Privacy

Privacy Policy

This Privacy Policy explains how The Mirror Collective (“Mirror,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the Mirror mobile applications, websites, and related services (collectively, the “Service”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Scope and Key Definitions:

1.1) Scope

This Privacy Policy applies to information we process when you use the Service. It does not apply to third-party websites, services, or applications that we do not control.

1.2) Definitions

‍Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to you.User Content: Text or other content you submit to the Service (e.g., reflections, journal entries, prompts).Processing: Any operation performed on information, such as collection, storage, use, disclosure, or deletion.

Information We Collect:

We collect information in three primary ways: (a) information you provide, (b) information collected automatically, and (c) information from service providers or third parties (when you choose to connect them).

2.1) Information You Provide:

Depending on how you use the Service, you may provide:
‍A. Account and Profile Information - Email address and/or authentication identifiers - Account username or display name (if enabled) - Settings and preferences
‍B. User Content (Reflections and Inputs) - Text you type or otherwise submit to the Service (e.g., journal entries, prompts, reflections) - Follow-up responses, selections, and feedback
‍C. Support and Communications - Messages you send to support - Survey responses, feedback, or bug reports

2.2) Information Collected Automatically

When you use the Service, we may automatically collect:
‍A. Device and Technical Data - Device type, operating system version, app version - Language settings, time zone (approximate), and device identifiers - Network information (e.g., IP address) and general location derived from IP (city/region-level)
‍B. Usage Data - Feature usage and interaction events (e.g., screens viewed, session duration) - Crash logs and performance telemetry - Basic diagnostics to detect abuse and maintain security
‍C. Cookies and Similar Technologies (Web Only) If you use our website, we may use cookies, local storage, and similar technologies for essential site functionality, security, and analytics.

2.3) Information From Third Parties (Optional)

If we offer integrations (e.g., sign-in providers, analytics, or other tools), we may receive information from them consistent with your settings and their policies (e.g., OAuth tokens, basic profile identifiers).

You can disable integrations where available.

Sensitive Information and Health-Related Disclosures:

Mirror is not a clinical service. You should avoid submitting sensitive personal information you do not want processed, including: - detailed medical records - government identifiers - financial account numbersIf you submit information that could be considered health-related or sensitive, you acknowledge it will be processed to provide the Service.

‍HIPAA Notice: The Service is not designed to operate as a HIPAA-covered entity or business associate unless we have separately agreed in writing. Do not submit protected health information (PHI) if you require HIPAA protections.

How We Use Information:

We use information to:

4.1) Provide and Operate the Service

• Create and manage accounts
• Deliver AI-generated reflections and features you request
• Store your content if you enable storage features
• Provide customer support

4.2) Improve, Maintain, and Debug

• Monitor performance and reliability
• Fix bugs and improve product features
• Develop new features and safety improvements

4.3) Safety, Security, and Abuse Prevention

• Detect and prevent fraud, misuse, or security incidents
• Enforce our Terms of Service and acceptable use rules
• Protect the rights, safety, and property of users and Mirror

4.4) Communications

• Send transactional messages (e.g., account notices)
• Respond to support requests
• Send product updates (you may opt out of marketing communications where applicable)

4.5) Legal and Compliance

• Comply with applicable laws and regulations
• Respond to lawful requests
• Establish, exercise, or defend legal claims

AI Processing and Automated Systems:

5.1) How AI Processing Works

The Service uses automated systems (including large language models) to generate text responses based on your inputs. This processing is primarily automated.

5.2) Human Review

We do not routinely review your User Content. Limited human review may occur: - when you contact support and share content - for debugging and quality assurance - to investigate security issues or misuse - to comply with legal obligations

5.3) Model Limitations

AI outputs may be inaccurate or incomplete and may misinterpret context. You should exercise independent judgment.

Legal Bases for Processing (EEA/UK and Similar Regions):

If you are in the EEA/UK (or a similar jurisdiction), we process personal information under the following legal bases: - Contract: to provide the Service you request - Legitimate Interests: to secure, improve, and operate the Service (balanced against your rights) - Consent: where required (e.g., certain cookies/marketing) - Legal Obligation: to comply with law.

How We Share Information:

We share information only as described below:

7.1) Service Providers (Processors)

We may share information with vendors that help us operate the Service, such as: - cloud hosting and storage providers - analytics and performance monitoring providers - customer support tools - security and fraud-prevention providers - AI processing providersThese providers are contractually required to protect the information and use it only for providing services to us.

7.2) Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

7.3) Legal Requirements

We may disclose information if required to do so by law or in response to valid legal process (e.g., subpoena, court order), or if we believe disclosure is necessary to protect rights, safety, or prevent fraud.

7.4) With Your Direction

We may share information when you direct us to do so (e.g., exporting your data, sharing content, enabling an integration).

7.5) We Do Not Sell Personal Information

We do not sell your personal information.

Data Retention:

We retain personal information only as long as necessary to provide the Service and for legitimate business purposes (such as security, compliance, and dispute resolution), unless a longer retention period is required or permitted by law.If you request deletion, we will delete or de-identify your personal information consistent with applicable law, subject to limited exceptions (e.g., legal compliance, security logs, fraud prevention).

Your Choices and Controls:

9.1) Account Settings

You may update certain account and privacy settings in the app.

9.2) Marketing Communications

Where applicable, you can opt out of marketing emails by using the unsubscribe link.

9.3) Cookies (Web)

You can control cookies through browser settings. Some cookies are required for the website to function.

Your Privacy Rights:

Depending on where you live, you may have rights to: - Access: request a copy of your personal information - Correction: request correction of inaccurate information - Deletion: request deletion of your information - Portability: request export in a usable format - Objection/Restriction: object to or restrict certain processing - Withdraw Consent: where processing is based on consent.

To exercise these rights, contact us at privacy@themirrorcollective.com.
We may need to verify your identity.

EEA/UK Additional Rights:

If you are in the EEA/UK, you may also lodge a complaint with your local data protection authority.

U.S. State Privacy Disclosures (e.g., California):

11.1) Categories Collected and Purposes

We collect the categories described in Section 2 and use them for the purposes in Section 4.

11.2) Sale/Sharing and Targeted Advertising

We do not sell personal information. If we use analytics or advertising technologies that could be considered “sharing” for cross-context behavioral advertising under certain laws, we will provide an opt-out mechanism where required.

11.3) Sensitive Personal Information

We do not intentionally collect “sensitive personal information” as defined by certain state privacy laws for purposes of inferring characteristics. If you voluntarily submit sensitive content in reflections, it will be processed to provide the Service.

11.4) Non-Discrimination

We will not discriminate against you for exercising privacy rights.

International Data Transfers:

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards for international transfers (e.g., Standard Contractual Clauses).

Security:

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration.No method of transmission or storage is completely secure. You are responsible for keeping your account credentials confidential.

Children’s Privacy:

The Service is not intended for children under 13 (or the minimum age required by law). We do not knowingly collect personal information from children. If you believe a child has used the Service and provided personal information, contact us below.

Changes to This Privacy Policy:

We may update this Privacy Policy from time to time. If changes are material, we will provide notice as required by law (e.g., in-app notice or updated effective date).

For privacy questions or requests:
‍
Email: privacy@themirrorcollective.com
Support: support@themirrorcollective.com

‍By using the Service, you acknowledge that you have read and understood this Privacy Policy.