Privacy
Privacy policy
Last updated
This policy describes how Mira (operated by Mira Fit, “we”, “us”, or “Mira”) collects, uses, and protects information when you visit mymira.fit or use the Mira product. We’ve written it in plain language because we’d want the same.
The short version
- Your camera feed for form checks is processed entirely on your device. We never receive, store, or see video.
- We collect only what we need to run the product — your email if you sign up, your score history, your trainer chat messages.
- We never sell your data. We use a small number of vendors (listed below) strictly to run the product.
- You can request a full data export or full deletion any time at privacy@mymira.fit or directly inside the app.
Camera & movement data
Your camera feed never leaves your device. Mira’s form-check tool runs on the KinesteX SDK, which performs all motion analysis locally in your browser using on-device computer vision. Raw video frames are never uploaded, stored, or seen — by us, by KinesteX, or by anyone else.
What we do receive from the form-check are anonymous biomechanical metrics: joint angles, rep counts, tempo, symmetry percentages, and the resulting form score. These metrics are stored against your account (or anonymously if you don’t sign up) so you can see your progress over time.
If you don’t want to use the camera, you don’t have to. Every page that asks for camera permission requires you to opt in explicitly; declining keeps you in the product and you can still access articles, topic pages, and your account.
What we collect, and why
| Category | What | Why |
|---|---|---|
| Account | Email, first name (optional) | To deliver your results, your plan, and account-management emails. |
| Form-check sessions | Score, primary fault, joint metrics | To show you your progress and let you retest over time. |
| Trainer chat | Your responses to the AI trainer (e.g. sleep, soreness) | So the AI can program around your day. Never sold; visible only to you and the model run. |
| Subscription | Stripe customer ID, plan status | To grant/revoke access to the AI trainer. We never see your card details — Stripe handles them. |
| Device | Browser, OS, IP (hashed), language | To deliver the correct experience and detect abuse. IPs are SHA-256-hashed if used for rate limiting. |
| Analytics (if you consent) | Page views, button clicks (no personal content) | To improve the product. Off by default until you accept analytics in the cookie banner. |
Who we share data with
We use a small number of vendors to operate the product. Each is bound by Data Processing Agreements; none sells our user data.
- Google Firebase — authentication, database (Firestore), storage. Data processed in the United States.
- Vercel — hosting and edge delivery. Logs purged on a rolling 7-day window.
- KinesteX — on-device computer vision SDK. Receives only anonymous biomechanical metrics; never receives video.
- Stripe — payment processing. Handles all card data directly under their PCI-DSS coverage.
- Resend — transactional email (your form-check result, trial reminders).
- PostHog (optional, consent-gated) — product analytics. Only fires after you accept analytics cookies.
Your rights (GDPR, CCPA, and beyond)
You have the right to:
- Access a copy of the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (the “right to be forgotten,” GDPR Article 17).
- Object to processing for marketing.
- Port your data to another service.
To exercise any of these rights:
- For deletion or any of the above: email privacy@mymira.fit from the address tied to your account. We aim to respond within 30 days.
Cookies
Mira uses cookies sparingly. Three categories:
- Necessary — required for the site to work (session, CSRF, theme). Always on.
- Analytics — PostHog page-view and event tracking. Off by default; opt in via the consent banner.
- Marketing — we don’t currently use marketing cookies.
You can change your cookie preferences any time by clicking “Cookie settings” in the footer.
Data retention
Active accounts: we keep your data while your account is active and for 90 days after deletion, then purge. Anonymous form-check sessions: retained for 12 months for the share URL to keep working, then purged. Email captures from the exit-intent guide: retained for 24 months, or until you unsubscribe.
Children
Mira is built for adults 18+. We do not knowingly collect data from anyone under 18.
International transfers
Our infrastructure is primarily US-based. If you’re visiting from the EEA, UK, or other regions with data-export rules, your data is transferred under the appropriate safeguards (Standard Contractual Clauses with our vendors).
Changes to this policy
We’ll update this page when the policy changes and bump the “Last updated” date. For material changes that affect how we use your data, we’ll email you.
Contact
Privacy questions: privacy@mymira.fit. General: hello@mymira.fit.
This privacy policy is provided in good faith but is not legal advice. The text should be reviewed by qualified counsel for your jurisdiction before any public launch — especially the GDPR, CCPA, and HIPAA-adjacent sections.