Privacy Policy

Updated: 1 June 2026

What we collect

Strict minimum: your email (account + communication), optional name, hashed password, Stripe customer ID (billing), payment history, technical logs with IP and user agent (security, kept 90 days).

Why we use it

Service delivery, billing, support, abuse prevention, important communication (email verification, password reset, trial expiry).

Who we share with

Stripe (payment processor, Ireland/US), our transactional email service (no-reply@miradoes.com), Cloudflare (CDN and DDoS protection). We do not sell data.

How long we keep it

Account and invoices: at least 5 years (tax law). Activity log: 90 days. Technical logs: 90 days. On request we anonymize beyond legal retention.

Your rights (GDPR)

Access, rectification, erasure, portability, processing restriction, objection. Email privacy@miradoes.com. We reply within 30 days.

Security

HTTPS everywhere, passwords hashed with bcrypt, Stripe secrets encrypted at-rest with libsodium AEAD, 2FA available, activity log with suspicious behavior detection.

Contact

DPO: privacy@miradoes.com. ANSPDCP (Romanian authority): dataprotection.ro