Privacy Policy

Effective Date: June 12, 2026 · Version: 2.0

At Mirava (“we,” “our,” or “us”), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our app pricing automation service.

Mirava is operated from the European Union and acts as the data controller for personal information processed about account holders and visitors to our website. For data that you upload about your apps and customers, we generally act as a data processor on your behalf.

Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Create an Account: Name, email address, and password
  • Contact Support: Communication details and support inquiries
  • Subscribe to Services: Billing information processed through secure payment processors
  • Update Profile: Optional profile information and preferences

App and Business Data

  • App Information: App names, bundle IDs, platform details, and pricing configurations
  • Usage Analytics: How you interact with our platform and which features you use
  • Pricing Data: Historical pricing decisions and revision information
  • Performance Metrics: Aggregated data about pricing strategy effectiveness

Technical Information

  • Device Data: Browser type, operating system, and device identifiers
  • Usage Logs: IP addresses, access times, pages viewed, and referral sources
  • Cookies: Information stored through cookies and similar tracking technologies
  • API Usage: Platform API call logs and response data (anonymized)

Platform Integration & Credential Security

Mirava Acts on Your Behalf — You Stay in Control

When you connect a store, you authorize Mirava to act as your service provider for pricing. The platform credentials you provide will be stored encrypted at rest, isolated to your organization, and used only to carry out the pricing actions you authorize. You remain the principal, you can revoke access at any time, and your credentials will be deleted in line with our credential lifecycle practices.

To let Mirava manage pricing on your behalf, you connect a store (Apple App Store, Google Play Store or Stripe) and provide the relevant platform credentials. We handle those credentials according to the following principles:

  • Encrypted, Tenant-Isolated Storage: The platform credentials you provide will be stored encrypted at rest and isolated to your organization, so that Mirava can act for you without re-prompting for them. For the Apple App Store this includes the API signing key you provide. For Google Play, Mirava holds no private key: access uses a Workload Identity Federation configuration that authorizes Mirava to impersonate a service account you control, and that configuration — which itself contains no secret — will be stored encrypted and isolated to your organization.
  • Least-Privilege Access: We request only the platform scopes and roles needed to perform the pricing tasks you enable, and use your credentials only for those authorized purposes.
  • Audit Logging: Actions Mirava takes on your behalf are recorded so you can see what was changed, when, and on which connected store.
  • Revoke Anytime; Deleted on Disconnect:You may disconnect a store or revoke Mirava’s access at any time. Your credentials will be deleted when you disconnect the store and when your account is closed, in line with our credential lifecycle practices.
  • Service-Provider Posture: Mirava acts solely on your behalf as your service provider under the applicable platform agreements. Every action is authorized by, and attributable to, you, and you remain the principal in all platform interactions.

These commitments — including encryption at rest, tenant isolation, least-privilege scopes, rotation, audit logging, and deletion on disconnect and account closure — are described in further detail on our Security page and in our Terms of Service.

Platform Data We Ingest & Market Benchmarks

When you connect a store, you authorize Mirava to ingest data about your apps so we can power pricing, analytics, and market intelligence on your behalf. Depending on the platform and the features you enable, this may include, across the products in your account:

  • Pricing & catalog data: price points, price tiers, in-app products and subscription configurations
  • Revenue & sales data: proceeds, units, and related financial reporting from your connected stores
  • Reviews & ratings: customer reviews and star ratings for your apps
  • Performance statistics: downloads, conversion, and other store performance metrics

We use this data to deliver the service to you — for example, to recommend and apply regional pricing, to report on pricing performance, and to surface market-intelligence insights for your own apps.

Market Benchmarks

As part of using Mirava, your pricing and performance data is included in aggregated, anonymized market benchmarks that help all participants understand pricing trends. Accepting our terms includes consenting to this contribution — it is a condition of using the service. Benchmarks are k-anonymized: figures are aggregated across many apps and cells with too few contributors are suppressed, so your individual, identifiable data is never exposed to other customers. For these aggregated benchmarks, Mirava acts as an independent data controller for that limited purpose. We do not sell your data, and we do not share identifiable app-level data with other customers.

Ingested platform data will follow the same deletion rules as your credentials: it will be removed when you disconnect the relevant store and when your account is closed, except where we are required to retain certain records (for example, billing records) by law. See Data Retention below.

