privacy policy
we built mira so you could be honest. so we're going to be honest about your data.
the short version: everything you tell me lives on your phone and in our private database. i don't sell it. i don't share it for ads. you can wipe everything in one tap. the long version is below — written in plain english, on purpose.
what's in here
01who we are
Mira ("Mira", "we", "our", "us") is a private AI companion app operated by RiekApps. This Privacy Policy explains what personal information we collect when you use the Mira mobile app or our website, why we collect it, how we use it, who we share it with, and the rights you have.
For privacy questions or requests, write to riekapps@gmail.com. For everything else, contact us.
02what we collect
We try to collect as little as possible. Here's the complete list:
information you give us directly
| data | where it comes from |
|---|---|
| Your name or nickname | You enter it during onboarding. |
| Your chosen tone, purposes & intent | You pick these in onboarding so Mira can speak to you the way you want. |
| Your current mood | Optional. You set it during onboarding and can update it any time. |
| Your email address | Only if you sign in with Google (used for backup / device-switching) or contact us. |
| Your chat messages | What you send to Mira. Stored so the next conversation remembers the last one. |
| Your "memories" | Facts Mira saves about you (the people, dates, and details you tell her). You can review, edit, and delete these. |
| Photos you share in chat | If you upload an image while chatting, it's stored alongside that message. |
| Reminder preferences | If you ask Mira to remind you of something, we store the reminder and its schedule. |
information collected automatically
| Anonymous device identifier | Generated on first launch so Mira can recognize the device on subsequent sessions without requiring an account. |
| Push notification token (FCM) | Used to send the notifications you've enabled. We can revoke this when you uninstall or sign out. |
| Time zone | So reminders fire at the right local time. |
| Subscription state | Whether you're on the free or paid plan. Receipts are verified with Apple / Google, not stored from your wallet. |
| Crash reports & performance data | Anonymized stack traces and device metadata via Firebase Crashlytics, used only to fix bugs. |
| Basic analytics events | Anonymized events (e.g. "app opened", "chat sent") via Firebase Analytics. We do not collect advertising identifiers. |
information we don't collect
- We do not collect your contacts, calendar, microphone, or location.
- We do not track you across other apps or websites.
- We do not sell your data to anyone, ever.
- We do not use your chat content to train third-party AI models for purposes unrelated to answering you.
03how we use it
Everything we collect is used to provide and improve Mira. Concretely:
- To talk back to you. Your messages, name, tone, memories, and recent context are sent to our language-model provider (see §4) so Mira can respond in a way that remembers you.
- To remember you across sessions. Memories and message history are stored in our database so a new chat picks up where the last one left off.
- To send you the notifications you asked for. Reminders, gentle check-ins, and (if you opt-in) proactive emotional touch-bases.
- To process your subscription. Verifying receipts with Apple or Google and unlocking paid features.
- To diagnose crashes and improve the app. Anonymized crash and analytics data.
- To prevent abuse and keep the service safe. Basic rate-limiting and security signals.
- To respond to your requests. Customer support and data-rights requests.
04who we share it with
We share data only with the third-party "subprocessors" we need to run the service. Each of them is bound by their own privacy and security commitments. They are:
| service | what it does |
|---|---|
| Google Firebase (Authentication, Cloud Messaging, Crashlytics, Analytics) | User authentication (including anonymous and Google sign-in), push delivery, crash reporting, and anonymized usage analytics. |
| Neon (Postgres database) | Stores your account, memories, messages, and reminders. |
| OpenRouter (LLM gateway) | Routes your message and the necessary context to a large-language-model provider that generates Mira's replies. OpenRouter relays to a model provider such as Anthropic; the provider does not retain your messages for training under our agreement. |
| Apple App Store / Google Play | Subscription processing, receipt validation, and payments. |
We do not share, sell, rent, or trade your personal information with advertisers, data brokers, or any other third party for marketing purposes.
We may disclose information if we are required to by law (e.g., a valid court order from a competent authority), to protect the safety of a user or the public, or in connection with a merger, acquisition, or sale of assets — in which case we will give you notice before your information becomes subject to a different privacy policy.
05where it lives
Your data is stored in managed cloud infrastructure provided by the subprocessors above. The primary database is operated by Neon and may be hosted in regions including the United States and Europe. Firebase services are operated by Google globally. Where you are accessing the service from a country other than the country of storage, your information will be transferred internationally — see §13.
06how long we keep it
- Chat messages and memories — kept until you delete them or delete your account.
- Account & profile — kept while your account is active. Deleted within 30 days of an account-deletion request (see §7 and the delete-data page).
- Push tokens — invalidated when you sign out, uninstall, or revoke push permission.
- Crash and analytics records — retained for up to 14 months by Firebase.
- Billing & receipt records — retained for the period required by tax and financial regulations (typically up to 7 years), even after account deletion.
- Support correspondence — kept for up to 2 years after the last interaction.
07your privacy rights
Subject to applicable law, you have the right to:
- Access a copy of the personal information we hold about you.
- Correct information that is inaccurate or out of date.
- Delete your information — entirely, or just specific memories or messages.
- Port your information — receive it in a structured, commonly used format.
- Object to or restrict certain processing.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, visit the delete-data page or email riekapps@gmail.com. We respond within 30 days. We will not discriminate against you for exercising your rights.
08children's privacy
Mira is intended for users aged 16 and older (or the minimum digital-consent age in your country, whichever is higher). We do not knowingly collect personal information from children under that age. If you believe a child has provided information to Mira, contact us at riekapps@gmail.com and we will delete it.
09push notifications & analytics
Push notifications are sent via Firebase Cloud Messaging using a token that your device generates. We use them only for the categories you've enabled in Settings → Notifications (reminders, check-ins, etc.). You can disable any category in the app, or revoke push permission entirely from your device settings.
Analytics use Firebase Analytics with advertising identifiers turned off. We collect aggregated, anonymized event counts to understand which features people use and where the app breaks. To opt out of analytics, write to riekapps@gmail.com.
10apple's app tracking transparency
On iOS, Mira does not track you across other companies' apps or websites for advertising or measurement, so we do not present the App Tracking Transparency permission prompt. If this ever changes, we will update this policy and request permission first.
11subscriptions & payments
Subscriptions are processed by Apple (App Store In-App Purchase) or Google (Google Play Billing), depending on the platform you used. We never see your full payment card details. We receive only the receipt/transaction identifier necessary to validate your purchase and unlock paid features. Refunds and cancellations are handled through your Apple or Google account, in accordance with their refund policies.
12security
We protect your information with industry-standard measures, including transport encryption (HTTPS/TLS) for all network requests, encrypted storage at rest in our database, and strict access controls for the small number of people on our team who can administer the service. No method of electronic transmission or storage is 100% secure, but we treat the trust you place in us seriously and will notify you and the relevant authorities promptly if a breach affecting your data ever occurs.
13international transfers
Because our subprocessors operate globally, your information may be transferred to, and processed in, countries other than your own — including the United States and member states of the European Union. Where required by applicable data-protection law (e.g., GDPR), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your information during transfer.
14changes to this policy
If we make a material change to this policy, we will update the "last updated" date at the top and notify you inside the app, by email (if we have one for you), or both, before the change takes effect. Continued use of Mira after a change means you accept the updated policy.
15contact us
Questions, requests, or complaints? Write to riekapps@gmail.com and a real person on our team will reply.