Privacy
Policy

Effective date: 27 April 2026

This Privacy Policy describes how Roman Seregin ("we", "us", "our"), an individual operating Mirror Field from Argentina, collects, uses, and shares information about you when you use mirrorfield.online ("Service").

1. Data Controller

The data controller is Roman Seregin, Argentina. Contact: q@mirrorfield.online.

2. Information We Collect

Information you provide

• Google account data — your name, email address, and profile picture, received via Google OAuth when you sign in.
• Journal entries — the text you write and save in the Service, along with the readings generated in response.
• Subscription and payment data — plan type and billing status. Full payment card details are handled exclusively by Lemon Squeezy; we never see or store your card number.

Information collected automatically

• Usage and technical logs — IP addresses, browser type, pages visited, error traces, and similar technical data collected to operate and improve the Service.
• Analytics cookies — when you accept analytics cookies, Google Analytics 4 (GA4), loaded via a server-side Google Tag Manager container, sets cookies such as _ga, _gid, and _gtag to measure traffic and aggregate usage patterns. No personally identifiable information is sent to Google Analytics.
• Marketing and advertising cookies — when you accept marketing cookies, advertising platforms we use (see Section 5) may set cookies such as _fbp and _fbc (Meta), and read the _gclid parameter (Google Ads) to measure ad conversions and enable remarketing. If you have not accepted marketing cookies, these technologies are not activated.
• Preference cookies — when accepted, we store your language and theme choices locally so they persist across sessions.

3. How We Use Your Information

• To authenticate you and maintain your account.
• To store and retrieve your journal entries and generate AI-assisted readings.
• To process subscription payments and send transactional emails (receipts, billing notices).
• To monitor service health, debug errors, and improve the Service.
• To measure the effectiveness of our advertising campaigns and, where you have given consent, to show you relevant ads on third-party platforms (remarketing / custom audiences).
• To comply with legal obligations.

4. Legal Basis for Processing (GDPR / LGPD)

If you are located in the European Economic Area, the United Kingdom, or Brazil, we process your personal data on the following legal bases:

• Contract — processing necessary to provide the Service you signed up for.
• Legitimate interests — security monitoring and service improvement.
• Legal obligation — compliance with applicable laws.
• Consent — analytics, marketing, and advertising cookies are activated only after you explicitly accept them via our cookie banner. You may withdraw consent at any time by reopening Cookie Settings in the footer.

5. Data Sharing and Processors

We do not sell your personal data. We share data only with the following processors to the extent necessary to operate and promote the Service:

Infrastructure and core services

• Vercel, Inc. (United States) — hosting and edge infrastructure.
• Supabase, Inc. (United States) — database storage of accounts and journal entries.
• Braintrust Data, Inc. (United States) — AI evaluation and observability logging.
• Google LLC (United States) — OAuth authentication and AI model access via Google APIs.
• Lemon Squeezy, LLC (United States) — subscription billing and payment processing.
• MailerSend / Mailersend, UAB (Lithuania) — transactional email delivery.

Analytics and advertising (consent-gated)

The following processors receive data only when you have accepted the relevant cookie category. You can withdraw consent at any time via Cookie Settings.

• Google LLC — Google Analytics 4 (GA4) (United States) — website analytics. GA4 collects aggregated usage data (sessions, events, page views) to help us understand how the Service is used. Data is processed under Google's Data Processing Terms and is not used by Google for its own advertising purposes when configured with restricted data processing.
  Google Privacy Policy · GA Opt-out Add-on
• Google LLC — Google Ads (United States) — conversion measurement and remarketing. Google Ads tags track actions taken after clicking our ads (e.g. sign-ups, purchases) and may serve relevant ads to past visitors across Google's advertising network. Tags run via a server-side Google Tag Manager container to limit client-side data exposure.
  Google Privacy Policy · Google Ad Settings
• Meta Platforms, Inc. (United States) — conversion measurement and remarketing via the Meta Pixel. Meta may use event data (page views, purchases) to measure our ad campaigns and build custom or lookalike audiences on Facebook and Instagram. We rely on Meta's Advanced Matching only to the extent permitted by your consent choice.
  Meta Privacy Policy · Meta Cookie Policy
• Pinterest, Inc. (United States) — conversion measurement and remarketing via the Pinterest Tag. Pinterest may use event data to measure campaign performance and serve relevant ads to users on Pinterest.
  Pinterest Privacy Policy · Pinterest Personalisation Settings

Each processor is bound by data-processing agreements and handles data only as instructed by us. Transfers to processors in the United States are covered by Standard Contractual Clauses or equivalent safeguards where required.

6. Cookies and Opt-Out

We use four categories of cookies: Essential, Analytics, Marketing, and Preferences. You can review and change your choices at any time by clicking Cookie Settings in the site footer.

Additional opt-out options provided directly by advertising platforms:

• Google — Google Ad Settings or the Google Analytics Opt-out Browser Add-on.
• Meta — Facebook Ad Preferences or the Digital Advertising Alliance opt-out.
• Pinterest — Pinterest Personalisation Settings.

7. Data Retention

We retain your account data and journal entries for as long as your account is active. If you delete your account or request erasure, we will delete your personal data within 30 days, except where we are required to retain it longer by law (e.g., financial records for tax purposes, which we retain for up to 5 years).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your personal data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction / Objection — restrict or object to certain processing activities.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise these rights, use the data export and account-deletion options in your account settings, or contact us at q@mirrorfield.online. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data-protection authority.

9. California Residents (CCPA / CPRA)

We do not sell your personal information as defined by the California Consumer Privacy Act. Sharing data with advertising platforms for cross-context behavioural advertising may constitute "sharing" under CCPA. You may opt out by declining marketing cookies via our Cookie Settings or by contacting us at q@mirrorfield.online. California residents also have the right to request disclosure of the categories of personal information we collect and to request deletion of that information.

10. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, please contact us and we will delete the data promptly.

11. International Data Transfers

We operate from Argentina, a country recognised by the European Commission as providing an adequate level of data protection. When we transfer data to processors outside Argentina or the EEA, we rely on Standard Contractual Clauses or other approved mechanisms.

12. Russian Federation

The Service is not directed at residents of the Russian Federation for data-protection purposes. We do not seek to serve users subject to Federal Law No. 152-FZ and do not maintain data localisation infrastructure in Russia.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 14 days before they take effect. The current version is always available at mirrorfield.online/privacy.

14. Contact

Privacy questions and requests: q@mirrorfield.online.