Legal Bases for Processing (EU/UK Users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases to process personal information:

  • Contract: to create and operate your account, provide the service and process payments.
  • Legitimate interests: to secure and improve the service, prevent fraud, and run product analytics in a privacy-preserving way.
  • Consent: for non-essential cookies, marketing communications and any optional integrations you explicitly enable.
  • Legal obligation: to comply with tax, accounting and other legal requirements.

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Provide, maintain, and improve our app pricing automation tools
  • Account Management: Create and manage your account, authenticate users, and process payments
  • Customer Support: Respond to inquiries, provide technical assistance, and resolve issues
  • Platform Analytics: Analyze usage patterns to improve service performance and user experience
  • Communication: Send important updates, security alerts, and marketing communications (with consent)
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes
  • Security: Detect, prevent, and address technical issues, fraud, and security vulnerabilities

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

  • Service Providers: Third-party vendors who assist in providing our services (e.g., payment processing, analytics, hosting)
  • Legal Requirements: When required by law, court order, or government investigation
  • Business Protection: To protect our rights, property, safety, or that of our users and the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification)
  • Consent: When you have given explicit consent for specific sharing purposes
  • Anonymized Data: Aggregated, k-anonymized market benchmarks and industry research, derived from data contributed as a condition of using the service

Sub-processors

We rely on a small number of vetted third-party providers (“sub-processors”) to operate the service. Current sub-processors include:

  • Amazon Web Services (AWS): hosting, storage, authentication and serverless compute (EU region).
  • Stripe: payment processing and subscription billing.
  • PostHog (EU): product analytics and event tracking.
  • Intercom: in-app messaging and customer support.
  • Reditus: affiliate referral tracking (only for users arriving via an affiliate link).
  • Email delivery providers: for transactional and (with consent) marketing emails.

We require each sub-processor to provide appropriate technical and organizational safeguards. We may add or replace sub-processors over time; material changes will be reflected in this policy.

Data Security and Protection

We implement comprehensive security measures to protect your information:

  • Encryption: All data transmission uses HTTPS/TLS encryption
  • Access Controls: Strict access controls limit who can view personal information
  • Data Minimization: We collect and retain only the information necessary for our services
  • Regular Audits: Ongoing security assessments and vulnerability testing
  • Employee Training: Staff education on data protection and privacy best practices
  • Incident Response: Established procedures for addressing data breaches or security incidents

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Connected-Store Credentials & Data:Platform credentials and ingested platform data will be deleted when you disconnect the relevant store and when your account is closed, except where a record must be retained by law
  • Billing Records: Maintained for tax and accounting purposes (typically 7 years)
  • Usage Analytics: Anonymized data may be retained indefinitely for service improvement
  • Support Communications: Retained for quality assurance and training purposes
  • Legal Hold: Data may be retained longer if required by legal proceedings

Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request access to your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request limitations on how we process your information
  • Objection: Object to certain types of processing, including marketing communications
  • Withdrawal: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us at contact@mirava.io.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for basic site functionality, security, and authentication
  • Performance Cookies: Help us understand how users interact with our platform
  • Functional Cookies: Remember your preferences and personalization settings
  • Analytics Cookies: Provide insights into usage patterns and feature adoption

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may impact platform functionality.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer personal information internationally, we ensure appropriate safeguards are in place:

  • European Commission approved Standard Contractual Clauses
  • Adequacy decisions by relevant data protection authorities
  • Binding Corporate Rules and certification schemes
  • Other lawful transfer mechanisms as required by applicable law

Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly. If you believe we have collected information from a child under 16, please contact us immediately.

Third-Party Services

In addition to the sub-processors listed above, our platform integrates with third-party services that you connect and that have their own privacy policies:

  • Apple App Store Connect: subject to Apple's privacy policy and developer agreements.
  • Google Play Console: subject to Google's privacy policy and developer terms.
  • Stripe (your account): when you connect Stripe as a store, subject to Stripe's privacy policy.

We encourage you to review the privacy policies of these third-party services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

  • Post the updated Privacy Policy on our website
  • Send email notifications to registered users for significant changes
  • Display prominent notices within our platform
  • Provide a reasonable notice period before changes take effect

Your continued use of our service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

Data Protection Officer & Complaints

If you have concerns about our data processing practices, you may:

  • Contact our privacy team directly at contact@mirava.io
  • File a complaint with your local data protection authority
  • Seek redress through available legal channels

We are committed to working with you to resolve any privacy concerns.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Team: contact@mirava.io

General Support: contact@mirava.io

Website: https://mirava.io

Response Time: We typically respond to privacy inquiries within 30 days

Last updated: June 12, 2026 · Version 2.0