← Back to Home

Privacy Policy — Mirrai.Career

Last Updated: August 13, 2025

Controller: MirrAi Chat LTD (“MirrAi”, “we”, “us”, “our”), UK company No. 16403306, 71–75 Shelton Street, London, WC2H 9JQ, UK. Contact: [email protected]. This Policy applies to Mirrai.Career.

1. Scope

This notice explains what we collect, how we use/share it, how long we keep it, and your rights when using Mirrai.Career (the Report service).

2. Data We Collect

2.1 You provide

  • Contact details: email (and, if you choose, another delivery contact).
  • Questionnaire responses via Tally.so (career goals, background, skills, preferences, etc.). We may copy your responses from Tally into our storage to prepare and deliver your Report.
  • Purchase info processed by Stripe (we receive transaction metadata — not full card numbers/CVV).
  • Support/feedback you send us.

2.2 Collected automatically

  • Technical logs: IP, device/browser, timestamps, error diagnostics, for security and troubleshooting.
  • Cookies/SDKs/tags:
    • Strictly necessary (security, load balancing).
    • Analytics/marketing (subject to consent) via Google Tag Manager, which may load Google Analytics 4, PostHog, and (if enabled) Meta tags. We avoid loading non-essential tags until you opt-in through our Osano consent banner. GA4 offers EU data collection/controls. PostHog can run in EU Cloud (Frankfurt) or self-hosted.

3. How We Use Your Data & Legal Bases (UK GDPR)

  • Provide and operate the Service (Contract): generate your Report using your inputs (via Google Gemini), deliver via Google Docs, send service emails, process payments.
  • Security, fraud prevention, service improvement (Legitimate interests): protect our service, debug, and improve using aggregated/de-identified insights. You may object at any time.
  • Analytics & marketing tags (Consent): load GA4/PostHog/Meta only after consent via Osano (you can change choices anytime).
  • Legal obligations: accounting/tax, handling lawful requests.

4. How We Generate and Deliver the Report (AI/LLM)

We transmit your questionnaire inputs to Google Gemini (via API) to generate content and compile the output into a Google Doc shared with you. Providers act under data processing terms and security measures. AI outputs may be inaccurate or incomplete (see our Terms).

5. Sharing Your Data (Processors Only)

We share data only as needed with service providers under DPAs: Tally.so (forms), Stripe (payments), Google Cloud/Gemini (AI), Google Docs (delivery), Cloudflare (security/CDN), Email delivery (transactional mail), PostHog (product analytics; EU Cloud or self-host), GTM/GA4 (analytics), Meta (ads/measurement, only after consent). We do not sell your data and do not “share” it for cross-context behavioural advertising.

6. International Transfers

Some providers may be outside the UK/EEA (e.g., US). Where transfers occur, we use appropriate safeguards: UK IDTA or EU SCCs, or—where available—recipients certified under the EU-US Data Privacy Framework and the UK-US Data Bridge (UK Extension to DPF).

7. Retention

  • Questionnaire responses & the Report: retained until you request deletion. We periodically review and may delete dormant records to respect storage-limitation.
  • Analytics data: retained per GA4/PostHog retention settings (e.g., 14–25 months) and your consent choices.
  • Logs: typically up to ~90 days for security/troubleshooting.
  • Payment records: kept as required by law.

8. Your Rights

Depending on your location, you can access, rectify, erase, restrict, object, port your data, and withdraw consent (where applicable). We aim to respond within 30 days. You can complain to the ICO (UK) or your local authority.

California (CCPA/CPRA)

If you are a California resident, you may have additional rights (know, delete, correct, limit sensitive data, non-discrimination). We do not sell personal information and do not “share” it for cross-context behavioural advertising. (If this changes, we will update this notice and honour opt-out rights.)

9. Your Responsibilities

Provide a correct, accessible email (or other chosen contact) for delivery. The quality of the Report depends on the accuracy and completeness of your inputs.

10. Security

We apply reasonable technical and organisational measures (TLS, access controls, updates, monitoring). No method is 100% secure; contact us if you suspect an issue.

11. Children’s Privacy

Mirrai.Career is for users 18+. We do not knowingly collect data from minors; if we learn of such data, we will delete it.

12. Third-Party Sites

Our forms/checkout or links may point to third-party pages (e.g., Tally, Stripe, Google, PostHog). Their privacy practices apply there; please review their notices.

13. Changes

We may update this Policy; the “Last Updated” date reflects the effective date. Material changes will be communicated reasonably (e.g., email). Continued use after updates means you accept the revised Policy.