Privacy Policy v.2026.1
Effective Date: January 20, 2026
Mirra Note LLC (“Mirra Note,” “we,” “us,” or “our”) provides a journaling and reflection service that analyzes user-submitted journal entries and generates personalized letters, summaries, and related content (“Service”). This Privacy Policy describes how we collect, use, store, disclose, and protect personal information in connection with the Service. By using the Service, you consent to this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must not use the Service.
You must be at least eighteen (18) years old to use the Service, and the Service is not available to residents of the State of Illinois. If you are under eighteen or a resident of Illinois, you may not create an account or use the Service. We do not knowingly collect personal information from minors.
When you create an account, we collect personal information such as your first and last name, email address, mailing address (if needed for physical mail delivery), and other account details. Account authentication is handled by Supabase Auth, and we do not store your password in plaintext. We also store additional information related to your preferences, subscription status, delivery mode, and liability acceptance, as well as the date your account was created. If you choose to subscribe to a paid plan, Stripe processes your payment, and Stripe stores your payment card details, billing address, shipping address, and transaction history. We store Stripe customer identifiers, subscription identifiers, price identifiers, billing cadences, subscription status, cancellation settings, current period start and end dates, delivery mode, upcoming delivery dates, missed delivery data, and cancellation dates. We do not store full card numbers.
When you submit journal entries through the Service, whether typed or converted from handwritten content through optical character recognition (OCR), we store the resulting text in Supabase and generate metadata related to themes, emotions, relationships, and insights, as well as commentary associated with those labels. We additionally store tallies and summaries of prominent emotional and thematic elements appearing across your entries, as well as AI-generated letters, quotes, media recommendations (for premium users), and rolling profile narratives used to personalize future reflections. We also log token usage for calls made to OpenAI’s application programming interface (API) for the purposes of letter generation, metadata extraction, quote generation, and media recommendation generation. These logs are tied to your user account. OCR images are not stored; images are processed through the application interface and discarded.
We use Pinecone to store vector embeddings for purposes such as similarity search and personalization. These embeddings contain the text of entries, the associated user identifier, the date of the entry, and a brief sentence describing the letter generated in response to an entry. Stripe processes payments and subscriptions. Supabase stores structured account and journal information, implements row-level security controls, and hosts storage buckets used to temporarily store CSV files generated to fulfill physical mail shipments. Squarespace may be used to send newsletter emails to users who opt in. Render hosts backend services, including logs related to operational performance and errors. Mirra Note prints and mails physical letters directly to users within the United States, and postal carriers such as USPS deliver the physical letters.
We use your information to provide, maintain, personalize, and improve the Service; generate letters and metadata insights; operate subscription billing; fulfill physical mail deliveries; provide customer support; manage and send administrative communications; comply with tax and legal obligations; and prevent misuse of the Service. We do not sell personal information or use personal information for targeted advertising.
We retain different categories of data for different lengths of time. Supabase data, including journal entries and associated metadata, is retained until you delete your account. Pinecone embeddings are retained until you delete your account, provided you may also request manual deletion of embeddings by email. Financial and subscription records processed by Stripe are retained for tax, legal, and anti-fraud compliance for up to seven (7) years and are not deleted automatically when an account is deleted. Temporary CSV files used for physical letter fulfillment that contain names, addresses, letter content, quotes, prompts, and media recommendations are retained for up to twelve (12) months before deletion. OCR images are discarded and not stored. Render logs are retained by the hosting provider for operational purposes only.
You may delete your account at any time through the Service. When your account is deleted, all Supabase records associated with your user identifier are deleted through cascading deletion mechanisms, and any active subscription is canceled. Stripe financial records and tax-relevant information are not deleted automatically. To request deletion of Pinecone embeddings or additional Stripe records beyond legally required retention, you may email founders@mirranote.com. You may also request a copy of your personal data by emailing the same address. Exports are provided in machine-readable formats such as CSV.
The Service is designed for reflective journaling and is not a medical, psychological, diagnostic, legal, or therapeutic tool. We discourage users from submitting medical records or diagnoses, therapy notes or transcripts, legal or financial documents, social security numbers, or information about other individuals. You are solely responsible for the content you choose to submit. The Service may generate content in response to your entries, but such content is not clinical advice and does not replace professional care. If you are in crisis or believe you may harm yourself or others, you should call emergency services or contact the 988 Suicide & Crisis Lifeline in the United States.
We employ administrative, technical, and physical safeguards to protect personal information, including encrypted data transmission, row-level security enforcement, permissions-based data access, and authentication controls. However, no method of data storage or transmission is entirely secure, and we cannot guarantee absolute security.
The Service is intended solely for residents of the United States. Physical mail fulfillment is limited to addresses located in the United States. We may update this Privacy Policy from time to time. If changes are material, we will provide notice through email or through the Service. Continued use of the Service after any update constitutes acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy, or wish to submit a data request or deletion request, you may contact us at founders@mirranote.com. Mirra Note LLC maintains a business mailing address on file which is available upon request.