Mirra
Privacy Policy
Last updated: December 2024
Your privacy matters. This policy explains how Mirra ("we", "us", "our") collects, uses, and protects your personal data in compliance with GDPR and other applicable privacy laws.
1. Data Controller
Mirra is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us at: privacy@mirra.app
2. Data We Collect
We collect the following types of personal data:
- Account Information: Email address, name, password (hashed), profile picture
- Authentication Data: OAuth tokens (if using social login), 2FA secrets
- Trading Data: API keys (encrypted), trading history, subscription preferences
- Usage Data: Log data, device information, IP addresses (anonymized)
- Payment Data: Transaction history, wallet addresses (for payouts)
3. Legal Basis for Processing
We process your data based on:
- Contract: To provide our services as agreed in our Terms of Service
- Consent: For marketing communications and optional cookies
- Legitimate Interest: To improve our services and prevent fraud
- Legal Obligation: To comply with applicable laws and regulations
4. How We Use Your Data
- To provide and maintain our copy trading services
- To process your transactions and manage your account
- To communicate with you about your account and our services
- To improve and personalize your experience
- To detect and prevent fraud and abuse
- To comply with legal obligations
5. Data Sharing
We do not sell your personal data. We may share data with:
- Service Providers: Cloud hosting, payment processors, email services
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In case of merger, acquisition, or asset sale
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. After account deletion, we retain data for up to 30 days for backup purposes, then permanently delete it.
7. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, visit your Account Settings or contact us at privacy@mirra.app.
8. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (TLS) and at rest
- Secure password hashing (bcrypt)
- Two-factor authentication (2FA)
- Regular security audits and monitoring
- Access controls and employee training
9. International Transfers
Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through Standard Contractual Clauses and other approved mechanisms.
10. Cookies
We use cookies and similar technologies. Please see our Cookie Policy for details on how we use cookies and how you can manage your preferences.
11. Children's Privacy
Our services are not intended for users under 18 years of age. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or through our platform.
13. Contact Us
For any privacy-related questions or to exercise your rights:
- Email: privacy@mirra.app
- Or use the data management options in your Account Settings