Mimo Associate - AI & Data Privacy
Is Mimo allowed to use my clients' data?
Yes, but only to provide the service to you. We cannot use it for any other purpose, and we never share it with other accounting firms or their clients.
Does Mimo use my clients' data to train AI?
No. We do not use your clients' data to train any AI or large language model (LLMs). This is a contractual commitment in our Terms of Service - not just a policy.
The AI providers we work with (OpenAI, Anthropic, and Google) are engaged under enterprise agreements that also prohibit them from training their models on your data. This is fundamentally different from consumer tools like ChatGPT, where your inputs may be used to improve the product.
Who can see my clients' data at Mimo?
Only staff who need access to operate the service - engineers ensuring the platform runs correctly, and support staff when helping with a query directly related to accounting data. All staff with access are bound by confidentiality obligations, and access is logged.
Is each client's data kept separate?
Yes. Each client's data is processed individually and in isolation. When Mimo Associate generates suggestions for one client, only that client's data is used. There is no situation where one client's data could influence suggestions for another.
What happens to a client's data if I remove them from Mimo?
When you off-board a client, their accounting data and Client Context information is deleted automatically. Deletion is logged in our audit records. If you close your Mimo account entirely, all data is deleted within 30 days.
Is Mimo secure?
Yes. Mimo was built with security at its core, drawing on our background in payments and financial services. Our security practices are aligned with ISO 27001 - the international standard for information security. This includes encrypting all data in transit and at rest, strict access controls, regular staff training, and continuous monitoring.
Full details are available on our Security page.
Does Mimo have a Data Processing Agreement (DPA)?
Yes. Our DPA is included in our Terms of Service and sets out how we handle your clients' data, including our obligations around security, breach notification, and data deletion. We are required to notify you of any data breach within 72 hours.
If you have specific compliance requirements or would like to discuss our data protection practices, please contact [email protected].
My clients are concerned about AI and data privacy. What should I tell them?
The key points to share are:
Mimo only uses their data to provide the service - nothing else
Their data is never used to train AI models
It is kept separate from all other clients' data
It is automatically deleted when they are removed from Mimo
Mimo uses enterprise-grade AI providers under strict contractual data protection terms - not consumer tools.