Privacy Policy
Mirra (hereinafter 'the Company') takes user privacy seriously and complies with relevant privacy laws including the Personal Information Protection Act. Through this Privacy Policy, we aim to inform you about how the personal information you provide is used and what measures are taken to protect your privacy.
1. Items of Personal Information Collected
- Required Items:
- Member Registration and Management: Email address, password
- Threads Account Integration: Threads user ID, username, profile information (name, bio, profile photo URL), Threads API access token
- Instagram Account Integration: Instagram user ID, username, profile information, Instagram Graph API access token, business account information
- Twitter (X) Account Integration: Twitter user ID, username, profile information, Twitter API access token and refresh token
- LinkedIn Account Integration: LinkedIn user ID, profile information, Organization ID (when connecting company pages), LinkedIn API access token
- YouTube Account Integration: YouTube channel ID, channel information, Google OAuth access token and refresh token
- Information that may be automatically generated and collected during service use:
- Service usage records, access logs, cookies, access IP information, device information, browser information
- Data collected through social media platform APIs: Profile views, follower count, follower demographics (country, city, age, gender), published posts and comment content, likes/reposts/replies count, reach and impressions
- YouTube channel data: Subscriber count, view count, comments, video statistics
- DM and comment automation related data: Received DM content, comment content, automated response logs
- AI feature usage data: Generated content ideas, related research data, AI usage logs (feature name, model name, token usage, processing time, etc.)
- Saved CTA template content, brand identity settings
- Short-form video generation related data: Used media, generated scripts, TTS voice data
- When using paid services (payment information is processed through external payment gateway):
- Subscription status, plan information, AI credit usage, etc. (The Company does not directly store sensitive payment information such as card numbers)
Collection Method: Collection through website registration, service use, social media platform API integration (Threads, Instagram, Twitter/X, LinkedIn, YouTube), customer center inquiries, event participation, and information collection tools
2. Purpose of Collection and Use of Personal Information
- Service Provision: Member identification, social media account integration and management (Threads, Instagram, Twitter/X, LinkedIn, YouTube), AI-based content creation and posting automation, DM automation and comment automation feature provision, social media account analytics data provision, short-form video generation, payment processing, service usage statistics and analysis
- Member Management: Identity verification for membership services, personal identification, prevention of fraudulent use by problematic members and unauthorized use, confirmation of membership intent, age verification, complaint handling and grievance processing, delivery of notices
- Marketing and Advertising: Development of new services and provision of customized services, delivery of promotional information such as events (with consent), analysis of access frequency or statistics on member service usage
3. Retention and Use Period of Personal Information
In principle, users' personal information is destroyed without delay once the purpose of collection and use has been achieved. However, the following information is retained for the periods specified below for the following reasons.
- Internal policy information retention reasons (fraudulent use records, etc.): Retained for 1 year after membership withdrawal to prevent fraudulent use, then destroyed
- Legal information retention reasons:
- Records related to contracts or subscription withdrawals: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records related to payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- Login records: 3 months (Protection of Communications Secrets Act)
4. Procedures and Methods for Destroying Personal Information
In principle, the Company destroys personal information without delay after the purpose of collection and use has been achieved. Destruction procedures and methods are as follows.
- Destruction Procedure: Information entered by users for membership registration is transferred to a separate database (or separate filing cabinet for paper) after the purpose has been achieved and is stored for a certain period according to internal policies and legal information protection reasons (refer to retention and use period) before being destroyed. Personal information transferred to a separate database is not used for any other purposes except as required by law.
- Destruction Method: Personal information stored in electronic file format is deleted using technical methods that make records unrecoverable. Personal information printed on paper is destroyed by shredding or incineration.
5. Provision of Personal Information to Third Parties
In principle, the Company does not provide users' personal information to external parties. However, exceptions are made in the following cases.
- When users have consented in advance
- When there is a request from investigative agencies in accordance with legal provisions or procedures and methods established by law for investigative purposes
6. YouTube API Services
This Service uses YouTube API Services to provide YouTube-related features. By using our Service, you acknowledge and agree to the following:
- Mirra uses YouTube API Services to access your YouTube channel data, upload videos, retrieve analytics, and manage comments on your behalf.
- Your use of YouTube features through Mirra is subject to the YouTube Terms of Service (https://www.youtube.com/t/terms).
- For information about how Google handles your data, please refer to the Google Privacy Policy (http://www.google.com/policies/privacy).
- You can revoke Mirra's access to your YouTube data at any time through the Google security settings page (https://myaccount.google.com/connections?filters=3,4&hl=en).
- When you disconnect your YouTube account from Mirra or delete your Mirra account, we will delete all stored YouTube data associated with your account within 30 days.
Data Refresh and Retention: YouTube channel data and video statistics are refreshed every 24 hours to keep your analytics up to date. Comment data is synchronized in real-time when you access the comment management feature. All YouTube data is deleted immediately upon account disconnection or within 30 days of account deletion.
