Privacy Policy

Last Updated: April 23, 2026

1. Our "Privacy-First" Manifesto

At Mirror, we believe technology should serve humans, not spy on them. Our app is designed to help you regain control of your screen time—not to monitor your life for you.

Before diving into the legal details, here are our 3 core pillars:

  • 🔒 Local-only processing — Your screen time data never leaves your iPhone. It is processed locally by iOS, and Mirror has no access to it on its servers.
  • 🚫 Zero data selling — We never sell, rent, or share your personal data with third parties for commercial or advertising purposes. Ever.
  • ✂️ Purposeful collection — We only collect data that serves the product or helps us improve it. Each data type is explained below with its specific purpose.

This Privacy Policy describes the data we collect, why we collect it, how we protect it, and what your rights are. It applies to the Mirror application, published by Jordan Gloaguen (the "Editor"), located at 61 rue Chevalier de Kermelec, Quimper, 29000, France.

2. Information We Collect

In summary: We distinguish between data you voluntarily provide and data collected automatically. We never collect your app usage details, messages, photos, location, or contacts.

A. Voluntarily Provided Data

Data Type Examples Purpose
Profile Display name, birth year, profession, referral source, avatar To personalize your experience and understand aggregate user demographics. Synced to our secure servers (Cloud Firestore) under an anonymous technical identifier. Avatar stored locally only.
Preferences Daily screen time goals, "distracting" app tokens, notification settings To configure the service. Stored locally on your device only.
Support Communications Content of emails and in-app messages sent to support or feedback, email address you provide To answer your requests and improve the product.

B. Automatically Collected Data

Data Type Examples Purpose
Device Data iPhone model, iOS version, language, time zone To ensure compatibility and fix bugs.
App Usage Data Open frequency, features used, screens visited, onboarding funnel progression, session creation patterns To improve the user experience.
Anonymous Identifiers Firebase anonymous UID, installation identifier, Google Analytics pseudo ID To link events and server-side data consistently across app sessions, without using personally identifying credentials.
Error Logs Crash reports, error traces, device diagnostic snapshot when you voluntarily submit a support ticket To diagnose and fix technical issues.
Transaction Data Subscription status, plan type (monthly/yearly), product identifier, anonymized transaction identifier, price and currency, trial eligibility To manage your Premium access and measure conversion.
⚠️ What we do NOT collect: The names or identities of the specific apps you use or block (Apple's Screen Time API provides only opaque, encrypted tokens — not app names), time spent on each specific app, notification content, messages, photos, location, or contacts. The count of apps you select as "distracting" may be sent as an aggregate metric (e.g., "user selected 5 apps") but never the apps themselves.

3. The Specific Case of Screen Time

In summary: Your screen time data stays on your iPhone. We cannot see it.

Mirror uses Apple's Screen Time frameworks (DeviceActivity, FamilyControls, ManagedSettings) to function. Here is what that means for your privacy:

  • Mirror is an interface, not a spy: Data processing is performed entirely by iOS on your device. Mirror sends instructions to the system (e.g., "block this selection of apps from 9 AM to 5 PM"), but never receives back the details of your activity.
  • Opaque Tokens: The app selections you make via Apple's picker are stored as "opaque tokens" (encrypted IDs). Mirror cannot read the names of the apps you've selected—only the iOS system can.
  • No Central Database: We do not have a database containing your app usage or history. This info is managed exclusively by Apple on your device.

4. Anonymous User Identifier

In summary: Mirror uses an anonymous technical ID to keep your experience consistent across sessions — it is not linked to your name, email, or any real-world identity.

When you first launch Mirror, Firebase Authentication generates a random anonymous identifier (UID) — think of it as a cryptographic serial number. This UID is used to:

  • Keep your profile, preferences, and support history consistent if you reinstall the app on the same device.
  • Link analytics events so we can measure product metrics accurately (e.g., onboarding completion rate).
  • Associate crash reports with the specific user state at the time of the crash for faster debugging.

