Legal
Privacy Policy
Last updated June 30, 2026
1. Introduction
Mirra, Inc. ("Mirra," "we," "our," or "us") operates the Mirra digital identity platform, accessible at mirra.co and through our mobile applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you access or use the Platform.
By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to the practices described herein, please do not use the Platform.
This Privacy Policy applies to all users globally, including users in the European Economic Area ("EEA"), United Kingdom, Canada, California, and other jurisdictions with specific data protection requirements. Where applicable, we describe your additional rights under those frameworks.
2. Information We Collect
2.1 Information You Provide Directly
When you create a Mirra account or use the Platform, you may provide us with the following:
- Account information: name, email address, phone number, username, and password
- Profile information: biography, location, profession, role, and personal description
- Profile media: photographs, videos, and other visual content you upload to your profile
- Social media accounts: links to and authorization tokens for third-party social media platforms (Instagram, TikTok, X/Twitter, LinkedIn, YouTube, and others)
- Contact information: phone numbers and email addresses you choose to display on your profile
- Digital Persona (DP) training data: any text, answers, or content you provide to train your AI-powered digital persona
- Links and external URLs you add to your profile
- Communications: messages you send through Mirra's in-platform messaging features
- Feedback and support communications
2.2 Information Collected Automatically
When you use the Platform, we automatically collect:
- Device information: device type, operating system, unique device identifiers, browser type and version
- Usage data: pages viewed, features used, interactions with profiles, QR code scans, time spent on the Platform
- Log data: IP address, access times, referring URLs, crash reports
- Location data: if you enable location permissions, we may collect GPS coordinates at the time of contact exchanges or QR code scans (used for the location-tagging feature)
- Cookie and tracking data: as described in Section 7
- Profile analytics: views of your profile, link clicks, contact saves, and connection activity
2.3 Information From Third Parties
We may receive information about you from third parties, including:
- Social media platforms you connect to your Mirra profile (follower counts, profile data you authorize us to access)
- Contact information provided by other Mirra users when they exchange contacts with you
- Analytics and advertising partners
- Identity verification services, if applicable
2.4 Profile Photo and Video Animation
If you choose to upload a profile photo or video, you grant Mirra permission to process that media through our AI animation service (currently powered by Google's Veo API) solely for the purpose of generating an animated version of your profile image for display on the Platform. We do not use your photo or video to train general AI models. Animated profile content is stored securely and tied to your account. You may delete your profile photo or video at any time through your account settings.
2.5 Digital Persona (DP) Data
Mirra's Digital Persona feature allows visitors to your profile to interact with an AI-powered persona trained on information you provide. Specifically:
- All DP training content is provided voluntarily by you
- Visitor conversations with your Digital Persona are logged for the purpose of improving response quality and for your review
- DP data is processed using third-party AI model providers operating under data processing agreements with Mirra
- We do not share your DP training data with other users or third parties except as required to operate the feature
- You may delete your Digital Persona and all associated training data at any time from your account settings
3. How We Use Your Information
We use the information we collect for the following purposes:
- To create and manage your account and provide core Platform functionality
- To generate and display your identity profile at mirra.co/[username]
- To enable contact sharing, QR code generation, and Apple Wallet integration
- To power the Digital Persona (DP) feature
- To animate profile photos and videos using our AI animation pipeline
- To facilitate connections, contact exchanges, and in-platform messaging
- To provide profile analytics (views, clicks, contacts saved, connections made)
- To send transactional communications including account confirmations, security alerts, and product updates
- To send marketing communications, with your consent where required by applicable law
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To improve and develop the Platform, including analyzing usage patterns
- To enforce our Terms of Use and other policies
4. Legal Bases for Processing (EEA and UK Users)
If you are located in the EEA or United Kingdom, our legal bases for processing your personal data are:
- Contract performance: processing necessary to provide the services you have requested
- Legitimate interests: improving the Platform, fraud prevention, analytics, and network security
- Consent: marketing communications, optional features such as location tagging, and DP training data collection
- Legal obligation: compliance with applicable laws and regulations
You may withdraw consent at any time where processing is based on consent without affecting the lawfulness of prior processing.
