Mirror AI Logo

Mirror2win AI

Your Digital Twin

Privacy Policy

Last Updated: January 26, 2026

🔒 Your Privacy Matters

We take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding your personal data. We store sensitive personal information you share with our AI, so please read this carefully.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Password (encrypted)
  • OAuth provider information (if you sign in with Google)

1.2 Personal Content and Conversations

When you use the Service, we collect and store:

  • All conversations with the AI (text and audio transcriptions)
  • Personal life data you share about your daily activities, thoughts, and experiences
  • Classified vector data across 9 categories: Physical Health, Mental Health, Financial, Relationships, Career, Fun, Spirituality, Legal, and Habits
  • Historical tracking data showing changes in your vectors over time
  • Any files, images, or documents you upload

Important: The information you share may include highly sensitive personal details about your health, finances, relationships, and other private matters. We store all of this data to provide the Service.

1.3 Usage Data

We automatically collect:

  • Device information (browser, operating system, device type)
  • IP address and general location
  • Usage patterns and feature interactions
  • Log data (access times, pages viewed, errors encountered)

1.4 Payment Information

Payment information is collected and processed by our payment processor, Stripe. We do not store your full credit card details but may retain the last 4 digits and card type for display purposes.

2. How We Use Your Information

We use your information to:

  • Provide the Service: Process your conversations, classify data into vectors, track changes over time, and enable AI interactions
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Communicate with you: Send service updates, security alerts, and respond to your inquiries
  • Process payments: Handle subscriptions and billing
  • Prevent fraud and abuse: Detect and prevent unauthorized access and misuse
  • Comply with legal obligations: Respond to legal requests and enforce our Terms

3. AI Processing and Data Usage

🔒 Your Data Stays Private

We do NOT use your conversations or personal data to train AI models.Your information is processed solely to provide you with personalized insights and is never used to improve AI models or shared with AI providers for training purposes. Our AI processes your data in a stateless manner, each interaction is independent and completely private to you.

How AI Processing Works:

  • Your conversations and personal data are processed by AI systems to generate insights and classifications for YOU only
  • AI models analyze patterns across YOUR data to provide personalized responses specific to your digital twin
  • Individual conversations are NOT shared with other users
  • We implement technical safeguards to protect your data during AI processing
  • Your data remains your own and is used exclusively for your benefit

4. Third-Party Services

We use the following third-party services that may collect or process your data:

4.1 Infrastructure and Hosting

  • Amazon Web Services (AWS): Hosts our application and databases
  • MongoDB: Database service for storing your data

4.2 Payment Processing

  • Stripe: Processes all payments and subscriptions. Review Stripe's Privacy Policy for their data practices

5. Data Sharing and Disclosure

We do NOT sell your personal data. We may share your information only in these circumstances:

  • With your consent: When you explicitly authorize sharing
  • Service providers: With vendors who help us operate the Service (under strict confidentiality agreements)
  • Legal requirements: When required by law, subpoena, or to protect our rights and safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • Aggregated data: We may share anonymized, aggregated statistics that cannot identify you

6. Data Security

We implement security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication requirements

While we employ industry-standard security practices to protect your data, no internet-based service can guarantee absolute security. We continuously monitor and improve our security measures to keep your information safe.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account:

  • We will delete or anonymize your personal data within 90 days
  • Some data may be retained for legal compliance or legitimate business purposes
  • Backups may contain your data for up to 90 days after deletion
  • Aggregated, anonymized data may be retained indefinitely

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain data processing activities
  • Withdraw consent: Withdraw consent for data processing where we rely on consent

To exercise these rights, contact us through the support channels in the application. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

11. Cookies and Tracking

We use cookies and similar technologies. For details, see our Cookie Policy.

Essential cookies used:

  • Authentication cookies: Keep you logged in
  • Session cookies: Maintain your session state
  • Preference cookies: Remember your settings

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether your personal information is sold or disclosed
  • Right to say no to the sale of personal information (we don't sell your data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes: consent, contractual necessity, legal obligations, and legitimate interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when this policy was last revised.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights, please contact us through the support channels available in the application.

By using Mirror2win AI, you consent to the collection and use of your information as described in this Privacy Policy.