LiveWe've been building something special. Now it's your turn.Now live. Start building.

Privacy Policy

Updated Apr 25, 2026

This Privacy Policy describes how Trekeffect Incorporated doing business as Mirin ("Company," "we," "us," or "our"), collects, uses, and protects your personal information when you use our platform services ("Services"). Our Services include:

Subscription Website Services: Pre-built websites for blue-collar professionals hosted on mymirin.com with optional custom domain support
E-commerce Platform Services: Full-featured e-commerce solutions with revenue-sharing arrangements for select clients
Demo and Preview Services: Preview websites for prospective subscription customers
Free Website Scorecard Tool: AI-powered website performance analysis available at mirin.com/scorecard, which collects your website URL and email address to generate and deliver scorecard reports

We are committed to protecting your privacy and being transparent about our data practices. This Policy applies to all users of our Services and describes your privacy rights under applicable United States privacy laws, including Connecticut state privacy laws.

No Protected Health Information (PHI)

Mirin is not a HIPAA covered entity, and we do not act as a Business Associate. The Free Website Scorecard Tool and our other Services do not request, collect, store, or process protected health information (PHI). When you submit a website URL or Psychology Today profile URL through the Scorecard Tool, please submit only your business homepage or directory profile URL. Do not submit URLs that contain client identifiers, session notes, or any PHI in the path. We retain submitted URLs and email addresses only as necessary to generate, deliver, and re-display your scorecard report.

1Information We Collect

Information You Provide Directly

Account Information: Name, email address, business name, phone number, and other details you provide when registering
Profile Information: Additional details you choose to add to your account profile
Business Data: For subscription customers: business information, custom domain details, subdomain preferences, and website content
Done-For-You Project Data: For Done-For-You Website Services customers: intake form responses, business information, service descriptions, photos and images you provide, brand guidelines, and any other materials submitted for your website project
Project Communications: Emails, messages, revision requests, and other communications related to your Done-For-You Website project
E-commerce Data: For revenue-share clients: product information, customer data, sales data, and other content uploaded to the platform
Lead Information: Contact information submitted through lead capture forms on customer websites, stored in our database and accessible to website owners through their dashboard
Payment Information: Billing address and payment method details processed securely through Stripe
Device Authorization: When using the Mirin desktop app, device identifiers and authorization tokens to enable authenticated access from your local development environment
Website Audit Data: When you use our free website audit tool, we collect the website URL you submit and your email address to generate and deliver your audit report
Communications: Messages, support requests, and other communications with us

Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on our platform, and interaction patterns
Device Information: IP address, device type, operating system, browser type and version
Location Information: General location based on IP address for service optimization and security
Log Data: Server logs, error reports, and system performance data
Cookies and Tracking: Information collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

Integration Data: Information from third-party services you connect to our platform
Analytics Services: Data from analytics providers about your use of our Services
Security Services: Information from security providers for fraud detection and prevention

Categories Under California Privacy Law

For California residents, the personal information we collect maps to the following statutory categories defined by the CCPA, as amended by the CPRA:

Identifiers: Name, email address, IP address, device identifiers, cookie IDs
Customer records: Phone number, billing address, business name
Commercial information: Subscription history, payment records, products and services purchased
Internet or network activity: Browsing history on our Services, page interactions, scorecard and checkup activity
Geolocation data: Approximate location derived from IP address (we do not collect precise geolocation as defined under CPRA)
Inferences: Audience profiles derived from your activity for marketing optimization

Sensitive Personal Information

We do not collect or process the categories of "sensitive personal information" defined under CPRA, including government-issued identifiers (Social Security number, driver's license, passport), account log-in credentials with security access, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, the contents of mail / email / text messages not directed to us, genetic data, biometric identifiers, health information, or sex-life or sexual-orientation information. Because we do not collect sensitive personal information, the CPRA "right to limit the use and disclosure of sensitive personal information" does not change anything we do; we describe it for completeness in the rights section below.

2How We Use Information

Service Provision

Provide, maintain, and improve our platform services (subscription websites and e-commerce solutions)
Process subscription payments and manage billing through Stripe
Host websites on mymirin.com subdomains and support custom domain routing
Generate and provide demo/preview websites for prospective customers
Process lead capture form submissions and deliver them to website owners
For Done-For-You Website Services: design and develop custom websites using the information and materials you provide during the intake process
For Done-For-You Website Services: communicate with you about your project, process revision requests, and deliver the completed website
For e-commerce clients: facilitate product catalog management, order processing, and email marketing
Manage revenue-sharing arrangements for applicable client accounts
Display completed websites in our portfolio and marketing materials (as described in our Terms of Service)

Communication and Support

Respond to your requests, questions, and provide customer support
Send service announcements, updates, and security notifications
Deliver marketing communications (with your consent where required)
Conduct user surveys and gather feedback