5. How We Share Your Information
5.1 Public Profile Information
Your Mirra profile is designed to be publicly accessible at mirra.co/[username]. The information you choose to display on your profile — including your name, photo, bio, social links, and contact information — will be visible to anyone who views your profile, including people who do not have a Mirra account. You control what information is displayed through your profile settings.
5.2 Service Providers
We share information with third-party service providers who assist us in operating the Platform, including:
- Cloud infrastructure and hosting providers (including Supabase and Vercel)
- AI and machine learning model providers (including Google) for photo/video animation and Digital Persona functionality
- Payment processors
- Email and SMS communication providers
- Analytics providers
- Customer support tools
All service providers are contractually required to process data only for the purpose of providing services to Mirra and to maintain appropriate security standards.
5.3 Business Transfers
If Mirra is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you prior to your information becoming subject to a different privacy policy.
5.4 Legal Requirements
We may disclose your information if required to do so by law, court order, or government request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Mirra, our users, or the public.
5.5 With Your Consent
We may share your information for other purposes with your explicit consent.
5.6 What We Do Not Do
We do not sell your personal information to third parties. We do not share your personal information with advertisers for the purpose of targeting ads to you on third-party platforms based on your Mirra data.
6. Data Retention and Deletion
We retain your personal data for as long as your account is active or as needed to provide you with the Platform's services. Specifically:
- Account data is retained until you delete your account
- Profile media (photos, videos) are deleted within 30 days of account deletion or upon your explicit request
- Digital Persona training data and conversation logs are deleted within 30 days of your deletion request or account deletion
- Animated profile content generated through our AI pipeline is deleted within 30 days of account deletion
- Location-tagged contact exchange data is retained as long as the contact record exists in your account
- Analytics and usage data may be retained in aggregated, anonymized form after account deletion
- Backup copies may persist for up to 90 days in encrypted backups but will not be used for any active purpose
To request deletion of your account and all associated data, please contact us at privacy@mirra.co or use the account deletion feature within the app. We will process your request within 30 days.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Platform. Types of cookies we use include:
- Essential cookies: required for the Platform to function (authentication sessions, security)
- Analytics cookies: help us understand how users interact with the Platform
- Preference cookies: remember your settings and preferences
You can control cookie settings through your browser settings. Note that disabling certain cookies may affect Platform functionality. We honor Do Not Track browser signals where technically feasible.
8. Data Security
We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Access controls limiting employee access to personal data
- Regular security assessments and monitoring
- Incident response procedures
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by applicable law.
9. International Data Transfers
Mirra operates globally. Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction. Where required by applicable law (including GDPR), we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission.
10. Children's Privacy
The Mirra Platform is not directed to individuals under the age of 13 (or 16 in the EEA and UK). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@mirra.co and we will take steps to delete such information promptly.
11. Your Privacy Rights
11.1 All Users
All Mirra users have the right to:
- Access the personal information we hold about you
- Correct inaccurate personal information
- Delete your account and associated personal data
- Export a copy of your data in a machine-readable format
- Opt out of marketing communications at any time
- Withdraw consent for optional processing (e.g., location tagging, DP training)
11.2 EEA and UK Users (GDPR / UK GDPR)
In addition to the above, EEA and UK users have the right to:
- Restrict processing of your personal data in certain circumstances
- Object to processing based on legitimate interests
- Lodge a complaint with your local data protection authority
11.3 California Users (CCPA / CPRA)
California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what personal information we collect, use, disclose, and sell
- Right to delete personal information
- Right to opt out of the sale or sharing of personal information (we do not sell personal information)
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising privacy rights
To exercise any of these rights, contact us at privacy@mirra.co. We will respond within 30 days (or within the timeframe required by applicable law).
12. Third-Party Links and Integrations
Your Mirra profile may contain links to third-party websites or social media platforms. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you connect to or visit through the Platform. Mirra is not responsible for the privacy practices of third-party services.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the new Privacy Policy on the Platform and updating the "Last Updated" date at the top of this page. Where required by applicable law, we will provide you with additional notice of material changes (such as by email). Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Mirra Identity, Inc.
Email: dev@mirra.co
Website: mirra.co
For users in the EEA or UK who wish to contact our data protection representative, or to lodge a complaint, please use the email address above.