Privacy Policy

The short version

Your selfie is captured by your phone's camera, analysed on-device by Apple ML Kit (iOS) or Google ML Kit (Android), and only then — after you tap ALLOW in an in-app permission dialog — transmitted over HTTPS / TLS 1.3 to Mirrorly's backend at mirrorly-production.up.railway.app, which forwards it to two third-party AI services: OpenAI (GPT-4o Vision, for the analysis text and honest-looks rating) and Replicate (Google Nano Banana + cdingram/face-swap, for the rendered "maximised" preview).

The Eyes and Game tabs add voice training: when you tap a record / talk button inside a drill, the captured audio is sent over TLS to our AURALAY backend (auralayai-production-65c2.up.railway.app), forwarded in-memory to OpenAI for transcription, language modelling, and voice synthesis, then discarded. Live "Free Flow" and "Council" voice sessions open a TLS WebSocket directly to OpenAI using an ephemeral token; that audio never traverses Mirrorly servers. The mic is only live while you're inside an active drill.

All providers process the photo or audio for the duration of one API request only, exclude it from training, and do not retain it long-term. Neither Mirrorly backend persists the bytes to disk. We do not sell your data. We do not train AI on your face or your voice. We do not require an account. You can revoke AI permission and delete all on-device data at any time in Settings.

AI data permission — every detail of what gets sent, where, and why

At the end of onboarding, before any photo bytes leave your device, Mirrorly displays a full-screen permission dialog (titled "PERMISSION TO SHARE YOUR PHOTO WITH AI PROVIDERS"). The same dialog is also shown the first time you reach any other AI-firing path (Mirror chat, try-on render, maximise) if it has not already been answered. You must tap ALLOW for any photo bytes to be transmitted; tapping CANCEL keeps the photo entirely on your device and aborts the analysis. The choice is persisted across app launches so we ask once, not every scan, unless you revoke from Settings.

Exactly what is sent

1. The selfie photo you captured (JPEG, compressed, base64-encoded inside an HTTPS POST body).
2. Sixteen geometric measurements computed entirely on your device by Apple ML Kit (iOS) or Google ML Kit (Android) before transmission: canthal-tilt angle (degrees), jaw apex angle (degrees), face width-to-height ratio, facial-symmetry score (0–100), facial-thirds split (top/mid/lower percentages), eye-spacing ratio, lip fullness, brow-to-eye gap, philtrum ratio, interpupillary-distance ratio, nose-length ratio, face-length ratio, and a head-shape category (long / oval / square / broad / round).

Not sent: your name, email, phone number, postal address, location, contacts, IP-based tracking identifiers, advertising IDs, social-login data — none of these leave your device.

Exact route the photo takes

Step 1 — your phone → Mirrorly's backend at https://mirrorly-production.up.railway.app, encrypted with HTTPS / TLS 1.3. Mirrorly's backend does NOT persist the photo bytes to disk; it forwards them to the relevant AI provider in-memory and returns the response.

Step 2 — Mirrorly's backend → AI provider:

• POST /analyse and POST /rate → OpenAI's GPT-4o Vision API at api.openai.com for the written analysis and honest-looks rating.
• POST /maximize and POST /tryon → Replicate at api.replicate.com — Google's Nano Banana model renders the "maximised" preview, then cdingram/face-swap locks the identity to your real bones.
• POST /chat → OpenAI so the in-app Mirror advisor can answer face-specific questions.

Who receives it, by name

• OpenAI, L.L.C. (San Francisco, CA, USA) — GPT-4o Vision endpoint.
• Replicate, Inc. (San Francisco, CA, USA) — Nano Banana + cdingram/face-swap endpoints.
• Mirrorly's own backend hosted on Railway — transient routing only, no persistent photo storage.

No other party — no advertisers, data brokers, analytics SDKs, social-login partners, or affiliates — receives your photo or your geometry data.

