Privacy Policy

1. General Principles

1.1. This Policy describes the processing of your personal data by us. The data protection terms apply to you if you are our customer or have expressed a desire to use our services or visit our Website.

1.2. Data protection terms may also be included in other documents and forms, including contracts concluded with you.

1.3. For the purposes of applicable data protection laws, MIRA Labs OÜ is the data controller of your personal data:

2. Definitions

2.1. Personal data (hereinafter also "data") is any information relating to a natural person which allows him/her to be identified, characterized, distinguished, associated or deduced, directly or indirectly. A person can be identified directly, for example, by name or personal identification number, or indirectly, for example, by location information, an online identifier or physiological, genetic, mental, economic, cultural, and social characteristics.

2.2. A data subject is a natural person.

2.3. A decision based on automated processing is made using information technology without human intervention.

2.4. Processing is any operation which is performed on personal data, whether manually or by automated means (e.g. collection, recording, storage, use, disclosure by transmission or erasure), regardless of the way it is performed or the means used.

2.5. Words used in capital letters, not defined in this clause, are defined in the Reservation Terms of Use.

3. Types and Sources of Personal Data Processed

3.1. We mainly process the following data in our activities (the list is not exhaustive):

3.1.1. Personal identification data, such as first and last name;

3.1.2. Contact information, such as address, phone number, email address, preferred communication channel and language;

3.1.3. Payment information, such as the name of the payer, account number, transaction amount, payment explanation, payment-related inquiries, refunds;

3.1.4. Communication data, such as data on the exchange of information with you, including forwarded correspondence and documents, support messages, feedback, survey responses;

3.1.5. Data associated with the use of the service or visiting our Website, such as cookies and IP address, location, web browser information, information about the services used, activity in the use of services, preferences, habits, satisfaction, submitted inquiries and complaints.

4. How We Receive Your Personal Data

From you

4.1.1. Contact information when you make a Free Email Reservation in a form on our Website.

4.1.2. Personal identification data, Contact information and Payment information when you make a Paid VIP Reservation.

4.1.3. Contact information and Communication data when you contact us with any questions you may have.

4.1.4. Data associated with the use of the service or visiting our Website when you use our Website.

From other sources

4.2.1. From Indiegogo Platform — Indiegogo Campaign data when you invest in MIRA Dial crowdfunding campaign.

4.2.2. Personal identification data and Contact information from shipping and fulfillment partners when processing orders after the Indiegogo Campaign or during direct sales.

5. Purposes and Legal Bases for Processing Personal Data

5.1. We will only process your data if we have a clear purpose, the processing is justified and there is a legal basis for it. We collect and process your data to the extent necessary to fulfil the specified purposes. We process your data on the following legal grounds and main purposes (the list of purposes is not exhaustive):

• Managing Free Email Reservation and Paid VIP Reservation — Performance of a contract
• Processing the Reservation — Performance of a contract
• Sending Reservation related Indiegogo Campaign confirmations and updates — Performance of a contract
• Non-essential cookies and marketing communications — Consent
• Fulfilling Indiegogo Campaign pledges and rewards — Performance of a contract
• Direct sales of the MIRA Dial product after the Indiegogo Campaign — Performance of a contract
• Processing orders, shipping, payments, returns and customer support for direct sales — Performance of a contract
• Managing Communication — Legitimate interest
• Accounting, tax and legal compliance — Legal obligation
• Improving our website and services — Legitimate interest

6. Data Retention Periods

6.1. We retain your data only as long as necessary for the purposes listed above:

• Free Email Reservation data: until the end of the Indiegogo Campaign + 18 months;
• Paid VIP Reservation data: for the duration of the Indiegogo Campaign + 7 years (to cover warranty, returns, complaints and legal/accounting obligations);
• Order, shipping and fulfillment data (Indiegogo pledges or direct sales): for the duration of the order + 7 years (to cover warranty, returns, complaints and legal/accounting obligations);
• Marketing communications (email): until you unsubscribe or request deletion;
• Other communications (emails and other): 10 years;
• Technical and analytics data: maximum 24 months;
• Payment information retained as required by Estonian tax laws (7 years).

6.2. After these periods, we will securely delete or anonymize your data.

7. Sharing Your Data

7.1. We do not sell your data. We may share your data with trusted third-party service providers who assist us in operating our Website and providing our services.

7.2. We may share your personal data with the following trusted third parties:

7.2.1. Payment processor Stripe (stripe.com). Stripe independently handles your payment card data. Please review Stripe's Privacy Policy at stripe.com/privacy.

7.2.2. Google LLC — Google Analytics (website analytics) and Google Ads (advertising). Google may use data collected via our Website for its own purposes. See Google's Privacy Policy at policies.google.com/privacy.

