Back to Home

Milo Privacy Policy

Last Updated: 18 March 2026

Milo ("Milo", "we", "us" or "our") is committed to protecting the privacy of individuals whose personal data is collected and processed when using our services. Milo is a conversational AI matchmaker built as a Telegram bot for students. This Privacy Policy explains how we collect, use, disclose, store, transfer and protect personal data in connection with Milo’s platform and any related websites or forms (collectively, the "Services").

Milo is a product of Lythe Pte. Ltd. focused on helping students meet and collaborate. Milo does not charge end users for matching and is designed primarily to facilitate intros and learn from user interactions to improve our conversational technology. If you do not agree with this Privacy Policy, please do not use the Services.

If you have questions about this Privacy Policy, please contact us at team@lythe.ai.

1. WHAT DOES THIS PRIVACY POLICY APPLY TO?

This Privacy Policy applies to personal data processed by Milo in connection with the Services, including when you:

  • message or interact with Milo through messaging channels (currently Telegram);
  • create or update a user profile ("match card") via Milo’s onboarding process;
  • receive, accept or decline match suggestions and introductions;
  • participate in group chats or conversations created by Milo;
  • use any Milo websites, forms or landing pages; or
  • communicate with us for support, feedback or operational reasons.

This Privacy Policy does not apply to third-party services that you may access through links or integrations. Those third parties are responsible for their own privacy practices. Please review their policies.

2. IMPORTANT TERMS

To make this Privacy Policy easier to read, we use certain defined terms:

  • "Personal Data" refers to the data about an individual who can be identified from that data (alone or together with other data), as defined under Singapore’s Personal Data Protection Act 2012 ("PDPA").
  • "Milo" is a Lythe product that is a conversational matchmaker for students delivered via Telegram and related services.
  • "Messaging Platform" refers to a third-party messaging service used to communicate with Milo (e.g., Telegram).
  • "User Profile" or "Match Card" refers to the structured set of fields collected during onboarding and updated through conversations (e.g., name, school, year, availability, intent tags, interests, collaboration style and boundaries).
  • "Service Providers" are third parties that provide services to Milo to operate the Services (e.g., cloud hosting, AI processing, database/storage, workflow automation).

Capitalised terms not defined here may be defined elsewhere in this Privacy Policy or our Terms of Use.

3. PERSONAL DATA WE COLLECT

We collect personal data in the following ways:

  1. Personal data you provide directly to us.
  2. Personal data collected automatically when you use the Services.
  3. Personal data we receive from third parties (where applicable).

The types of personal data we collect depend on how you use Milo.

3A. PERSONAL DATA YOU PROVIDE

  • Contact and account identifiers: Telegram username/handle and optionally your name or display name.
  • Profile and preference information: data you share during onboarding or profile updates such as school, year of study, availability, intent tags, interests, collaboration style, boundaries and other matching preferences.
  • Conversation content: messages and attachments you send to Milo during onboarding or ongoing conversations, as well as chat messages within group conversations facilitated by Milo.
  • Safety and community information: acceptance of community guidelines, block lists or report information and any feedback you provide.
  • Support and feedback: information you provide when you contact us for support or to report issues, including logs or screenshots you share.
  • Optional contact information: if you choose to provide additional contact details such as your phone number or email to facilitate communications.

3B. PERSONAL DATA COLLECTED AUTOMATICALLY

  • Usage data: features used, onboarding steps completed, match suggestions accepted or declined, number of conversations initiated and timestamps.
  • Device and technical data: approximate IP address, device type and operating system information (where supported by the Messaging Platform).
  • Logs and diagnostics: security logs, error logs, performance metrics and other diagnostic information used for debugging, reliability and abuse prevention.

Messaging Platforms may also process and provide metadata under their own policies. Milo receives only the information that is made available to us via those platforms.

3C. PERSONAL DATA FROM THIRD PARTIES

In some cases, we may receive personal data from third parties, for example:

  • University partners or event organisers who provide contact or attendee lists necessary to configure matchmaking or deliver our Services;
  • Messaging Platforms that provide metadata or identifiers used to route messages;
  • Service Providers that help detect fraud or abuse or provide analytics or other signals;
  • Publicly available sources, where relevant and permitted (for example, to verify eligibility or safety).

3D. SENSITIVE PERSONAL DATA

Milo does not require sensitive personal data (for example, national identification numbers, passport numbers, health or medical information) to deliver the Services. Please do not send sensitive personal data unless we explicitly request it and you choose to provide it.

4. HOW WE USE PERSONAL DATA

We use personal data for the following purposes:

  • To provide, operate and maintain the Services, including onboarding, matching, consent-based introductions and conversation facilitation;
  • To create and maintain user profiles and manage access to our Services;
  • To facilitate personalised matchmaking based on user preferences, availability and interests;
  • To send service communications, including match suggestions, confirmations, reminders and important notices;
  • To prevent, detect and investigate fraud, spam, abuse or violations of our Terms or community guidelines;
  • To troubleshoot, debug and monitor performance, reliability and security;
  • To improve and develop our products and services, including evaluating system outputs, training models and fixing errors;
  • To comply with legal obligations, respond to lawful requests and enforce our Terms;
  • To manage business operations (e.g., audits, reporting, risk management) in a manner consistent with this Privacy Policy;
  • To personalise responses and experiences, including tailoring match suggestions based on approximate location or other non-precise signals (where provided).

We may process chat transcripts and other inputs through AI-enabled systems and automated workflows to generate match recommendations. We aim to minimise data use, restrict access and apply safeguards appropriate for conversational matching services.

