Terms & Privacy

Effective: 29 April 2026

This single document covers both how Mirra works (Terms) and what Mirra does with your data (Privacy). Mirra is built around a simple principle — your data stays on your device, under your control. This document explains exactly what that means.

1. Who runs Mirra

Mirra is operated as an Australian sole trader. There is no parent company, no investors with data access, and no separate legal entity behind the product.

2. What Mirra is

Mirra is an iOS app that surfaces patterns across your phone, body, sleep, and calendar. It reads data you already own — through Apple Health, Screen Time, and Calendar — and shows you connections that no single app can see on its own.

Mirra is not a tracker, not a coach, and not a medical product. It does not diagnose, treat, or prevent any condition. Insights are observations, not advice.

3. Your account and access

You can use Mirra without creating an account. The app does not require sign-up, login, or any credentials to function. Some optional features (such as restoring a paid subscription across devices) may use your Apple ID via App Store mechanisms — Mirra never sees your Apple ID password.

You can stop using Mirra at any time by deleting the app. Doing so removes all locally stored Mirra data from your device.

4. What data Mirra accesses

Mirra accesses the following on your device, only with your explicit permission, granted through iOS system prompts:

• Apple Health — sleep, heart rate, heart rate variability, steps, workouts, energy, and (optionally) menstrual cycle and weight. Read-only.
• Screen Time — total daily and hourly device usage, top categories and apps. Accessed via Apple's Family Controls and DeviceActivity APIs. Read-only.
• Calendar (Apple Calendar via EventKit, optionally Google Calendar) — event times, durations, and attendee counts to understand the shape of your day. Mirra reads event titles only to identify recurring patterns and group similar events; titles are never stored on any server, transmitted off-device, or shared.
• Onboarding answers you provide — name, body context, life priorities, and self-reported wellbeing.

You can revoke any of these permissions at any time through iOS Settings → Privacy & Security, or directly inside Mirra in the Settings tab.

5. What Mirra does with your data

5.1 Everything happens on your device

Mirra processes all data locally on your iPhone. Pattern detection, correlation analysis, and chat features all run on-device. Your personal data is never transmitted to a Mirra server, because Mirra has no server.

5.2 What leaves your device

The only outbound network traffic Mirra makes is:

• Google OAuth and Calendar API requests (only if you connect Google Calendar) — these go directly to Google's servers, not Mirra's. Tokens are stored in iOS Keychain.
• App Store and RevenueCat purchase verification (if you subscribe) — handled by Apple, not Mirra.
• Standard App Store update mechanisms.

No analytics. No telemetry. No tracking SDKs. No advertising identifiers. Mirra does not know how many users open the app today.

5.3 No data sharing or selling

Mirra does not share, sell, rent, or trade your personal data with anyone. There are no advertising networks, no data brokers, no marketing partners. There is no commercial use of your data beyond running the product on your device.

5.4 No data purchased from third parties

Mirra does not purchase, license, or otherwise acquire user data from third parties. The only data Mirra works with is data already on your device through Apple's frameworks.

6. How your data is stored

6.1 On your device

Health data stays inside Apple's HealthKit framework — Mirra reads it on demand and does not duplicate it. Calendar data is queried in real time. Screen Time data is cached locally inside the app's sandbox using App Group storage and iOS Keychain. Onboarding answers are stored in iOS standard storage.

6.2 Encryption

Sensitive items (authentication tokens, sensitive payloads) are stored in iOS Keychain, which is hardware-encrypted. iOS device encryption (enabled by default on all modern iPhones) protects everything else at rest.

6.3 No cloud backup of personal data

Mirra does not back up your personal data to any cloud service operated by Mirra. iOS standard device backup (iCloud or computer) may include Mirra's local data — this is controlled by your iOS backup settings, not by Mirra.

7. Your rights

7.1 Everyone

You can:

• Access all data Mirra holds about you — it lives on your device, in the app and in iOS frameworks you can inspect through Settings.
• Correct your data — most of it (sleep, calendar, screen time) is editable at the source (Apple Health, Calendar, etc.).
• Delete all data — uninstalling Mirra removes locally stored Mirra data. Apple Health and Calendar data are managed separately by you.
• Withdraw any permission at any time without losing access to other features.

