Effective Date:June 12, 2026 · Version: 2.0
Mirava connects once to your stores and then works for you around the clock — keeping your regional pricing optimal across the Apple App Store, Google Play Store and Stripe. To do that on your behalf, Mirava will hold the platform credentials you choose to connect. This page sets out the security commitments that govern how those connections are protected.
The statements below describe the security model and the binding commitments in force for connected accounts. They define how Mirava will handle the credentials and data you connect — not a claim that any particular credential is already stored. You decide what to connect and when, and you can revoke access at any time.
Credentials you connect will be encrypted, isolated to your organization, and used only to carry out the pricing actions you authorize. Mirava acts solely as your service provider, every change is attributable to you, and you can disconnect or revoke access at any time.
The platform credentials you connect will be encrypted at rest using a managed key service (KMS-backed encryption) and will never be stored in plaintext. All data exchanged between your browser, Mirava, and the platform APIs is transmitted over encrypted connections (TLS).
For Google Play specifically, Mirava will hold no private key at all. Access uses short-lived federatedtokens, and any configuration you connect contains no secret: Mirava’s workload can act only because you authorized it to impersonate a service account you control, and you can withdraw that authorization at any time. That configuration will still be held encrypted and isolated to your organization as described above. For the Apple App Store, the API signing key you provide will be the credential held encrypted at rest.
Mirava is a multi-tenant platform built so that one organization can never access another organization’s data. Every record — brands, products, and pricing — is scoped to your organization and protected by row-level authorization that is enforced on every request. The credentials you connect will be partitioned in the same way.
Mirava requests only the platform scopes and roles it needs to perform the pricing tasks you enable — nothing more. When you connect a store, the scope of what Mirava can do is shown to you in plain language, and additional capabilities are activated progressively as you enable the corresponding features.
Mirava acts solely as your service provider: every pricing change Mirava makes is authorized by, and attributable to, you. To make that accountability visible, Mirava will maintain an audit trail of the actions taken on your behalf so you can see what changed, when, and on which store — for example, “Mirava updated pricing for N products on {store} at {time}on your behalf.”
You remain in control of every connection for its entire lifetime. Connected credentials will not outlive the relationship, and the following commitments govern how they are managed and removed.
Revoking access does not undo pricing changes that were already made on your behalf; it stops Mirava from making further changes for that connection.
If you believe you have found a security vulnerability or have a concern about how your data or credentials are handled, please contact us so we can investigate promptly.
Email: contact@mirava.io
This security statement should be read together with the documents that govern your use of Mirava and how we handle your data:
Last updated: June 12, 2026 · Version 2.0