Skip to content

Privacy notice

Last updated: 7 May 2026

Who we are

mirrormi.ai (“we”, “us”) provides a relationship journalling service with AI-assisted analysis. This notice explains how we use personal data when you use our website and service. For data protection queries, contact hello@mirrormi.ai.

We process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We do not sell your personal data.

What we collect

Depending on how you use mirrormi.ai, we may process:

  • Account data: email address, display name, authentication identifiers, role, and account status (for example if an account is suspended).
  • Profile and onboarding: optional context you choose to provide (such as attachment style, relationship type, or free-text context) to personalise reflections.
  • Journal content: text you write in entries, optional voice attachments if you use that feature, visibility settings, and related metadata (for example timestamps).
  • Relationship data: invitations, membership in a shared relationship space, and messages you attach to invites.
  • AI outputs: analyses generated from your entries (solo or paired), including structured fields we store to show you the reflection in the product.
  • Technical and security data: server logs, diagnostics, and similar information needed to run the service securely and to investigate abuse.

Why we use it (lawful bases)

We use personal data as necessary to:

  • Provide the service you request, typically under performance of a contract (UK GDPR Article 6(1)(b)).
  • Keep accounts secure, prevent abuse, and meet legal obligations under legitimate interests (Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)).
  • Product improvement that does not require new processing beyond what you would expect under legitimate interests, balanced against your rights; where we rely on consent for optional features, we will ask clearly.

Automated processing and AI

When you ask for analysis, we send relevant text (including journal content and profile context you have provided) to external AI inference services we engage to generate a structured reflection. We do not publish the specific vendors or model versions we use; they may change. Outputs are stored in our database so you can read them in the app.

This involves automated processing. It is not a clinical or diagnostic tool and must not be relied on as medical, therapeutic, or crisis advice. Those providers process inputs under contractual terms we require for UK GDPR. For more detail on how a given provider handles service data, contact us at hello@mirrormi.ai; we can share the current categories of AI subprocessors and relevant documentation links on request.

We do not sell personal data. We use subprocessors strictly to operate the service (for example hosting and AI inference).

Where we process data

We use Supabase for authentication and database hosting. Data may be processed in the UK, the EEA, or other countries where our providers operate. Where personal data is transferred outside the UK, we rely on appropriate safeguards recognised under UK law (for example the UK extension to the EU Commission’s standard contractual clauses), as required.

Retention

We keep personal data only as long as needed for the purposes above, typically while your account exists and for a limited period afterwards for backups, security, and legal compliance. Exact retention can vary by data category; you may request erasure as described below, subject to legal exceptions.

Security

We implement appropriate technical and organisational measures. Journal text in our database is described in our product documentation as encrypted at rest via our hosting provider’s platform capabilities; no security measure is perfect, and you should still treat highly sensitive information with care.

Your rights

Under UK GDPR you may have the right to:

  • access a copy of your personal data;
  • rectify inaccurate data;
  • erase data in certain circumstances;
  • restrict or object to certain processing;
  • data portability where applicable;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise these rights, email hello@mirrormi.ai. We may need to verify your identity.

Cookies

We use essential cookies and similar technologies for sign-in and session management. See our Cookie policy for detail.

Changes

We may update this notice from time to time. We will post the revised version here and adjust the “last updated” date.

Related: Terms of use · Cookie policy