Mira

Mira Privacy Policy

1. Who We Are

Mira is operated by Glauser Creative AB, a company registered in Sweden. We are the data controller for personal data processed through our service.

Our Role in Data Processing

  • For account holders: We are the data controller
  • For interview respondents: We are a data processor on behalf of the study creator (who is the data controller)

Study creators are responsible for:

  • Having a lawful basis to collect respondent data
  • Providing privacy information to respondents
  • Responding to respondent rights requests

2. Data We Collect

Account holders: Email address, usage data, payment information (processed by Stripe).

Interview respondents: Interview responses, optional email (if provided), and any information shared during the interview.

3. Legal Basis for Processing

Under GDPR Article 6, we process your data based on:

  • Contract performance (Article 6(1)(b)): To provide the Service to account holders
  • Legitimate interests (Article 6(1)(f)): To improve and secure the Service, prevent fraud
  • Legal obligations (Article 6(1)(c)): To comply with applicable laws and regulations
  • Consent (Article 6(1)(a)): For optional marketing communications (where applicable)

For interview respondents, the legal basis depends on the study creator's purposes. Study creators must ensure they have a valid legal basis for collecting respondent data.

4. How We Use Your Data

  • To provide and improve the Service
  • To process payments and manage your account
  • To send important service updates
  • To generate AI-powered insights from interview data
  • To comply with legal obligations

5. Data Sharing and Sub-Processors

We share data with the following service providers:

  • OpenAI — AI interviews & analysis (USA, protected by SCCs and DPA)
  • Mistral AI — AI interviews & analysis (EU/France, GDPR compliant)
  • Supabase — Database & authentication (USA/EU, protected by SCCs and DPA)
  • Vercel — Application hosting (USA, protected by SCCs and DPA)
  • Stripe — Payment processing (EU/USA, protected by SCCs and DPA)

We may add additional AI providers and will update this list accordingly.

Data shared with AI providers:

  • Interview questions and responses
  • Study context (company name, research goals)

AI providers process this data under their privacy policies and terms, Data Processing Agreements (DPAs) we maintain with them, and Standard Contractual Clauses for international transfers.

We do not sell your personal data to third parties.

6. Automated Decision-Making

Under GDPR Article 22, we disclose that the Service uses AI to:

  • Generate interview questions based on your research goals
  • Conduct interviews and ask follow-up questions
  • Analyze responses and generate summaries and sentiment analysis

These AI features assist your research but do not make decisions with legal or similarly significant effects on individuals. You retain full control over how to interpret and act on AI-generated insights.

7. Data Retention

We retain your data for as long as your account is active. Interview data is retained until you delete the study or your account. When you delete your account, all associated data is permanently removed within 30 days.

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data (data portability)
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at hello@letmira.com or use the account deletion feature in Settings.

9. Cookies

We use essential cookies only for authentication and session management. We do not use tracking or advertising cookies.

10. Security

We implement industry-standard security measures including encryption in transit (HTTPS), encrypted database storage, and secure authentication. However, no method of transmission over the Internet is 100% secure.

11. International Transfers

Your data may be transferred to and processed in:

  • United States: OpenAI (AI processing), Vercel (hosting), Supabase (database)
  • EU/EEA: Mistral AI (AI processing - France), Stripe (payments - EU data stays in EU where possible)

We ensure GDPR compliance for international transfers through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with all providers
  • Verification of adequate security measures

12. Children's Data

The Service is not intended for children under 16. We do not knowingly collect data from children. Study creators must not interview children under 16 without appropriate parental consent and safeguards in compliance with applicable laws.

13. Data Breach Notification

In the event of a personal data breach that poses risks to your rights and freedoms:

  • We will notify affected users without undue delay and within 72 hours where feasible
  • We will notify IMY (Swedish Data Protection Authority) as required by GDPR
  • We will provide details about the breach and steps being taken to address it

14. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the Service.

Contact

For privacy-related questions or to exercise your rights, contact us at hello@letmira.com

Glauser Creative AB
Mor Wingmarks gränd 4
129 41 Hägersten
Sweden

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at www.imy.se