Privacy Policy

Welcome to MIRA. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our creative platform.

By using the Service, you agree to the collection and use of information in accordance with this policy.

Account Information: Email address, encrypted password, account preferences, Credit balance, subscription status, daily streak data, and transaction history.

Usage Information: Feature usage statistics (anonymized), performance metrics, error logs, browser type, and IP address.

Device Fingerprinting: We use technical identifiers (browser/hardware characteristics) to generate a unique device hash. This is used exclusively to fight system abuse, enforce content policy bans, and prevent fraudulent automated account creation.

AI Input Data (Server-Side Only): Textual Prompts and Reference Files uploaded for generative tasks.

Payment Information: Handled securely by Stripe. We do not store credit card information. Subscription and Credit Pack purchase data is stored for billing and account management.

Server-Side Processing (AI Studio & Projects): Prompts and Reference Files are securely transmitted to our servers. Content safety measures review inputs and outputs for policy compliance.

Reference Images and Generated Assets are stored on Cloudflare R2 for 24 hours, then deleted automatically.

Training Policy: We DO NOT train public AI models on your private Reference Files or Generated Assets.

No Sale of Data: We DO NOT sell or share your personal data to third parties for marketing.

Service Providers: Stripe (payments and subscriptions), Supabase (accounts), Google (analytics), Cloudflare (security), AI Model Providers.

Legal Requirements: We may disclose your data if required by law.

Technical Safeguards: HTTPS encryption, secure password hashing (bcrypt), regular security updates.

Abuse Prevention: We use device fingerprinting and IP monitoring to identify and block users who violate our Terms of Service or Content Policy. This includes enforcing "Bans" across multiple accounts created by the same malicious actor.

Temporary Storage: 24-hour deletion policy for generated content reduces data leakage risk.

Data Minimization: We collect only the minimal data required to provide the Service.

Access: Request a copy of your personal data.

Correction: Update or correct your information.

Deletion (Right to be Forgotten): Request deletion of your account and associated data.

Portability: Export your data in a machine-readable format.

Object: Object to processing based on legitimate interests.

Complaint: Lodge a complaint with the UODO in Poland.

To exercise these rights, contact support@mira.ai.

Cookies: Essential cookies for auth/security, Analytics cookies require consent, No ad tracking.

International Transfers: GDPR compliant. EU-U.S. Data Privacy Framework and SCCs in place.

Children's Privacy: Not intended for those under 16. We delete such data immediately.

Policy Changes: Significant changes communicated via email or site notice.

Data Controller: [COMPANY_NAME], conducting business activity at [BUSINESS_ADDRESS].

Email: support@mira.ai

Phone: [PHONE_NUMBER]