Mirror← Back to home

Privacy Policy

Last updated: June 22, 2026

Who we are

Mirror is operated by Ivannikov Denys, based in Ukraine, the data controller responsible for your personal data. You can reach us at hello@mirror-tracker.com.

The short version

Mirror is a local-first app. Your transactions, plans, and reflections are stored on your iPhone and synced only through your own Apple iCloud account. We do not run an ad network, we do not sell or rent your data, and we do not build advertising profiles. The data we do process is limited to what keeps the app working and lets us fix problems.

Data we process

The information involved in running Mirror falls into a few categories:

  • Your financial entries. Transactions, plans, and reflections you create. These stay on your device and sync through your private iCloud database. We cannot read them.
  • Account identifiers. When you sign in with Apple or Google, we receive an identifier and, depending on your choice, an email or Apple private-relay address — used only to associate your subscription and restore access across your devices.
  • Subscription status. Purchase and trial state, and transaction identifiers, handled by our subscription providers to unlock premium features.
  • Product analytics. De-identified usage events (for example, which screens are opened) that help us understand how the app is used in aggregate.
  • Diagnostics. Crash and error reports, with personal information scrubbed, so we can fix bugs.

Third-party processors

We use a small set of vetted providers. Each receives only the data needed for its function:

  • Mixpanel — product analytics (de-identified usage events).
  • Sentry — crash and error diagnostics (personal data scrubbed).
  • RevenueCat — subscription management and entitlements (purchase status, transaction identifiers).
  • Superwall — paywall presentation and conversion measurement.
  • Sign in with Apple / Google Sign-In — authentication (account identifier, email or private relay).
  • Apple iCloud / CloudKit — storage and sync of your financial entries in your own private iCloud database. Apple acts as a processor; the data is not visible to us.

International data transfers

Some of our processors — for example Mixpanel, Sentry, RevenueCat, and Superwall — are based in the United States, so your data may be processed outside your country. Where we transfer personal data outside the European Economic Area or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Legal bases for processing

If you are in the European Economic Area or the UK, we process your personal data on the following legal bases:

  • Performance of a contract — to provide the app, manage your subscription, and restore your purchases.
  • Legitimate interests — to keep the app secure, diagnose and fix bugs, and understand aggregate usage to improve the product, balanced against your rights.
  • Consent — where required, for example optional analytics; you can withdraw your consent at any time.
  • Legal obligation — where we are required to retain or disclose data to comply with the law.

On-device storage and sync

Your financial data is stored locally on your device and mirrored to your personal iCloud account so it can sync across the devices signed in to your Apple ID. It is not stored on Mirror-operated servers, and it does not leave Apple's ecosystem as part of normal use.

Data retention

Your entries persist on your device and in your iCloud until you delete them or delete your account. Analytics and diagnostic records are retained by the respective providers for a limited period in line with their standard retention windows. Deleting your account in Settings removes your local and iCloud data.

Automated processing

Mirror's Spending Score and Spending Personality are generated on your device to help you reflect on your own habits. They are not used to make any decision that produces legal or similarly significant effects about you.

Your rights (GDPR / CCPA)

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Because most of your data lives on your device, you can exercise much of this directly in the app — including deleting your account and all associated data. For any remaining requests, contact us at the address below.

You also have the right to withdraw consent at any time, where our processing is based on consent, and to lodge a complaint with your local data protection authority.

We do not sell or share your personal information — including for cross-context behavioral advertising — as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA), and we will not discriminate against you for exercising any of your privacy rights.

Children

Mirror is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, please contact us so we can remove it.

Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with an updated date at the top of the page.

Contact

Questions about privacy? Email us at hello@mirror-tracker.com.