MirrorCare Ltd – Privacy & Data Protection Policy

Effective from: 19/1/2026
MirrorCare Ltd (“MirrorCare”, “we”, “our”, or “us”) is committed to protecting your privacy
and handling your data in a transparent, secure, and respectful way. This policy outlines
how we process your information when using MirrorCare AI or engaging with our extended services.

1. Nature of Support
MirrorCare AI is a supportive, non-clinical tool designed to promote emotional wellbeing
through reflective conversation - It does not replace professional therapy, medical advice,
or crisis intervention services - In an emergency or crisis, please contact emergency
services or a qualified mental health professional.

2. What Data We Process
We process only the minimum data necessary to provide and improve the MirrorCare
experience. This may include: - Basic session data (e.g. message content during chat) -
Device/browser type (anonymised analytics, optional) - Consent preferences (e.g.
reminders opt-in) - Staff contact details (only in professional or organisational versions)
We do not collect sensitive personal data unless explicitly shared — and such data is not
stored or profiled.

3. Session Memory & Data Retention
MirrorCare AI operates with temporary session memory only - Conversations are
processed in real-time and are not permanently stored - If you close or refresh the
session, all previous messages are erased - Any opt-in choices are stored securely only
with your consent.

4. Legal Basis & Your Rights (GDPR)
MirrorCare Ltd operates in alignment with the UK GDPR and the Data Protection Act 2018.
We rely on: - Consent – for optional features like reminders or email follow-ups. Legitimate interest – to operate and improve our AI support platform securely. Your rights
include: - Access, correction or deletion of your data - Withdraw consent - Lodge a
complaint with the ICO

5. Third-Party Tools & Hosting
MirrorCare uses secure platforms such as: - OpenAI (AI processing) - Typebot (chat
hosting) - Make.com  / Twilio (optional integrations) All providers are
GDPR-compliant. We do not sell or share your data.

6. Data Security
Data in transit is protected via HTTPS encryption - Access is restricted to authorised
personnel.  Privacy-by-design is embedded in all systems.

7. Updates to This Policy
Any changes will be reflected on our website. Significant updates will be communicated
clearly.

8. Contact Us
MirrorCare Ltd Company No: SC875089
Email: support@mirrorcareai.com
Website: mirrorcareai.com