Privacy Policy

Mirlo is operated by Mirlo Social, based in The Netherlands. We are the data controller for the personal data you provide when using this app. You can reach us at support@mirlo.social.

We collect:

• Account information — phone number, username, display name, optional bio and profile photo.
• Content you post — photos, videos, and text descriptions.
• Messages — the content of direct messages you send and receive.
• Usage data — device push notification token (if you grant permission), content preferences, and privacy settings you configure.
• Connection data — the connections you form and requests you send or receive.

We use your data solely to operate Mirlo. Specifically:

• To display your profile and posts to your mutual connections.
• To deliver direct messages between you and your connections.
• To send push notifications you have opted into.
• To apply the content preferences and privacy settings you choose.
• To respond to support requests.

We do not use your data for advertising, profiling, or any purpose beyond operating the app.

We will never sell, rent, trade, or share your personal data with advertisers, data brokers, or any third party for commercial purposes. Your data is not a product.

Mirlo does not show advertisements. We do not build advertising profiles, track you across other apps or websites, or share data for marketing purposes.

We process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the service you signed up for (account, posts, messages, connections), including using your phone number to authenticate you via SMS.
• Legitimate interests — keeping the platform safe and preventing abuse.
• Consent — push notifications (you can withdraw this at any time in your device settings).

Your data is stored on Supabase infrastructure hosted in the European Union (eu-west-1). We apply industry-standard technical and organisational measures to protect your data against unauthorised access, loss, or misuse.

Mirlo uses the following third-party services that process data on our behalf:

• Supabase (database, file storage, authentication) — data stored in the EU.
• Expo / Firebase Cloud Messaging (push notifications) — only your push token is shared, not message content.
• CM.com (SMS delivery) — your phone number is shared solely to deliver one-time verification codes. CM.com is a Netherlands-based provider operating under GDPR.

These providers act as data processors under GDPR and are bound by appropriate data processing agreements.

We retain your data for as long as your account is active. You can delete your account at any time from Settings → Delete account.

When you initiate deletion, your account enters a 7-day grace period. During this time your profile, posts, and connections are hidden from everyone. You can cancel the deletion by logging back in.

After 7 days, your account and all associated data — including posts, media, connections, messages, and conversations — is permanently and irreversibly deleted. We do not retain any personal data after this point.

As a resident of the EU/EEA you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your data (you can also do this directly in the app).
• Right to restriction — ask us to restrict processing in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@mirlo.social. We will respond within 30 days.

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens.

Mirlo is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at support@mirlo.social and we will delete the account promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes in-app before they take effect. The date at the top of this page reflects the most recent update. Continued use of Mirlo after changes take effect constitutes acceptance of the updated policy.

Questions or concerns about your privacy? Contact us at support@mirlo.social.
Mirlo, The Netherlands