top of page

MirrorCare Ltd. – Privacy & Data Protection Policy


Effective from: 3.3.2026
MirrorCare Ltd (“MirrorCare”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data in a transparent, secure, and respectful manner. This policy explains how we collect, use, and protect your information when you use the MirrorCare app, website, and related services.
 

1. Nature of Support

MirrorCare is a supportive, non-clinical wellbeing platform designed to promote emotional reflection and peer connection. It does not provide medical, psychiatric, or crisis services and is not a substitute for professional care.

In an emergency, please contact local emergency services or a qualified healthcare professional.

​

2. Information We Collect

We collect only the data necessary to provide and improve our services. Depending on how you use MirrorCare, this may include:

Account Information

  • Name or display name

  • Email address

  • Login credentials

  • Two-factor authentication preferences

User Content

  • Messages exchanged with MirrorCare AI

  • Journal entries

  • Peer-to-peer chat messages

  • Group discussion posts

  • Uploaded profile images (if provided)

​

Technical & Usage Data

  • Device type and operating system

  • Anonymous analytics (if enabled)

  • Log data for security and moderation purposes

​

We do not share, disclose or sell personal data.

​

3. How We Use Your Information

Your data is used to:

  • Provide AI-based conversational support

  • Enable journaling and summaries

  • Facilitate peer and group discussions

  • Detect and moderate inappropriate content

  • Improve platform performance and security

  • Comply with legal obligations

​

AI-generated responses are automated and designed for supportive purposes only. No automated medical decisions are made.

​

4. AI Processing, Third-Party Services & Moderation

MirrorCare provides AI-powered features such as conversational support and journal summaries. When a user submits text to these features, the following data may be transmitted:

​

• User messages
• Journal entries
• Limited contextual information necessary to generate a response

​

This data is sent to our secure backend server, which then transmits the content to our AI processing provider:

OpenAI, L.L.C.

​

OpenAI processes this data solely to generate AI responses and summaries on behalf of MirrorCare.

MirrorCare does not sell user data, use it for advertising, or share it for marketing purposes.

OpenAI provides data protection measures consistent with applicable privacy regulations.

Users must provide explicit consent before any AI processing occurs and may withdraw consent at any time within the app settings.

​

MirrorCare uses AI systems to:

  • Generate conversational responses

  • Provide optional journal and reflection summaries

  • Assist in flagging potential community guideline violations

​

AI moderation assists human oversight but does not permanently ban users without review. Human administrators may review flagged content where necessary to maintain community safety.

​

5. Legal Basis (UK GDPR)

We process personal data under the following lawful bases:

  • Consent (for optional features such as analytics)

  • Contract (to provide account-based services)

  • Legitimate Interest (to maintain platform safety, security, and performance)

​

6. Data Retention

We retain account and content data for as long as your account remains active.

You may:

  • Export your data at any time

  • Request deletion of your account

  • Permanently delete your account directly within the app

​

Upon deletion, your personal data is removed from active systems, subject to limited retention where legally required (e.g. moderation logs or security records).

​

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Correct inaccurate information

  • Request deletion

  • Withdraw consent

  • Restrict processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

​

8. Data Security

We implement appropriate technical and organisational safeguards including:

  • HTTPS encryption

  • Secure server infrastructure

  • Access controls for authorised personnel

  • Privacy-by-design system architecture

​

9. Third-Party Service Providers

MirrorCare may use trusted service providers to operate the platform, including:

  • AI processing providers

  • Secure hosting providers

  • Analytics providers (if enabled by user)

​

All providers are required to comply with applicable data protection regulations.

​

10. International Transfers

Where data is processed outside the UK, appropriate safeguards such as Standard Contractual Clauses or equivalent protections are applied.

​

11. Updates to This Policy

We may update this policy from time to time. Significant changes will be clearly communicated within the app or on our website.

​

12. Contact

MirrorCare Ltd
Company No: SC875089
Email: support@mirrorcareai.com
Website: mirrorcareai.com

bottom of page