5. CONSENT, NOTIFICATION AND LEGAL BASES (SINGAPORE PDPA)

Milo operates in Singapore and is committed to complying with the PDPA. In general, we collect, use and disclose personal data with your consent after notifying you of the purposes for which your personal data will be processed. By using the Services, you consent to our collection, use and disclosure of your personal data for the purposes set out in this Privacy Policy, unless and to the extent that consent is not required under an applicable PDPA exception.

Where required or appropriate, we will obtain express consent (for example, for certain marketing messages) or provide additional notices at the point of collection.

6. HOW WE DISCLOSE AND SHARE PERSONAL DATA

We do not sell personal data. We disclose personal data only as reasonably necessary to operate the Services, enable matching and comply with legal obligations.

6A. SHARING WITH OTHER USERS

To enable matchmaking and conversation introductions, we may share limited information between users, such as:

  • name or display name;
  • relevant interests, availability and intent summary;
  • matching rationale ("why you matched") and compatibility notes;
  • contact details needed for coordination (e.g., Telegram handle) where necessary;
  • approximate location information (e.g., campus/area) used to tailor suggestions.

We aim to share only what’s necessary. We do not share your precise live location unless you choose to provide it (for example, by sending a location pin in chat).

6B. SHARING WITH SERVICE PROVIDERS

We use Service Providers to help us operate the Services. These providers may process personal data on our behalf to deliver services such as hosting, storage, analytics, AI processing, automation and security. Where applicable, we treat such providers as data intermediaries and require them to protect personal data through contractual obligations.

Examples of Service Providers we use include:

  • Telegram: messaging platform used for chat delivery and user identifiers.
  • OpenAI (ChatGPT/OpenAI): AI processing for conversational responses, intent classification and matchmaking.
  • Supabase (or similar database/storage providers): for storing profiles, conversations and operational records.
  • n8n or similar workflow automation/orchestration services: to run and connect processes across the system.

6C. LEGAL DISCLOSURES AND BUSINESS TRANSACTIONS

We may disclose personal data:

  • to comply with law, regulation, court order or other lawful requests;
  • to protect Milo’s rights, property and safety and the rights, property and safety of users;
  • in connection with corporate transactions such as mergers, acquisitions, financing or asset sales, subject to appropriate safeguards.

7. INTERNATIONAL TRANSFERS

Some of the Service Providers listed above may process or store personal data outside Singapore. Where personal data is transferred overseas, Milo takes steps to ensure the transferred personal data is protected to a standard comparable to the PDPA (for example, through contractual and operational safeguards).

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable laws, accounting and regulatory obligations. When personal data is no longer needed, we will cease retention or remove the means by which the data can be associated with you (for example, deletion or anonymisation).

9. SECURITY

We implement reasonable security arrangements to protect personal data in our possession or under our control. These may include access controls, least-privilege policies, monitoring and encryption in transit where supported. However, no system is completely secure; therefore, we cannot guarantee absolute security.

10. ACCURACY

We take reasonable steps to ensure that personal data collected is accurate and complete, particularly where it is likely to be used to make a decision that affects you or to be disclosed to others. You can help by keeping your profile information up to date and informing us of any changes.

11. DATA BREACH MANAGEMENT AND NOTIFICATION

If we become aware of a data breach, we will take steps to assess and contain it. Where the breach is notifiable under the PDPA (for example, it results in, or is likely to result in, significant harm to affected individuals and/or is of significant scale), we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, in accordance with applicable requirements.

12. YOUR RIGHTS AND CHOICES (PDPA)

Subject to applicable law, you may have the right to:

  • Request access to your personal data in our possession or under our control and information about how your personal data has been used or disclosed in the past year;
  • Request correction of inaccuracies in your personal data;
  • Withdraw consent for our collection, use or disclosure of your personal data (where we rely on consent);
  • Opt out of marketing communications, where applicable.

We may need to verify your identity before processing requests. We may charge a reasonable fee for access requests as permitted under the PDPA, and we will notify you of the fee before proceeding.

12A. WITHDRAWAL OF CONSENT

You may withdraw your consent at any time by contacting us using the details in Section 16. Withdrawal of consent may affect our ability to provide the Services (for example, matching requires certain profile information and contact identifiers). We will inform you of the likely consequences of withdrawal before completing your request.

13. DO NOT CALL (DNC) AND MARKETING

We may send service-related messages that are necessary to operate Milo (for example, match alerts, confirmations and policy updates). If we send marketing messages to Singapore telephone numbers, we will comply with the DNC provisions and obtain consent where required. You may opt out of marketing messages at any time.

14. COOKIES AND TRACKING (WEBSITE)

Any Milo website or form may use cookies and similar technologies for essential functionality, security, analytics and performance. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

15. CHILDREN

The Services are not intended for children under 13. If you are under the age required to provide valid consent in your jurisdiction, you should use the Services only with appropriate permission. If we learn that we collected personal data from a child without valid consent, we will take steps to delete it.

16. CONTACT US (DATA PROTECTION OFFICER)

If you have questions, requests or complaints relating to your personal data, please contact:

17. SUBPROCESSORS AND THIRD-PARTY PROVIDERS

We use the following third-party providers to help operate the Services. This list may be updated from time to time:

  • Telegram: Messaging platform used for chat delivery and user identification.
  • OpenAI (ChatGPT/OpenAI): AI processing for conversational responses, intent understanding and matchmaking.
  • MongoDB: Database/storage infrastructure for profiles, conversations and operational records.
  • Google: Cloud infrastructure and AI and ML services including Gemini models for language understanding.
  • Mistral: AI processing for natural language understanding and conversational response, providing an alternative LLM backbone.
  • AWS: Storage, cloud hosting and infrastructure supporting application deployment.

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last Updated" date. If changes are material, we will take reasonable steps to notify you through the Services.