The UID is not tied to your Apple ID, email, phone number, or any personal information. It is a persistent pseudonym, not an anonymous identifier in the strict sense of the GDPR — which is why this policy, Apple's App Privacy labels, and our data-processing activities treat all data linked to this UID as "linked to you" under Apple's and GDPR's definitions, even though we cannot identify you as an individual without additional information (e.g., an email you voluntarily send to support).

5. Use of Data

In summary: We use your data exclusively to provide, personalize, improve, and secure the service.

We use the collected data exclusively for the following purposes:

  1. Providing the Service: Managing your local profile, block sessions, and preferences.
  2. Personalizing your Experience: Tailoring the "Journey" content and recommendations to your profile.
  3. Improving the App: Analyzing aggregated and anonymized usage trends to develop new features.
  4. Ensuring Security: Detecting and preventing fraudulent activity.

6. Third-Party Services

In summary: We use a limited number of trusted providers (Firebase, RevenueCat, Apple) to run Mirror.

We use a limited number of technical providers to run Mirror:

  • Firebase Authentication (Google LLC) — Generates an anonymous technical identifier (UID) used to link your profile and analytics events. No email, password, or personal credential is collected.
    Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Cloud Firestore (Google LLC) — Hosts your server-side profile (users collection), support tickets (contact_tickets), and voluntary feedback messages (feedbacks). Data is encrypted in transit and at rest.
    Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Firebase Analytics (Google LLC) — Pseudonymized usage events (features used, screens visited, paywall views, onboarding progression, subscription purchases). Events are linked to the anonymous UID above. No personal screen time data is collected.
    Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Firebase Crashlytics (Google LLC) — Crash reports and error traces, associated with the anonymous UID to help us reproduce bugs.
    Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • RevenueCat Inc. — Processes subscription data including anonymous device identifier, purchase history, subscription status, and anonymous subscriber ID. RevenueCat acts as a data sub-processor.
    RevenueCat Inc., 633 Tarava St Suite 101, San Francisco, CA 94116, USA.
  • Apple (App Store) — Financial transactions handled entirely by Apple. Mirror does not have access to your payment details.

Note: For transfers to the U.S., we rely on the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights (GDPR & CCPA)

In summary: You can access, correct, delete, or export your data at any time.

You have the following rights regarding your personal data:

  • Access & Rectification: Obtain a copy or correct your data.
  • Erasure ("Right to be forgotten"): Request the deletion of your personal data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection & Restriction: Object to processing based on legitimate interests.

To exercise these rights, contact us at: contact@playmirror.so. We will respond within 30 days.

8. How to Delete Your Data

In summary: Send us an email and we will erase every piece of data we hold about you.

We want this to be simple:

  1. By Email (recommended): Send a request to contact@playmirror.so with the subject "Data Deletion". Include the anonymous User ID visible in the app (Settings > About > Identifier) so we can locate your data. We will erase:
    • your server-side profile in Cloud Firestore,
    • your support tickets and feedback submissions,
    • the anonymized analytics data associated with your device, and
    • the anonymous Firebase Authentication account.
    This is processed within 30 days.
  2. Uninstalling the app: Removing Mirror from your iPhone immediately erases all local data (preferences, avatar, cached tokens). However, the server-side data listed above must be deleted via the email request above.
Coming soon: A one-tap "Delete My Data" button inside the app is being worked on and will ship in a future update.
⚠️ Note: Deleting your data does NOT automatically cancel your App Store subscription. You must do this in your iPhone Settings > [Your Name] > Subscriptions.

9. Data Retention

In summary: We keep your data only as long as necessary, and no longer.
  • Account Data: Retained while the account is active, then for 90 days after deletion.
  • Analytics: Maximum 26 months.
  • Billing Data: 10 years (French legal/tax requirement).

10. Contact

For any questions regarding your privacy, please contact: