Effective date: 2026-04-30
App: Mirror (com.instabrain.mirror)
Operator: Rick Ray (Instabrain), Taiwan
This is the privacy policy for Mirror, an iOS app that helps you practice spoken communication (interviews, presentations, language) by recording your voice, transcribing it with AI, and replaying optimized answers in your own voice.
We’ve written this policy to be readable. If anything is unclear, email the contact below — we’ll fix the wording.
| Data | Collected when | Stored where |
|---|---|---|
| Email address | Sign-up | Supabase Auth (encrypted at rest) |
| Display name (optional) | Profile setup | Supabase Postgres |
| Voice recordings | You tap “record” in any practice flow | Supabase Storage, private bucket scoped to your user ID |
| Transcripts of your recordings | Auto-generated after each recording | Supabase Postgres |
| AI-generated optimized replies + scores | After each practice round | Supabase Postgres |
| Voice clones built from your samples | After voice signature setup | Fish Audio (third-party voice provider) + reference stored on Supabase |
| Practice history (sessions, rounds, captions) | Throughout app use | Supabase Postgres |
| Crash logs + device model + iOS version | If the app crashes | Apple Crash Reporting (anonymized by Apple) |
We do not collect: precise location, contacts, photos (unless you upload an avatar), health data, or device identifiers for advertising.
We do not:
Mirror routes audio and text through these specialized AI providers. Each runs under their own privacy policy; we send them only what’s needed for the requested operation.
| Provider | What we send | What they do | Their privacy policy |
|---|---|---|---|
| Supabase (US/Asia regions) | All app data | Auth, database, file storage | https://supabase.com/privacy |
| Vercel (US) | API requests / responses | Backend hosting | https://vercel.com/legal/privacy-policy |
| Deepgram (US) | Audio recordings | Speech-to-text transcription | https://deepgram.com/privacy |
| Fish Audio (Singapore/HK) | Voice samples + text to synthesize | Voice cloning + text-to-speech | https://fish.audio/privacy |
| Google Gemini (US) | Transcripts + prompts | Language model scoring + rewriting | https://policies.google.com/privacy |
| Hume AI (US) | Audio recordings | Voice expression analysis (when enabled) | https://www.hume.ai/privacy |
When you delete your account (Section 6), we delete data on our systems immediately and request deletion from each provider per their data-processor terms.
The iOS microphone permission is requested only when you first tap a record button. We use the microphone only while you are actively recording in-app. We do not record in the background and we do not have any “always-on” listening.
In the app: Studio (Settings) tab → Account → Delete account.
This single action:
The action is immediate and irreversible. There is no “soft delete” — once confirmed, data is gone.
If you cannot use the in-app deletion (e.g. lost device), email the contact below from your account email and we will delete within 7 days.
Depending on where you live (GDPR / CCPA / Taiwan PDPA), you may have rights to:
To exercise any of these, email the contact below.
Mirror is intended for users 17 years or older. We do not knowingly collect data from children. If you believe a child has created an account, email us and we will delete it.
Your data may be processed in the United States, Singapore, Hong Kong, and Taiwan depending on which AI provider we route through. By using Mirror you consent to these transfers. All transfers are encrypted in transit (TLS 1.2+).
usesNonExemptEncryption=false)We have not had a breach as of the effective date above. If a breach occurs we will notify affected users via email within 72 hours.
If we change anything material we’ll update the Effective date and post an in-app notice. Your continued use means you accept the change.
Email: allcare.rickray@gmail.com
Subject line: Mirror Privacy (so we route it correctly)
We respond within 5 business days.