Privacy Policy

Version 2.0.0 • November 27, 2025

← Back to Home
Compliant with GDPR (EU), CCPA (California), and other applicable data protection laws

1. INTRODUCTION

This Privacy Policy (hereinafter — "Policy") describes how Millennium service (hereinafter — "Service", "we", "our") collects, uses, stores, protects, and discloses personal data of users (hereinafter — "User", "you", "your").

We take your privacy seriously and are committed to processing your personal data in accordance with applicable laws, including:

  • GDPR — General Data Protection Regulation (EU) 2016/679
  • CCPA — California Consumer Privacy Act
  • LGPD — Brazilian General Data Protection Law
  • Other applicable data protection laws

By using the Service, you confirm that you have read and understood this Policy. If you do not agree with any terms, please do not use the Service.

2. DATA CONTROLLER

The controller (operator) of your personal data is:

Millennium AI

Email: privacy@millennium.ai

DPO (Data Protection Officer): dpo@millennium.ai

For all questions related to personal data processing, you can contact our Data Protection Officer (DPO).

3. DATA WE COLLECT

3.1. Data you provide directly:

CategoryExamplesRequired
RegistrationEmail, password (hashed)Required
ProfileName, phone, country, cityOptional
PaymentCrypto wallet address, last 4 card digitsFor payments
ContentChat messages, conversation historyWhen using
SettingsLanguage, theme, preferencesOptional

3.2. Data collected automatically:

CategoryExamplesPurpose
TechnicalIP address, browser type, OS, deviceSecurity, optimization
UsageVisit time, pages viewed, clicksAnalytics, improvement
CookiesSession identifiers, settingsFunctionality
LogsActivity records, errorsDebugging, security

3.3. Data from third-party sources:

  • OAuth providers (Google, Apple, Discord, Telegram): basic profile (email, name, avatar)
  • TON Connect: wallet address when connecting for payment
  • Payment providers: transaction status, payment ID

We do NOT collect:

  • Full bank card numbers or CVV
  • Private crypto wallet keys
  • Biometric data
  • Health data
  • Racial or ethnic origin

4. PROCESSING PURPOSES

We process your personal data for the following purposes:

PurposeDescriptionLegal Basis
Service provisionAccount creation, request processing, analysis generationContract performance
PersonalizationInterface and recommendation adaptationLegitimate interest
Payment processingPayment acceptance, subscription managementContract performance
CommunicationNotifications, support, important updatesContract / Legitimate interest
SecurityFraud prevention, account protectionLegitimate interest
Service improvementUsage analysis, feature developmentLegitimate interest
Legal complianceRegulatory requirements fulfillmentLegal obligation
MarketingNews, promotions (only with consent)Consent

6. DATA RETENTION

We retain your data no longer than necessary for processing purposes:

Data CategoryRetention PeriodBasis
Account dataAccount lifetime + 3 yearsLegitimate interest, legal requirements
Conversation historySubscription period + 1 yearContract performance
Payment data5-7 years after transactionFinancial legislation
Activity logs12 monthsSecurity
Marketing consentsUntil withdrawal + 3 yearsProof of consent
CookiesUp to 12 monthsFunctionality

After the retention period expires, data is irreversibly deleted or anonymized.

7. DATA SECURITY

We implement comprehensive technical and organizational measures to protect your data:

Technical Measures

  • • TLS 1.3 encryption in transit
  • • AES-256 encryption at rest
  • • Password hashing (bcrypt)
  • • Two-factor authentication
  • • WAF and DDoS protection
  • • Regular security testing

Organizational Measures

  • • Role-based access control
  • • Staff training
  • • Security policies
  • • Regular audits
  • • Incident response plan
  • • Confidentiality agreements

In case of a data breach, we will notify you and relevant supervisory authorities within 72 hours in accordance with GDPR.

8. DATA SHARING

We may share your data with the following categories of recipients:

RecipientPurposeSafeguards
Hosting providersInfrastructure hostingDPA, ISO certifications
Payment providersPayment processingPCI DSS, DPA
Analytics servicesService improvementAnonymization, DPA
OAuth providersAuthenticationProvider policies
Legal advisorsLegal supportProfessional privilege

We guarantee:

  • • We do NOT sell your personal data to third parties
  • • All recipients are bound by Data Processing Agreements (DPA)
  • • Sharing is only for stated purposes
  • • We conduct vendor due diligence

Legal disclosure: We may disclose data to government authorities upon lawful request (court order, subpoena).

9. INTERNATIONAL DATA TRANSFERS

Your data may be processed on servers located outside your country, including countries that do not provide an adequate level of protection according to the EU.

For such transfers, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCC) — approved by the European Commission
  • Adequacy decisions — for countries with recognized protection levels
  • Binding Corporate Rules (BCR) — for intra-group transfers
  • Additional technical measures — encryption, pseudonymization

You can request a copy of applicable safeguards by contacting our DPO.

10. YOUR RIGHTS

Under GDPR, CCPA, and other applicable laws, you have the following rights:

Right of Access

Obtain a copy of your personal data and information about its processing.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of data ("right to be forgotten").

⏸️ Right to Restriction

Request temporary restriction of processing.

Right to Portability

Receive data in machine-readable format.

Right to Object

Object to processing based on legitimate interest.

↩️ Right to Withdraw Consent

Withdraw previously given consent at any time.

Right to Complain

File a complaint with a data protection supervisory authority.

How to exercise rights:

  • • Email: privacy@millennium.ai
  • • Through account settings
  • • Response time: 30 days (may be extended by 60 days for complex requests)
  • • We may request identity verification

For California Residents (CCPA):

  • • Right to know what data is collected and sold
  • • Right to delete personal information
  • • Right to opt-out of data sale (we do NOT sell data)
  • • Right to non-discrimination when exercising rights

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to ensure Service operation:

TypePurposeDurationCan Disable
Strictly necessaryAuthentication, securitySessionNo
FunctionalSaving settings (language, theme)Up to 12 monthsYes
AnalyticsUnderstanding service usageUp to 12 monthsYes
MarketingAd personalizationUp to 12 monthsYes

Cookie management: You can manage cookies through browser settings or our cookie management center. Disabling some cookies may limit Service functionality.

12. CHILDREN'S DATA

The Service is intended for persons who have reached 18 years of age(or the age of majority in your jurisdiction).

We do not knowingly collect personal data from children. If you learn that a minor has provided us with data, please contact us immediately at privacy@millennium.ai for deletion.

13. CHANGES TO POLICY

We may periodically update this Policy. We will notify you of significant changes:

  • By email (if you are subscribed)
  • Through a notification in the Service interface
  • By publishing the updated version on the website

Continued use of the Service after changes take effect constitutes your agreement to the updated Policy.

14. CONTACT INFORMATION

For privacy and data protection questions:

General inquiries

privacy@millennium.ai

Data Protection Officer (DPO)

dpo@millennium.ai

Deletion requests

deletion@millennium.ai

Telegram

@MillenniumSupport

ACKNOWLEDGMENT

By using Millennium Service, you confirm that you have read this Privacy Policy and agree to the processing of your personal data for the described purposes and on the stated legal bases.

© 2026 Millennium. All rights reserved.

TermsRisk Disclaimer