Mirra
Request access

Legal

Privacy policy

Last updated April 17, 2026

This policy describes what information MirraLabs collects on the Mirra website and through the Mirra product, how we use it, who we share it with, and the choices you have. We've tried to write it in plain English; if anything is unclear, email us at [email protected].

1. Who we are

“Mirra,” “we,” or “us” refers to MirraLabs, the company that operates mirra.run and the Mirra product (the “Service”). If you want to reach our privacy team, write to [email protected].

2. What we collect

Information you give us

  • Waitlist email. When you submit the waitlist form, we store the email address you provide and the time of submission.
  • Contact messages. When you use the contact form, we store your email, the message body, and optionally your name and the topic you selected.
  • Demo bookings. If you schedule a call with us, the scheduling tool (currently Cal.com) collects your name, email, and availability; those details are shared with us.

Information we collect automatically

  • Server logs. Our hosting provider records standard request metadata (IP address, user-agent, URL, timestamp, response status). Logs are used to detect abuse and debug errors. We retain them for up to 30 days.
  • No client-side analytics. We do not run Google Analytics, Segment, Mixpanel, or any third-party analytics SDK on this site. We do not use cookies for tracking or advertising.

Information collected by the Mirra product

If you connect a GitHub repository to Mirra, we clone source code read-only to run detection and build preview environments. We never store your production credentials and we do not copy your real production data. Preview environments are ephemeral and destroyed on merge or close of the pull request. Full product-specific privacy details will be published here before Mirra leaves private beta.

3. How we use information

  • To invite you to the private beta and send important product updates.
  • To respond to your contact messages and scheduled demos.
  • To operate, secure, and improve the website and the Mirra product (e.g. prevent abuse, fix bugs, design new features).
  • To meet legal obligations, if applicable.

We do not sell personal information to anyone. We do not use it for advertising.

4. Who we share with

We share information only with service providers that run infrastructure for us:

  • Supabase — stores waitlist and contact records in a managed Postgres database.
  • Easypanel / our hosting provider — hosts the website and runs server code.
  • Cal.com — handles demo scheduling if you book a call.
  • GitHub — when you connect a repository via the GitHub App, GitHub passes us metadata about the repository and its pull requests. This only applies to Mirra product users, not site visitors.

Each of these providers is contractually bound to handle data only as needed to deliver the service. We do not share personal information with marketers or data brokers.

5. Data retention

  • Waitlist entries are kept until Mirra launches publicly, at which point we convert them into account invitations. If you ask us to delete your entry, we will.
  • Contact messages are kept for up to 24 months after we last corresponded.
  • Server logs are retained for up to 30 days.
  • Preview environments and twin state are destroyed within hours of the pull request closing.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict how we use it. To exercise any of these rights, email [email protected] from the address you used to sign up. We will respond within 30 days.

7. International transfers

Our infrastructure runs in the United States and the European Union. If you access Mirra from outside those regions, your information will be transferred to and processed in one of them. We use standard contractual clauses with our sub-processors where required.

8. Security

Access to databases is restricted to named team members; service keys are stored in the deployment environment and never checked into source control. We use TLS everywhere on mirra.run and require two-factor authentication for every internal tool. No system is perfect — if you discover a vulnerability, please email [email protected].

9. Children

Mirra is a product for developers and engineering teams. It is not directed to children under 16, and we do not knowingly collect information from them.

10. Changes

We may update this policy as the product evolves. Material changes will be announced on this page with a revised “last updated” date at the top and, for waitlist subscribers, by email.

11. Contact

Questions or requests: [email protected].