7. Outsourcing of Collected Personal Information
The Company outsources personal information as follows to improve services, and stipulates necessary matters in accordance with relevant laws to ensure safe management of personal information during outsourcing contracts.
| Vendor | Outsourced Service |
|---|---|
| Supabase, Inc. | Provision of cloud-based database and authentication services |
| Polar | Subscription payment processing and billing management |
| Meta Platforms, Inc. (Threads/Instagram API) | Threads and Instagram account information retrieval, content posting, analytics data collection, DM and comment data processing |
| X Corp. (Twitter API) | Twitter (X) account information retrieval, content posting, analytics data collection, DM data processing |
| Microsoft Corporation (LinkedIn API) | LinkedIn account information retrieval, content posting, analytics data collection |
| Google LLC (YouTube API) | YouTube channel information retrieval, video upload, analytics data collection, comment data processing |
| OpenAI | AI-based content generation feature provision (GPT models) |
| Anthropic (Claude) | AI-based content generation feature provision (Claude models) |
| Google (Gemini) | AI-based content generation feature provision (Gemini models) |
| Groq | AI-based content generation feature provision (high-speed inference) |
| ElevenLabs | AI voice synthesis (TTS) service provision |
| AssemblyAI | Speech recognition and transcription service provision |
| Amazon Web Services (AWS) | Short-form video rendering and media storage service provision |
| PostHog | Service usage analytics and user behavior analysis |
| Resend | Email delivery service (authentication, notifications, etc.) |
| Novu | Push notification service provision |
| Trigger.dev | Background task scheduling (scheduled posting, automation, etc.) |
(The Company's personal information processing agencies and outsourcing tasks may change, and changes will be announced through this Privacy Policy.)
8. Rights of Users and Legal Representatives and How to Exercise Them
Users and legal representatives may view or modify their own or their children under 14 years of age's registered personal information at any time and may also request membership withdrawal.
To view or modify personal information, click 'Personal Information Change' (or 'Member Information Modification', etc.), and for membership withdrawal (consent withdrawal), click 'Withdraw Membership' to directly view, correct, or withdraw after going through the identity verification process. Alternatively, you can contact the Personal Information Protection Manager in writing, by phone, or by email, and we will take action without delay.
If a user requests correction of errors in personal information, we will not use or provide the personal information until the correction is completed. Additionally, if incorrect personal information has already been provided to third parties, we will notify the third parties of the correction results without delay to ensure correction is made.
The Company processes personal information that has been terminated or deleted at the request of users or legal representatives according to what is specified in '3. Retention and Use Period of Personal Information' and prevents it from being viewed or used for any other purposes.
Access permissions for connected social media accounts can be revoked directly in each platform's settings, and stored access tokens are deleted immediately upon membership withdrawal.
For YouTube specifically: You can revoke Mirra's access to your YouTube data at any time by visiting the Google security settings page at https://myaccount.google.com/connections?filters=3,4&hl=en. Additionally, you can disconnect your YouTube account directly within Mirra through the Social Accounts settings page. Upon revocation or disconnection, all YouTube data stored by Mirra will be deleted within 30 days.
9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company uses 'cookies' that store and retrieve usage information to provide individualized customized services to users. Cookies are very small text files sent by the server used to operate the website to the user's browser and are stored on the user's computer hard disk.
- Purpose of Cookie Use: To provide target marketing and personalized services through analysis of members' and non-members' access frequency or visit time, identification and tracking of users' preferences and interests, and assessment of event participation and visit frequency
- Cookie Installation, Operation, and Refusal: Users have the option to accept cookie installation. Therefore, users can allow all cookies, go through confirmation each time a cookie is saved, or refuse storage of all cookies by setting options in their web browser. However, refusing cookie installation may cause difficulties in service provision.
10. Technical and Administrative Measures for Personal Information Protection
The Company takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged when processing users' personal information.
- Password Encryption: Member passwords are encrypted for storage and management, so only the individual can know them, and verification and modification of personal information is only possible by the individual who knows the password.
- Measures Against Hacking: The Company is doing its best to prevent members' personal information from being leaked or damaged by hacking or computer viruses. In preparation for damage to personal information, data is backed up regularly, and the latest antivirus programs are used to prevent users' personal information or data from being leaked or damaged. Encrypted communication is used to safely transmit personal information over the network. Intrusion prevention systems are used to control unauthorized access from outside, and we strive to have all possible technical devices to ensure system security.
- API Token Security: API access tokens for connected social media platforms are stored encrypted, and only minimum required permissions are requested. Tokens are regularly refreshed and are deleted immediately upon membership withdrawal.
- Minimization and Training of Processing Staff: The Company limits personal information processing staff to those in charge and grants separate passwords for this purpose, which are regularly updated, and always emphasizes compliance with the Privacy Policy through regular training of staff.
- Operation of Dedicated Personal Information Protection Organization: The Company makes efforts to immediately correct and rectify problems discovered through verification of implementation of the Privacy Policy and staff compliance through internal dedicated personal information protection organizations. However, the Company assumes no liability for problems arising from leakage of personal information such as ID and password due to the user's own carelessness or internet-related issues.
11. Personal Information Protection Manager and Department
The Company designates the following departments and Personal Information Protection Manager to protect customers' personal information and handle complaints related to personal information.
- Personal Information Protection Manager: Gyutae Park
- Department: CEO
- Phone: 010-5919-7473
- Email: qkrrnjsqkr12@gmail.com
If you need to report or consult about personal information infringement, please contact the following agencies.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Safety Center (police.go.kr / 182 without area code)
12. Obligation to Notify
If there are additions, deletions, or modifications to the current Privacy Policy, notice will be provided through the 'Notices' section of the homepage at least 7 days before the revision. However, in cases of important changes to user rights such as collection and use of personal information or provision to third parties, notice will be provided at least 30 days in advance.
Announcement Date: December 24, 2025
Effective Date: December 24, 2025