// Legal

Privacy notice

Last updated 17 June 2026

This notice explains how MikaHari Labs Ltd (company number 14894353, registered in England & Wales; registered office 71-75 Shelton Street, London, WC2H 9JQ) collects and uses personal data through this website and our tools. We are the data controller. For any privacy question or to exercise your rights, email shyaam@mikaharilabs.com.

What we collect

  • Things you send us in a form: your name, email, company (optional) and message (contact form); or your email and company (waitlist and briefing sign-ups).
  • Business Friction Scan: the company website address you enter, the public content we read from that website, the company details and report we generate from it, and — if you request the PDF report — your email address.
  • Usage analytics: aggregated, first-party usage data (pages viewed, rough device/browser type, a short-lived session identifier) — see our Cookie notice.
  • Technical/security data: limited request data (such as IP address) used to run the service, prevent abuse and apply rate limits.

Why we use it, and our lawful basis

  • To reply to your enquiry and follow up about a pilot or product — our legitimate interest in responding to people who contact us.
  • To send the briefings or waitlist updates you asked for — your consent, which you can withdraw at any time.
  • To run the Business Friction Scan you request and deliver its report — our legitimate interest in providing the service you asked for.
  • To keep the service secure and prevent abuse (logging, rate limiting) — our legitimate interest in protecting the service.

Where we rely on legitimate interests, you can object at any time (see shyaam@mikaharilabs.com).

Who processes it (our service providers)

We use a small number of trusted providers who process data on our behalf, under contract and only on our instructions:

  • Netlify — website hosting and serverless functions.
  • Supabase — database for form submissions and analytics (hosted in the EU).
  • Resend — sending and receiving the emails generated by our forms and reports.
  • OpenAI — generates the Business Friction Scan analysis (see "AI and international transfers" below).
  • Cloudflare — renders the PDF version of scan reports.
  • Calendly — if you choose to book a call.

We do not sell your data, and we do not use it for advertising.

AI and international transfers

When you run the Business Friction Scan, the company website address you enter and the public website content we read are sent to OpenAI to generate your report. OpenAI processes this on servers in the United States. OpenAI acts as our processor under its API data-processing terms and does not use data submitted via its API to train its models. Where personal data is transferred outside the UK (for example to OpenAI in the US), we rely on standard data-protection safeguards such as the UK International Data Transfer Agreement / Addendum or Standard Contractual Clauses.

The scan is designed to analyse a public company website. Please don’t enter confidential information or other people’s personal data into it.

How long we keep it

  • Enquiries: for up to 24 months after our last contact about your request, then deleted.
  • Waitlist & briefing sign-ups: until you unsubscribe or ask us to remove you.
  • Scan inputs & reports: kept only to generate and (if requested) email your report, and removed within 30 days; we don’t build a long-term profile of scanned businesses.
  • Analytics & security logs: kept in aggregated/limited form for up to 14 months to run and protect the service.

Your rights

Under UK GDPR you can ask us to:

  • access a copy of your data, or correct it;
  • delete it, or restrict or object to how we use it;
  • receive it in a portable format, or withdraw consent where we rely on it.

Email shyaam@mikaharilabs.com and we’ll respond within one month (we may need to confirm your identity first). You can also complain to the Information Commissioner’s Office at ico.org.uk.

Children

This website and our tools are intended for businesses and people aged 18 or over. They are not directed at children.

This is a plain-English summary of our current practices and not legal advice.