Privacy Policy

Effective Date: February 20, 2026

1. Introduction

Mimir Labs (“we,” “us,” or “our”) operates the Yggdrasil ERP platform and the website at mimirlabs.net (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, company name, and password when you register.
  • Payment information: billing address and payment card details processed through our third-party payment processor (Square). We do not store full card numbers on our servers.
  • Contract information: signer name, email, and electronic signatures processed through our document signing provider (BoldSign).
  • Support requests: information you provide when submitting support tickets or service requests.
  • Communications: messages you send through our contact form.

2.2 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Analytics data: We use Google Analytics to collect anonymized usage data such as pages visited, session duration, and general geographic region. Google Analytics uses cookies to distinguish unique users. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Session data: authentication tokens stored in HTTP-only cookies to maintain your session.
  • Audit logs: actions performed within the portal (login, role changes, settings updates) for security and compliance.

2.3 Tenant Business Data

Your organization’s ERP business data (sales orders, inventory, financials, etc.) is stored in a dedicated, isolated PostgreSQL database specific to your tenant. This data is not shared with other tenants and is not accessed by Mimir Labs except as necessary to provide the Service or as required by law.

3. How We Use Your Information

  • To create and manage your account and organization.
  • To process payments and fulfill subscription orders.
  • To generate and manage subscription agreements.
  • To provide customer support and respond to service requests.
  • To send transactional emails (account verification, password resets, billing notices).
  • To maintain security, detect fraud, and enforce our Terms of Service.
  • To generate audit trails for your organization’s compliance needs.
  • To improve and develop the Service.

4. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers: Square (payments), BoldSign (contract signing), Google (analytics), and infrastructure providers who process data on our behalf under contractual obligations.
  • Within your organization: account owners and administrators can view member information for their tenant.
  • Legal requirements: when required by law, subpoena, or legal process, or to protect our rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Passwords hashed using bcrypt with per-user salts.
  • Session tokens signed with HMAC-SHA256 (JWT) and stored in HTTP-only, secure cookies.
  • Tenant data isolation — each organization’s ERP database is logically separated.
  • Encrypted connections (TLS/HTTPS) for all data in transit.
  • Role-based access controls within each organization.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. If you delete your organization through the portal, we will delete your account data and tenant database. We may retain certain records (audit logs, billing records) as required by law or for legitimate business purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information via your portal settings.
  • Delete your account and associated data.
  • Export your organization’s data.
  • Object to or restrict certain processing of your information.

To exercise these rights, contact us at [email protected].

8. Cookies

We use the following cookies:

  • Session cookie: An essential HTTP-only cookie to maintain your authenticated session. Expires after 7 days of inactivity.
  • Google Analytics cookies: Used to distinguish unique users and collect anonymized usage data (e.g., _ga, _ga_*). These cookies are set by Google and expire after 2 years. You can opt out at any time using the Google Analytics Opt-out Add-on.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other jurisdictions where our servers and service providers are located. By using the Service, you consent to such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

Mimir Labs
Email: [email protected]