How long each party keeps it

• On your phone — until you delete the scan from inside the app or uninstall.
• In flight — encrypted by TLS 1.3, never written to disk in clear text.
• On Mirrorly's backend — bytes are NOT persisted to disk; only request timestamps and HTTP status codes are logged for operational diagnostics, and those logs auto-expire after 30 days.
• On OpenAI — for the duration of one API request; excluded from training and from long-term retention by OpenAI's standard API terms.
• On Replicate — for the duration of one inference request; excluded from training and not retained long-term per Replicate's standard API terms.

Why your photo is sent

Sole purpose: produce the analysis text, the honest-looks score, and the rendered preview that you see inside the app. Your photo is NEVER used for advertising, profiling, identity matching, facial recognition, biometric template building, AI model training, or sale to third parties.

How to revoke

Settings → Revoke AI permission. After that, no further photos or measurements will be transmitted until you grant permission again. You can also delete every scan and render stored on this device from Settings → Delete all data.

Voice & training data — Eyes and Game tabs

The Eyes and Game tabs use the device microphone for charisma training. Microphone access is requested at the iOS / Android system level the first time you enter a voice drill; you may deny it and the rest of the app still works.

When audio is captured

Only when you explicitly tap a record or talk button inside a voice drill. The microphone is NOT live in the background, NOT outside an active drill, and the app does NOT listen passively.

Exactly what is sent

1. The short audio clip you just recorded, OR — for live "Free Flow" and "Council" voice sessions — a live PCM16 audio stream over a secure WebSocket.
2. Lesson metadata (lesson id, target words-per-minute band, expected warmth flag). No personal identifiers.

Not sent: name, email, phone, location, contacts, ambient audio outside the drill, advertising IDs.

Exact route

Recorded drills: phone → AURALAY backend (https://auralayai-production-65c2.up.railway.app) over HTTPS / TLS 1.3 → backend forwards to OpenAI in-memory for one request → response (transcript + reply audio) returns to phone. The AURALAY backend does NOT persist audio bytes; only timestamps + HTTP status codes are logged, auto-expiring after 30 days.

Live voice (Free Flow, Council): phone requests an ephemeral OpenAI Realtime API token from the AURALAY backend (HTTPS) → phone opens a TLS WebSocket directly to api.openai.com → live audio streams to OpenAI and replies stream back. Audio never traverses Mirrorly servers in this mode.

OpenAI models

whisper-1 (transcription) · gpt-4o (text replies) · gpt-4o-mini-tts (voice synthesis) · gpt-realtime (live voice sessions).

Who receives it

• OpenAI, L.L.C. (San Francisco, CA, USA).
• Mirrorly's AURALAY backend on Railway — transient routing and Realtime token minting only.

No other party.

Retention

• On your phone — clips deleted at drill end; transcripts not stored.
• In flight — TLS 1.3 encrypted.
• AURALAY backend — bytes not persisted; only status + timestamp logs, auto-expire after 30 days.
• OpenAI — duration of one API request or one Realtime session; excluded from training and long-term retention under OpenAI's standard API terms.

Why

Sole purpose: transcribe what you said, score your delivery (pace, conviction, warmth, presence), and play back the in-character reply. Never used for voice-print biometrics, speaker identification, advertising, profiling, AI model training, or resale.

How to stop it

Deny microphone permission in iOS / Android system settings, or simply skip the Eyes and Game tabs.

Creator mode

Settings → CREATOR is a password-gated, off-by-default switch on the Game tab's voice surfaces. It swaps the Lucien and Arena characters into a less polished coaching tone intended for adult users.

Even when CREATOR is ON, OpenAI's content policy guardrails are enforced server-side: no sexually explicit content, no real-world coercion or harassment instructions, no targeting of protected groups. CREATOR is OFF by default, must be explicitly unlocked with a password, applies only on this device, and can be re-locked at any time.

What we collect

On your device: photos you take with the scan camera, the facial-geometry numbers derived from them (canthal tilt, jaw angle, FWHR, symmetry score, facial thirds, etc.), your score, your active protocol, your training drill history (Eyes + Game), and your purchase receipts. Nothing leaves your device unless you tap a button that clearly says it will send an image or audio clip to our servers (e.g. "GENERATE IMAGE", "SCAN", "RECORD", "TALK").