7.2 EU and EEA users (GDPR)

If you are in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) gives you additional rights:

• Right of access, rectification, and erasure
• Right to data portability
• Right to restrict or object to processing
• Right to lodge a complaint with your local data protection authority

Because Mirra processes all data on your device and holds no copy on any server, exercising these rights generally means using iOS Settings or deleting the app. For any concerns, write to kate@mirra.guide and we will respond within 30 days.

7.3 Australian users (Privacy Act)

Australian users have rights under the Privacy Act 1988, including the right to access, correct, and complain about handling of personal information. Contact kate@mirra.guide.

8. International data transfers

Because personal data does not leave your device, there are no international data transfers operated by Mirra. The exception is data you actively choose to involve third parties with — for example, connecting Google Calendar means your calendar data travels between your device and Google's servers under Google's terms.

9. Children

Mirra is not directed at children under 13 (or under 16 in some EU jurisdictions). Mirra does not knowingly collect data from children. If you believe a child has provided data to Mirra, contact kate@mirra.guide and we will assist.

10. Subprocessors and third parties

Mirra uses the following third-party services in limited capacities:

• Apple — App Store, HealthKit, Family Controls, EventKit, push notifications (when enabled), in-app purchases. Apple's privacy practices apply.
• Google — only if you choose to connect Google Calendar. OAuth and Calendar API requests go to Google. Google's privacy practices apply.
• RevenueCat (if used for subscription management) — receives anonymous purchase records, no personal health or behavioural data.

Mirra has no other subprocessors, no analytics providers, no advertising partners, and no marketing tools.

11. Security

Mirra relies on iOS-level security protections — sandbox isolation, Keychain hardware encryption, app-level entitlements. Mirra has no servers to breach because Mirra has no servers holding your data.

If you discover a security concern, please email kate@mirra.guide. We respond within 7 days.

12. Subscriptions and payments

Mirra may offer paid features through subscription. Subscriptions are managed by Apple through your App Store account. Mirra does not process payments, store payment details, or see your credit card information.

Subscription prices are displayed in the App Store at the time of purchase. Apple's standard refund and cancellation policy applies — you can cancel any time through your Apple ID Settings.

13. Acceptable use

You agree to use Mirra for personal, non-commercial purposes — observation of your own data on a device you own. You will not attempt to extract, reverse-engineer, or modify Mirra to circumvent its privacy protections or to access data belonging to other people.

14. Intellectual property

Mirra (the app, the brand, the design) is the intellectual property of Ekaterina Trifonova trading as Mirra. The patterns and insights Mirra surfaces about your data belong to you.

15. Disclaimer and liability

Mirra surfaces patterns. It does not give medical advice. It is not a substitute for professional health, medical, or psychological care. If a pattern surfaces that concerns you, talk to a qualified professional.

To the extent permitted by law, Mirra is provided "as is" without warranty of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

To the maximum extent permitted by Australian law, our total aggregate liability to you for any claim arising from or related to your use of Mirra shall not exceed the greater of:

• AUD $200, or
• the total amount you paid Mirra in the 12 months preceding the claim.

This limitation applies to all claims, whether based in contract, tort (including negligence), or any other legal theory, even if Mirra has been advised of the possibility of such damages.

Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for consequential damages — in such jurisdictions, liability is limited to the maximum extent permitted by law. Users in the European Union retain mandatory consumer protections under their local law, which are not affected by this clause.

16. Changes to this document

If material changes are made to how Mirra handles data, you will be notified within the app and given the option to review the updated terms before continuing to use new functionality. The "Effective" date at the top of this document indicates the most recent revision.

17. Governing law

These terms are governed by the laws of New South Wales, Australia. Any disputes will be subject to the jurisdiction of the courts of New South Wales. Users in the European Union retain mandatory consumer protections under their local law, which are not affected by this clause.

18. Contact

For privacy-specific concerns, mark your email "Privacy" in the subject line and we will route it accordingly.