← Home

MIRRA

Privacy Notice

Last updated: July 14, 2026

1. Who is responsible for your data

The data controller is EVERSINCE, a French société par actions simplifiée with a share capital of €1,000, registered with the RCS of Bourges under number 999 875 461, registered office: Rue François Coillard, 18000 Bourges, France. For any privacy question or request, contact us at mirra@eversince.io. This notice describes how we process personal data in accordance with the EU General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés) and, for United States residents, applicable US state privacy laws (see section 11).

2. Who this notice applies to

This notice applies to everyone who visits Mirra, takes the quiz, creates an account or purchases the service. It forms part of our Terms & Conditions.

3. The data we collect

4. Why we process it, and on what legal basis

Your portrait and reading are generated automatically from your answers, but Mirra makes no automated decisions that produce legal or similarly significant effects about you (Art. 22 GDPR).

5. If you don't provide the data

The quiz answers and your email address are necessary to create your portrait, reading and account: without them we simply cannot deliver the service. Everything else is optional.

6. Who we share your data with

We never sell your personal data and we share it only with processors acting on our instructions under data-processing agreements:

Beyond processors, we may disclose data to professional advisers, to authorities when legally required, or as part of a merger or sale of assets — in which case this notice continues to apply to your data.

7. Where your data is processed

Our providers process data in the United States and/or the European Union. If you are in the US, your data may therefore be stored and processed in the US. For data originating in the EU/EEA, transfers outside the EEA are protected by an adequacy decision (such as the EU–US Data Privacy Framework, where the provider is certified) or by the European Commission's Standard Contractual Clauses, together with additional safeguards such as encryption at rest and in transit. You can request a copy of the relevant safeguards at mirra@eversince.io.

8. How long we keep your data

9. How we keep it secure

Data is encrypted in transit and at rest. Your portrait lives in a private bucket and is only ever served through short-lived signed links tied to your session. Access is restricted by row-level security so that each account can only ever read its own data. Sign-in uses one-time email links with secure, httpOnly cookies. In the event of a breach likely to result in a risk to you, we will notify the CNIL and, where required, you, within the legal timeframes.

10. Your rights

Wherever you live, you may at any time, free of charge (residents of the EU/EEA and UK hold these rights under the GDPR; US residents, see also section 11):

To exercise a right, use your account page or write to mirra@eversince.io; we may ask you to confirm control of your account email, and we answer within one month. If you believe your rights have been infringed, you can lodge a complaint with the French supervisory authority, the CNIL (3 place de Fontenoy, 75007 Paris — www.cnil.fr), or with the authority of your country of residence.

11. Additional disclosures for United States residents

This section applies if you reside in a US state with a comprehensive privacy law (such as California, Colorado, Connecticut, Texas, Utah or Virginia). In the past 12 months we have collected the categories of personal information described in section 3: identifiers (email address, account IDs), customer records and commercial information (purchases, subscription status), internet activity (first-party funnel events and technical logs), and inferences reflected in the content generated for you. We collect them for the purposes in section 4 and disclose them only to the service providers in section 6.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We use no targeted-advertising cookies or trackers, so there is nothing to opt out of. We do not use sensitive personal information for purposes that would trigger a right to limit under California law, and we do not knowingly collect data from anyone under 18.

You have the right to:

To exercise these rights, use your account page or email mirra@eversince.io. We verify requests by confirming control of your account email, respond within 45 days (extendable once by 45 days where permitted), and accept requests from an authorized agent with signed proof of authority, subject to the same verification. If we refuse a request, you may appeal by replying to our decision; where your state provides it, you may also contact your state Attorney General.

12. Cookies

Mirra uses only cookies that are strictly necessary to run the service (session and security cookies). We use no advertising or cross-site tracking cookies. Details are in our Cookie Policy.

13. Children

Mirra is reserved for adults aged 18 or over. We do not knowingly collect data from minors; if you believe a minor has provided us data, contact us and we will delete it.

14. Changes to this notice

If we materially change this notice, we will inform you by email or through the service before the change takes effect, and update the date at the top of this page.