Privacy Policy

1. Data Controller

This privacy policy applies to users of the MIRRA mobile application ("App", "Service") and the yourmirra.com website. As the data controller, MIRRA is responsible for processing your personal data in accordance with Turkey's Personal Data Protection Law (KVKK No. 6698) and the EU General Data Protection Regulation (GDPR).

Contact: mirraapp.ai@gmail.com

2. Data We Collect

2.1. Account Information

• Email address
• Password (hashed with bcrypt, never stored in plain text)
• Optional profile details (name, profile photo)
• If using social login (Google / Apple): email and basic profile info

2.2. Wardrobe Data

• Clothing photos you upload
• AI-extracted categories, colors, tags
• Outfits you create and your preferences
• Wearing history and habits

2.3. Usage Statistics

• In-app behaviors (anonymized)
• Crash reports and error logs
• Features used and frequency

2.4. Technical Data

• Device type, OS, and version
• IP address (for regional detection)
• Firebase push notification token
• App version

2.5. Optional Location Data

Collected with user consent for weather-based outfit suggestions. Can be disabled from device settings at any time.

3. Data We Do NOT Collect

4. Purposes of Processing

• Delivering and maintaining the service
• Personalized outfit recommendations
• Account security and authorization
• Premium subscription management
• Customer support
• Legal obligation compliance
• Service improvement and bug fixing

5. AI and Data Usage

The clothing photos you upload are processed temporarily, only for your personalized outfit suggestions, background removal, and category extraction. After AI processing, only the extracted metadata (color, category, tags) is stored; raw data is not included in any third party's training dataset.

6. Third-Party Service Providers

To deliver our service, we work with the following infrastructure providers:

• Supabase Inc. (USA) — Database and authentication
• Google LLC — Gemini AI — Image analysis and outfit generation
• Firebase (Google) — Push notifications and analytics
• Google AdMob — Free-tier ads (not present in premium)
• RevenueCat — Subscription management

These providers operate under their own privacy policies and may only process data for service provision.

7. Data Security

• All data transfer is encrypted with TLS/SSL
• Passwords are hashed with the bcrypt algorithm
• Images are stored in secure storage buckets with access control
• Regular security scans and penetration tests
• Two-factor authentication (optional) supported

8. User Rights (KVKK & GDPR)

You have the following rights regarding your personal data:

• Right of access — Learn which data is being processed
• Right to rectification — Request correction of inaccurate data
• Right to erasure — Request deletion under the "right to be forgotten"
• Right to restrict processing
• Right to data portability — Receive your data in a structured format
• Right to object — Object to data processing
• Right to complain — Complain to KVKK Authority or relevant supervisory authority

To exercise these rights: mirraapp.ai@gmail.com

9. Data Retention Period

• Data is kept during the active account period
• All data is permanently deleted within 30 days of account deletion
• Processing logs are retained for 10 years per legal obligations
• In the free tier, user clothing images are kept while the account remains inactive

10. Cookies

Our website only uses essential cookies (session, language preference). We do not use third-party cookies that track your browsing behavior.

11. Children's Privacy

MIRRA is not designed for users under 13. If we discover that we have collected data from a user under 13, it is deleted immediately.

12. Policy Changes

Significant changes to this policy will be announced via in-app notification and email. The current version is always published on this page.

13. Contact

For all privacy policy questions: mirraapp.ai@gmail.com