Miri Privacy Policy
We wrote this policy in plain language. No legal jargon, no hidden catches. We want you to know exactly what we do with your data — and to walk away from this document feeling calm, not like you need to consult a lawyer.
Who is the controller of your data?
Dawid Musiał, operating a sole proprietorship registered in Poland, Tax ID (NIP): 7822871173.
Privacy contact: [email protected]
What data do we collect and why?
Phone number
Signing up and logging in to Miri happens via your phone number. Each time, we send a one-time code to it — we don't store passwords.
Profile data
While using the app, you may share information about yourself — such as your name or other details you enter yourself. We store it solely so the app works the way it should.
The content of your tasks
Your tasks, notes and everything you type into Miri — that's your data. We store it so the app can work. We don't read it, don't analyze it manually and don't sell it.
Billing data
Subscription payments are handled by an external provider (App Store or Google Play). We have no access to your card details — we never see them at all.
Technical data
We collect basic information needed to run the app: device type, operating system version, error logs. We use it solely to fix problems.
How long do we keep your data?
We keep your data for as long as you have an active Miri account. When you delete your account, your data is permanently deleted within 30 days.
Who has access to your data?
Supabase — database
We store data on Supabase infrastructure. Data is encrypted at rest (AES-256) and in transit (TLS). Supabase holds an ISO 27001 certificate. Supabase acts as a data processor on our behalf and may not use the data for its own purposes.
Google Gemini — AI features
Miri is an AI-powered app — that's its heart. Features such as sorting tasks, suggesting actions or asking questions about your tasks run on the Google Gemini API (paid plan). By using Miri, you know this from the very first launch.
What this means in practice:
- Your data is not used to train AI models.
- Google may retain queries for a maximum of 55 days, solely to detect abuse — for no other purpose.
- We have a signed Data Processing Agreement (DPA) with Google that protects your data in line with the GDPR.
Collaboration in Miri
If you use the collaboration features, the tasks or information you choose to share with another person will be visible to them. You only share what you choose — the rest of your data stays private.
No one else
We don't sell data. We don't share it with advertising companies. There are no other third parties with access to your information.
Where does our money come from?
Subscriptions. Only subscriptions. We don't make money on your data — and we never will.
Your rights
You have full control over your data. At any time you can:
- See your data — export it directly from the app.
- Correct your data — edit it directly in the app.
- Delete your account and all your data — in the app settings or by writing to us.
- Move your data — the export file is in JSON, a format other apps can read.
We respond to all requests within 30 days.
Security
We encrypt data in transit and at rest, and we isolate data between users — everyone sees only their own.
If, despite this, a security breach affecting your data ever occurs, we will inform you within 72 hours.
User age
Creating a Miri account requires being at least 13 years old. We do not knowingly collect data from younger children. If you're a parent and believe your child has created an account — write to us and we'll delete it.
Changes to this policy
If we change anything here, we'll let you know 14 days in advance with an in-app notification. We don't change the rules of the game quietly.
Have a question?
Just write: [email protected]
We reply.
This privacy policy applies to users of the Miri app on iOS and Android. The data controller is Dawid Musiał, a sole proprietorship registered in Poland, Tax ID (NIP): 7822871173. We process data in accordance with Regulation (EU) 2016/679 (GDPR). The legal basis for processing is the performance of a contract (Art. 6(1)(b) GDPR) and the controller's legitimate interest (Art. 6(1)(f) GDPR) with regard to technical data.
This English version is provided for convenience. In case of any discrepancies, the Polish version prevails.
← Back to home