how your data is handled

privacy policy

we built mira so you could be honest. so we're going to be honest about your data.

effective: may 20, 2026 · last updated: may 29, 2026

hey. it's mira.
the short version: everything you tell me lives on your phone and in our private database. i don't sell it. i don't share it for ads. you can wipe everything in one tap. the long version is below — written in plain english, on purpose.
mira · privacy, in her own words

01who we are

Mira ("Mira", "we", "our", "us") is a private AI companion app operated by RiekApps. This Privacy Policy explains what personal information we collect when you use the Mira mobile app or our website, why we collect it, how we use it, who we share it with, and the rights you have.

For privacy questions or requests, write to riekapps@gmail.com. For everything else, contact us.

02what we collect

We try to collect as little as possible. Here's the complete list:

information you give us directly

datawhere it comes from
Your name or nicknameYou enter it during onboarding.
Your chosen tone, purposes & intentYou pick these in onboarding so Mira can speak to you the way you want.
Your current moodOptional. You set it during onboarding and can update it any time.
Your email addressOnly if you sign in with Google (used for backup / device-switching) or contact us.
Your chat messagesWhat you send to Mira. Stored so the next conversation remembers the last one.
Your "memories"Facts Mira saves about you (the people, dates, and details you tell her). You can review, edit, and delete these.
Your life follow-upsFor paid users, ongoing goals, habits, people, routines, or situations Mira follows so she can remember and check in later. You can pause or delete these.
Photos you share in chatIf you upload an image while chatting, it's stored alongside that message.
Reminder preferencesIf you ask Mira to remind you of something, we store the reminder and its schedule.

information collected automatically

Anonymous device identifierGenerated on first launch so Mira can recognize the device on subsequent sessions without requiring an account.
Push notification token (FCM)Used to send the notifications you've enabled. We can revoke this when you uninstall or sign out.
Time zoneSo reminders fire at the right local time.
Subscription stateWhether you're on the free or paid plan. Receipts are verified with Apple / Google, not stored from your wallet.
Crash reports & performance dataAnonymized stack traces and device metadata via Firebase Crashlytics, used only to fix bugs.
Basic analytics eventsAnonymized events (e.g. "app opened", "chat sent") via Firebase Analytics. We do not collect advertising identifiers.

information we don't collect

03how we use it

Everything we collect is used to provide and improve Mira. Concretely:

04who we share it with

We share data only with the third-party "subprocessors" we need to run the service. Each of them is bound by their own privacy and security commitments. They are:

servicewhat it does
Google Firebase (Authentication, Cloud Messaging, Crashlytics, Analytics)User authentication (including anonymous and Google sign-in), push delivery, crash reporting, and anonymized usage analytics.
Neon (Postgres database)Stores your account, memories, life follow-ups, messages, and reminders.
OpenRouter (LLM gateway)Routes your messages, any photos you share, and the necessary context to the large-language-model providers that generate Mira's replies. OpenRouter relays to OpenAI and DeepSeek; under our agreement these providers do not retain your messages or photos to train their models.
RevenueCat (subscription management)Verifies App Store / Play receipts and keeps your subscription entitlement in sync across devices. Receives an anonymous user identifier and purchase events; no payment-card details.
Cloudflare R2 (media storage)Stores photos you choose to share with Mira in chat. Files are stored encrypted at rest and accessible only with a short-lived signed URL.
Apple App Store / Google PlaySubscription processing, receipt validation, and payments.

We do not share, sell, rent, or trade your personal information with advertisers, data brokers, or any other third party for marketing purposes.

We may disclose information if we are required to by law (e.g., a valid court order from a competent authority), to protect the safety of a user or the public, or in connection with a merger, acquisition, or sale of assets — in which case we will give you notice before your information becomes subject to a different privacy policy.

05where it lives

Your data is stored in managed cloud infrastructure provided by the subprocessors above. The primary database is operated by Neon and may be hosted in regions including the United States and Europe. Firebase services are operated by Google globally. Where you are accessing the service from a country other than the country of storage, your information will be transferred internationally — see §13.