On our servers, temporarily: the single photo you submit to /scan, /rate, /tryon, or /maximize for the duration of one request (seconds), or the single audio clip you submit to /v1/diablo/*, /v1/villain/*, /v1/presence/*, /v1/rhetoric/* for the duration of one request. We do not attach your photo or audio to a persistent account, because there is no account.

Face data — what it is, what it isn't

Mirrorly uses on-device computer vision to derive geometric measurements from your selfie (Apple ML Kit on iOS, Google ML Kit on Android — both run entirely on the phone). These measurements are plain numbers: a canthal-tilt degree, a jaw angle, a symmetry score. They are NOT a biometric template that could be used to recognise you, match you to another photo, or unlock anything.

What Mirrorly DOES with face data:

• Compute and display your geometry score on-device.
• Send the photo to OpenAI (GPT-4o Vision) and Replicate (Google Nano Banana, cdingram/face-swap) for the duration of one API call to generate your analysis prose and your "maximized twin" rendered image.
• Store the photo + the geometry numbers locally on your device, in the app sandbox, until you delete the app.

What Mirrorly DOES NOT do with face data:

• No facial recognition. We never match your face to any identity, account, or external database.
• No biometric template. The geometry numbers are not a fingerprint of your face — they describe shape, not identity.
• No long-term server storage. Photos sent to OpenAI / Replicate are processed for one request and discarded by their default API terms; we do not retain a copy on a Mirrorly server.
• No model training. Neither Mirrorly nor any third party we send your photo to trains AI models on it (per our use of OpenAI and Replicate's default API endpoints, which exclude API inputs from training).
• No sharing with data brokers, advertisers, or analytics partners.

Who processes your photos and voice

Photos. OpenAI — GPT-4o Vision runs your analysis and honest rating. Replicate — Google Nano Banana renders your transformation images; cdingram/face-swap locks the identity.

Voice (Eyes + Game tabs). OpenAI — whisper-1 transcribes recorded audio, gpt-4o produces text replies, gpt-4o-mini-tts synthesises in-character voice replies, and gpt-realtime drives live sessions. No other vendor processes your voice.

All providers process the photo or audio for the duration of one API request (or one Realtime session) and do not, by their default API terms, retain or train on the data we send them through the API.

Third-party protection parity

Per App Store guideline 5.1.2(i), any third party that receives Mirrorly user data must provide the same or equal privacy protection as Mirrorly itself. Both AI providers we transmit photos to meet this bar:

• OpenAI — under the standard API terms, customer inputs are excluded from model training, encrypted in transit (TLS) and at rest, processed transiently for the single request, and not used for advertising, profiling, or sale to third parties.
• Replicate — under the standard API terms, model inputs are excluded from training, processed for the duration of one inference request, not retained long-term, and not used for advertising, profiling, or sale to third parties.

Mirrorly does not transmit user photos to any other third party — no advertisers, data brokers, analytics providers, or social-login partners.

What we do not collect

No name. No email. No phone number. No location. No social contacts. No tracking across other apps. No advertising identifier for profiling purposes. No voice-print biometrics. No speaker identification. No facial recognition or biometric template.

Children

Mirrorly is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app, email info@m2mb.co.uk and we will delete any on-device and server-side records associated with the submission.

Your rights

Access: all your data is on your device; open it in Settings → App Privacy → See all app data.

Deletion: delete the app to erase on-device data; the transient server-side request data is auto-expired.

Opt-out of auto-renewal: App Store or Google Play account settings.

Purchases

Billing is handled by Apple (App Store) or Google (Play Billing). Mirrorly never sees your card number. We see only a receipt that confirms whether your subscription is active.

Security

Photos in transit are sent over HTTPS. On your device, photos are stored in the app's sandboxed documents directory and are deleted when the app is uninstalled.

Changes

We may update this policy. Material changes will be surfaced inside the app before they take effect.

Contact

Questions or data requests? Email info@m2mb.co.uk.