Privacy Policy

Mirlo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Mirlo mobile application and website (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

We collect only what is necessary to provide the Service:

• Phone number — used to create and authenticate your account via SMS OTP.
• Profile information — your display name, username, bio, and profile photo (all optional except username).
• Posts and media — photos and videos you choose to share, along with any descriptions.
• Messages — direct messages sent between you and your connections.
• Connection data — the list of mutual connections you have established.
• Device information — push notification tokens used to deliver notifications to your device.

We use the information we collect to:

• Create and manage your account.
• Authenticate you securely via SMS OTP.
• Display your posts and profile to your mutual connections.
• Deliver direct messages in real time.
• Send push notifications for new messages and connection requests.
• Respond to support requests.

We do not use your data for advertising, and we do not sell your data to third parties.

Your data is stored securely using Supabase, a cloud infrastructure provider. Data is stored within the European Union. We use industry-standard encryption for data in transit (TLS) and at rest.

While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. We encourage you to use a secure device and protect your phone number access.

We retain your data for as long as your account is active. When you delete your account, a 7-day grace period begins during which your account is hidden but not yet removed. After 7 days, your account and all associated data — including posts, media, messages, and connections — are permanently deleted.

If you log in during the grace period, your deletion request is cancelled and your account is fully restored.

We do not sell, trade, or rent your personal information. We may share information only in the following limited circumstances:

• Service providers — we use Supabase for database, authentication, storage, and real-time messaging infrastructure.
• Legal requirements — if required by law, court order, or to protect the rights and safety of our users.

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Withdraw consent at any time by deleting your account.

To exercise any of these rights, please contact us at support@mirlo.social or use the in-app account deletion flow in Settings.

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy, please contact us at support@mirlo.social.