This Data Processing and GDPR page explains how Mihro approaches personal data processing, data protection responsibilities, and privacy-related requests.

Mihro is a residential operations platform used by residential complexes, property managers, building administrators, staff members, and residents.

This page is intended to help customers understand how Mihro supports responsible data handling. Specific obligations may depend on the customer agreement, applicable laws, enabled modules, and how each residential complex uses the platform.

Mihro is usually provided to residential complexes, property management companies, and building administrations.

In many cases:

- the residential complex, management company, or building administration acts as the data controller; - Mihro acts as a service provider or data processor; - residents, staff members, and administrators use the platform according to permissions configured by the customer.

The customer is generally responsible for deciding what resident data is collected, why it is processed, who can access it, and how long it should be retained.

Mihro processes data to provide, secure, and maintain the platform.

Mihro may process the following categories of personal data depending on the enabled modules:

Account Data This may include name, email address, phone number, role, account status, language preference, and authentication-related information.

Residential Data This may include complex, building, apartment, floor, household role, verification status, access level, and resident profile information.

Vehicle and Parking Data If parking modules are enabled, this may include vehicle plate numbers, vehicle details, assigned parking spots, parking zones, and parking-related notifications.

Operational Request Data This may include fix reports, complaints, incidents, feedback, maintenance requests, status updates, admin responses, timelines, and related messages.

Packages and Reservations This may include package records, pickup status, facility reservations, visitor passes, event RSVPs, and related resident actions.

Access Logs If access modules are enabled, Mihro may process gate access logs, entrance or intercom activity, guest pass activity, camera access sessions, and other security-related logs.

Communication Data This may include chat messages, announcements, notifications, help requests, and system messages.

Technical and Security Data This may include IP address, device or browser information, login events, session information, security logs, audit logs, and technical diagnostics.

Mihro processes personal data for the following purposes:

- providing the Mihro platform; - authenticating users; - enforcing tenant isolation and role-based access; - managing residents, buildings, apartments, and staff; - supporting service status updates, maintenance, complaints, incidents, and fix reports; - managing packages, facility reservations, visitor passes, and guest access; - enabling communication between residents and administration; - maintaining audit logs and security records; - supporting access-related modules such as gates, intercoms, and cameras where enabled; - improving reliability, security, and user experience; - complying with customer instructions and applicable legal obligations.

Mihro processes customer data according to the customer’s configuration, enabled modules, and authorized user actions.

Complex administrators are responsible for configuring access rules, approving residents, enabling modules, managing user permissions, and determining how resident-facing features are used.

Mihro does not independently decide how a customer should use resident data.

Mihro may use trusted third-party service providers for hosting, database infrastructure, storage, email delivery, monitoring, and operational support.

Provider details may be shared with customers upon request where appropriate.

Mihro uses technical and organizational measures designed to protect personal data, including:

- tenant-scoped data separation; - role-based access control; - authenticated API access; - verified resident access controls; - backend-controlled permissions for sensitive modules; - encrypted transport in production environments; - audit and activity logs; - secure handling of access-related actions; - restrictions against exposing hardware integration secrets to residents or frontend clients.

Access to gate, entrance, intercom, guest pass, and camera-related features is controlled by backend permissions and customer configuration.

Depending on the applicable law, individuals may have rights to access, correct, delete, export, restrict, or object to certain processing of personal data.

Residents should generally contact their residential complex, property manager, or building administration first, because that organization usually manages resident data inside Mihro.

Mihro may assist customers with data subject requests where technically and commercially reasonable.

Mihro may provide export or deletion workflows depending on the customer’s subscription, enabled modules, and technical configuration.

Certain records may need to be retained for legal, billing, audit, security, or operational reasons.

Customers are responsible for determining retention requirements that apply to their residents, staff, buildings, access logs, complaints, incidents, and other operational records.

Mihro may use service providers located in different countries.

Where applicable, customers should review whether international data transfer requirements apply to their use of the platform.

Mihro aims to use reputable infrastructure providers and appropriate technical safeguards.

Mihro limits access to customer and resident data to authorized personnel, service providers, and systems that require access to operate, secure, or support the service.

Customers are responsible for managing their own administrators, staff accounts, and internal access rules.

Customers using Mihro should:

- provide appropriate privacy notices to residents and staff; - configure role-based access carefully; - approve residents and household members responsibly; - review camera, access control, and surveillance-related legal requirements; - ensure that documents, announcements, and resident communications comply with applicable law; - manage data retention and deletion policies; - protect administrator credentials; - notify Mihro of security or privacy concerns when necessary.

Mihro may support camera viewing, gate access, intercom access, guest passes, and other access-related modules.

These features may involve additional privacy, security, housing, employment, or surveillance obligations.

The customer is responsible for ensuring that:

- camera locations are lawful and appropriate; - residents receive required notices; - only approved shared areas are monitored; - access permissions are configured correctly; - hardware integrations comply with applicable rules and agreements.

If Mihro becomes aware of a security incident affecting customer data, Mihro will take reasonable steps to investigate, contain, and address the issue.

Where legally required or contractually agreed, Mihro will notify affected customers so they can take appropriate action.

Mihro may update this Data Processing and GDPR page from time to time.

When changes are made, the “Last updated” date will be revised.

For privacy or data processing questions, contact:

[Contact Email]