. Cookies & web tracking

The mibihub.app marketing website uses cookies for functionality, analytics, and performance. You can manage cookie preferences in your browser settings. The MIBI mobile app may use analytics SDKs subject to your consent preferences on your device.

12. Children

The MIBI app is intended for users aged 16 or above (or local working age, whichever is higher). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] so we can delete it promptly.

13. Changes to this notice

We may update this privacy notice from time to time. We will notify you of significant changes via the app or by email. The effective date at the top of this page will be updated whenever changes are made.

14. Contact

For any privacy-related questions or requests, please contact us at [email protected]. You can also reach us through the in-app support form.