06how long we keep it

07your privacy rights

Subject to applicable law, you have the right to:

To exercise any of these rights, visit the delete-data page or email riekapps@gmail.com. We respond within 30 days. We will not discriminate against you for exercising your rights.

quick tip. Most of these you can do directly inside the app: go to Settings → Memory to review or wipe what Mira remembers, or Settings → Privacy → Delete my account for a full wipe.

legal basis for processing (EEA / UK)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR (and the UK GDPR) to process your personal data:

08children's privacy

Mira is intended for users aged 17 and older (or the minimum digital-consent age in your country, whichever is higher). We do not knowingly collect personal information from anyone under that age. If you believe a child has provided information to Mira, contact us at riekapps@gmail.com and we will delete it.

09push notifications & analytics

Push notifications are sent via Firebase Cloud Messaging using a token that your device generates. We use them only for the categories you've enabled in Settings → Notifications (reminders, check-ins, etc.). You can disable any category in the app, or revoke push permission entirely from your device settings.

Analytics use Firebase Analytics with advertising identifiers turned off. We collect aggregated, anonymized event counts to understand which features people use and where the app breaks. To opt out of analytics, write to riekapps@gmail.com.

10apple's app tracking transparency

On iOS, Mira does not track you across other companies' apps or websites for advertising or measurement, so we do not present the App Tracking Transparency permission prompt. If this ever changes, we will update this policy and request permission first.

11subscriptions & payments

Our paid subscription Mira Pro is processed by Apple (App Store In-App Purchase) or Google (Google Play Billing), depending on the platform you used. We never see your full payment card details. We receive only the receipt/transaction identifier necessary to validate your purchase and unlock paid features. We use RevenueCat as a subscription management service to verify receipts and keep your entitlement state in sync across devices; RevenueCat receives your anonymous user identifier and purchase events but no payment details. Refunds and cancellations are handled through your Apple or Google account, in accordance with their refund policies.

12security

We protect your information with industry-standard measures, including transport encryption (HTTPS/TLS) for all network requests, encrypted storage at rest in our database, and strict access controls for the small number of people on our team who can administer the service. No method of electronic transmission or storage is 100% secure, but we treat the trust you place in us seriously and will notify you and the relevant authorities promptly if a breach affecting your data ever occurs.

13international transfers

Because our subprocessors operate globally, your information may be transferred to, and processed in, countries other than your own — including the United States and member states of the European Union. Where required by applicable data-protection law (e.g., GDPR), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your information during transfer.

14california privacy rights

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you specific rights regarding your personal information. This section uses California-specific terms and supplements the rest of this policy.

categories we collect

In the past twelve months we have collected the following categories of personal information from California consumers, all of which are described in §2 above:

sources, purposes, and disclosures

We collect this information from you directly, automatically from your device, and through the subprocessors listed in §4. We use it for the purposes described in §3. We disclose it only to the subprocessors listed in §4, and only for those same purposes. Each subprocessor is bound by contract to use the information solely on our behalf.

we do not sell or share your personal information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the past twelve months, and we do not knowingly sell or share the personal information of California consumers under the age of 16. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA §7027(m).

your california rights

To exercise any of these rights, visit the delete-data page or email riekapps@gmail.com. We will verify your request using information already associated with your account and respond within 45 days (extendable once by an additional 45 days where reasonably necessary). You may designate an authorized agent to make a request on your behalf; we will require written authorization and verification of the agent's identity.

15changes to this policy

If we make a material change to this policy, we will update the "last updated" date at the top and notify you inside the app, by email (if we have one for you), or both, before the change takes effect. Continued use of Mira after a change means you accept the updated policy.

16contact us

Questions, requests, or complaints? Write to riekapps@gmail.com and a real person on our team will reply.

← back to mira © 2026 RiekApps · mira