Privacy Policy
How we collect, use, and protect your personal data.
Data Controller
The data controller responsible for your personal data is:
This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Mirathis platform and services. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the Lithuanian Law on Legal Protection of Personal Data, and other applicable data protection laws.
Data We Collect
Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (e.g., OAuth), we receive the information you authorize that provider to share.
Payment Data
Payment processing is handled by Paddle.com Market Limited as our Merchant of Record. Paddle collects and processes your billing information (credit card details, billing address) directly. We do not store your full payment card details. We receive transaction identifiers, subscription status, and billing country from Paddle.
Usage Data
We collect information about how you interact with the Service, including pages visited, features used, AI queries made, session duration, and error logs. This data helps us improve the Service and diagnose technical issues.
User Content
Content you input into or generate through the Service (prompts, documents, files, AI agent interactions) is processed to deliver the Service. We do not use your content to train our AI models unless you explicitly opt in to such a program.
Technical Data
We automatically collect device information (browser type, operating system), IP address, and approximate location (country/region) derived from your IP address.
Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6:
Contract Performance (Art. 6(1)(b))
Processing necessary to provide the Service you subscribed to, manage your account, and process payments.
Legitimate Interest (Art. 6(1)(f))
Processing for analytics, fraud prevention, security monitoring, and improving the Service. We balance these interests against your rights.
Consent (Art. 6(1)(a))
Where required, we obtain your consent for optional processing such as marketing communications and optional cookies. You may withdraw consent at any time.
Legal Obligation (Art. 6(1)(c))
Processing necessary to comply with applicable laws, regulations, or legal proceedings (e.g., tax record retention).
How We Use Your Data
We use your personal data to:
- •Provide, maintain, and improve the Mirathis platform and AI services.
- •Process and manage your subscription and billing.
- •Authenticate your identity and secure your account.
- •Respond to your inquiries and provide customer support.
- •Send transactional communications (account updates, billing receipts, service notifications).
- •Analyze usage patterns to improve functionality and user experience.
- •Detect, prevent, and address fraud, abuse, and security threats.
- •Comply with legal obligations and enforce our Terms & Conditions.
Data Sharing
We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:
Payment processing, billing, invoicing, tax compliance. Paddle acts as an independent data controller for payment data.
Database hosting, authentication, and storage. Data is processed under our instructions as a data processor.
Website hosting and content delivery. Processes minimal technical data (IP, request logs).
Your prompts/queries are sent to AI model providers to generate responses. Providers process data under our agreement and do not use it for training.
We may also disclose data if required by law, in response to valid legal process, or to protect the rights, property, or safety of Mirathis, our users, or others.
International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- •EU Standard Contractual Clauses (SCCs) approved by the European Commission.
- •Adequacy decisions by the European Commission for countries with equivalent data protection.
- •The EU-US Data Privacy Framework, where applicable.
- •Binding Corporate Rules where adopted by the recipient.
You may request a copy of the safeguards we use by contacting us at privacy@mirathis.pro.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restriction
Request restriction of processing in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint
File a complaint with the Lithuanian State Data Protection Inspectorate or your local supervisory authority.
To exercise any of these rights, contact us at privacy@mirathis.pro. We will respond to your request within 30 days, as required by GDPR.
Cookies & Tracking
We use cookies and similar technologies for the following purposes:
Essential Cookies
NecessaryRequired for authentication, security, and basic site functionality. Cannot be disabled.
Analytics Cookies
Legitimate InterestHelp us understand usage patterns and improve the Service.
Preference Cookies
ConsentRemember your settings and preferences across sessions.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.
Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- •Encryption of data in transit (TLS 1.3) and at rest (AES-256).
- •Access controls and authentication for all internal systems.
- •Regular security assessments and monitoring.
- •Namespace isolation between user workspaces — no cross-tenant data access.
- •Credential separation — integration tokens never touch AI inference layers.
- •Incident response procedures for potential data breaches.
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date and notify you via email or through the Service. We encourage you to review this policy periodically.
Contact & Data Protection
For any questions about this Privacy Policy, to exercise your data protection rights, or to make a complaint, please contact us:
You also have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybine duomenu apsaugos inspekcija) at vdai.lrv.lt or with your local data protection authority.
Effective: February 16, 2026