7.2.3. Meta Platforms, Inc. — Meta Pixel for advertising measurement and remarketing. See Meta's Data Policy at facebook.com/policy.

7.2.4. FunnelKit (funnelkit.com) — email automation and marketing communications.

7.2.5. Cloudflare, Inc. — security, performance, and bot protection (via Cloudflare Turnstile).

7.2.6. WordPress / WooCommerce — website platform and e-commerce functionality.

7.2.7. Email service providers (for sending notifications and updates).

7.2.8. Shipping and fulfillment partners (for delivering products after the campaign or during direct sales).

7.2.9. Professional service providers (accounting, legal, IT support).

7.2.10. Microsoft Clarity — session recording and heatmaps. See Microsoft's Privacy Policy at privacy.microsoft.com.

7.3. We may also disclose your data:

7.3.1. To comply with applicable laws, regulations, or legal processes (e.g., court orders or subpoenas).

7.3.2. To protect the rights, property, or safety of MIRA Labs OÜ, our users, or others.

7.3.3. In connection with a business transaction such as a merger, acquisition, or sale of assets, in which case the acquirer will be bound by terms at least as protective as the Policy.

8. Automated Decision-Making and Profiling

8.1. We do not use automated decision-making or profiling that would produce legal effects or similarly significantly affect you.

9. Your Rights

Rights under GDPR (EU/EEA/UK)

9.1.1. Right to be informed — you must be clearly told who is collecting your data, why, how long they will keep it, who they share it with, and what your rights are.

9.1.2. Right of access — you can ask to see all the personal data we hold about you and get a copy of it.

9.1.3. Right to rectification — if your personal data is wrong or incomplete, you can ask us to correct or complete it.

9.1.4. Right to erasure ("right to be forgotten") — in certain situations you can ask us to delete your personal data.

9.1.5. Right to restriction of processing — you can ask us to stop using your data temporarily. We can still store it but usually cannot use it for other purposes.

9.1.6. Right to data portability — if your data is processed based on consent or a contract, you can ask to receive your data in a structured, machine-readable format.

9.1.7. Right to object — you can object to direct marketing or processing based on legitimate interests.

9.1.8. Rights related to automated decision-making — you have the right not to be subject to a decision based solely on automated processing.

9.1.9. Right to withdraw consent — if processing is based on consent, you can withdraw it at any time.

Rights under US State Laws

9.2. If you are a California resident, you have the following rights under the CCPA and CPRA: Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale or Sharing (we do not sell or share for behavioral advertising), and the Right to Non-Discrimination.

9.3. We use third-party analytics and advertising tools, such as the Meta Pixel and Google Analytics, to measure website performance and deliver relevant advertisements. Under certain US state laws (including California's CPRA), the use of these tools may be considered a "sale" or "sharing" of personal information for cross-context behavioral advertising. You have the right to opt out of this tracking. You may exercise this right by clicking the "Your Privacy Choices" link in the footer of our Website, which will immediately disable these tracking technologies for your browser.

9.4. If you live in another country or US state, you may have similar rights under local laws.

9.5. To exercise your rights, contact us at [email protected]. We will verify your identity before processing your request.

10. Cookies and Tracking Technologies

10.1. We use cookies to enhance your experience, analyze traffic, and support advertising. For details, refer to our Cookie Policy.

10.2. You can manage preferences at any time using our cookie consent tool.

11. International Data Transfers

11.1. As a company based in Estonia, your data may be transferred to countries outside the EU/EEA, including the United States.

11.2. We rely on the European Commission's Standard Contractual Clauses (SCCs), adequacy decisions, and other appropriate safeguards as required by GDPR Chapter V.

12. Marketing Communications

12.1. With your consent, we may send marketing emails. You may opt out by clicking "unsubscribe" in any email or by emailing [email protected].

12.2. Even if you opt out of marketing, we may still send transactional emails related to your reservation.

13. Data Security

13.1. We implement technical measures such as SSL/TLS encryption and Cloudflare protection.

13.2. However, no method of transmission is 100% secure. You are responsible for keeping your reservation confirmation confidential.

14. Third-Party Websites and Links

14.1. Our Website may contain links to third-party sites (Indiegogo, social media, payment processors). This Policy does not apply to those sites.

15. Changes to the Policy

15.1. We may update the Policy to reflect changes in practices or laws. Material changes will be notified by updating the "Last Updated" date or via email.

15.2. Continued use after the effective date constitutes acceptance.

16. Contact Us

16.1. For questions or requests, contact us:

17. Complaints

17.1. We wish to resolve disagreements through negotiations first. You have the right to file a complaint with the Data Protection Inspectorate (www.aki.ee).