Analytics and Improvement

Analyze usage patterns to improve our Services and develop new features
Conduct A/B testing and performance optimization
Generate aggregated analytics and business intelligence
Monitor system performance and troubleshoot technical issues

Security and Compliance

Protect against fraud, abuse, and security threats
Enforce our Terms of Service and other policies
Comply with legal obligations and respond to legal requests
Conduct security monitoring and incident response

3Information Sharing and Disclosure

We do not "sell" your personal information for monetary consideration. However, under the California Privacy Rights Act (CPRA), the term "share" is defined more broadly to include disclosure of personal information to third parties for cross-context behavioral advertising. As described below, our use of advertising and analytics technologies (Meta Pixel and Google Ads) may meet that "sharing" definition. California residents (and residents of other states with similar laws) have the right to opt out — see Section 6.

Service Providers

We work with trusted third-party service providers who help us deliver our Services. These providers are bound by contractual obligations limiting their use of personal information to the services they perform for us:

Cloud Hosting and Infrastructure: Amazon Web Services (AWS) for database and backend services; Google Cloud Platform (GCP) for frontend hosting; Cloudflare for content delivery (CDN), R2 object storage, and edge security
Payment Processing: Stripe for secure payment processing and subscription billing. We do not store complete payment card information on our servers
Email Services: Transactional and outbound email providers (including Amazon SES) for delivering account, lead, and nurture emails
Product Analytics: PostHog for self-hosted product usage analytics, session events, and feature adoption metrics
Marketing Analytics and Advertising: Google Analytics 4 (GA4) for website usage analytics; Meta Pixel (Facebook / Instagram) and Google Ads conversion tracking for measuring advertising effectiveness and building remarketing audiences. These services may receive your IP address, page and event activity, and a hashed version of your email address. See "Sharing for Cross-Context Behavioral Advertising" below for the CPRA disclosure
AI Processing: OpenRouter, an AI inference gateway that routes requests to underlying large language model providers (which currently include Google Gemini and other models, and may change over time). Website URLs and related performance data may be processed by these providers to generate audit reports and other AI-powered features. We do not feed sensitive personal information into AI services
Security: Fraud detection and security monitoring services
Customer Support: Help desk and support management tools

Sharing for Cross-Context Behavioral Advertising

We use Meta Pixel and Google Ads conversion tracking to measure ad campaign performance and reach potential customers on those platforms. These tools may receive identifiers (such as IP address, device identifiers, hashed email, and event activity) that allow Meta and Google to match your visit to their own user records and serve you personalized ads on their networks and partner properties. Under the CPRA, this disclosure meets the definition of "sharing" personal information for cross-context behavioral advertising, even though we receive no monetary consideration in exchange. You may opt out of this sharing at any time using the mechanism described in Section 6.

Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to different privacy practices.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Protection of Rights

We may disclose information when we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, situations involving potential threats to the safety of any person, or illegal activities.

4Data Security

We implement security measures appropriate to our size and the nature of our Services to protect your personal information:

Encryption in Transit: All data transmitted to and from our Services is encrypted using industry-standard TLS protocols
Secure Infrastructure: Our Services are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which maintain SOC 2, ISO 27001, and other security certifications
Access Controls: Limited personnel access to production systems with authentication requirements
Regular Backups: Automated daily backups with 15-day retention stored securely in AWS
Secure Authentication: JWT-based authentication tokens for user sessions
Payment Security: All payment processing is handled by Stripe; we do not store complete payment card information

As an early-stage company, we continuously work to improve our security practices. While we strive to protect your personal information, no security system is impenetrable. We cannot guarantee the absolute security of your data transmitted through our Services.

5Data Retention

We retain your personal information for different periods based on the type of data and our business needs:

Active Account Information: Retained while your account is active. Upon cancellation, account data is retained for 90 days to allow reactivation, after which it is permanently deleted
Lead Capture Form Data: Stored in our database and accessible through your dashboard until you delete it or your account is terminated. Lead data is deleted within 30 days of account termination
Subscription Data: Until subscription cancellation plus 90 days for potential reactivation
Done-For-You Project Data: Intake form responses, project communications, and design assets you provide are retained for the duration of your project plus 1 year after project completion. This allows us to reference your materials if you return for additional services or support
Project Files and Deliverables: The completed website files and associated design assets are retained as long as your hosting subscription remains active, plus 90 days after cancellation
Analytics Data: Individual-level data for 1 year; aggregated data for 2 years
Transaction and Billing Records: 7 years to meet tax, audit, and legal requirements
System Logs: 90 days for security monitoring and troubleshooting
Customer Support Records: 3 years for service improvement and legal purposes

Backup Retention: Deleted data may persist in encrypted backups for up to 15 days before being automatically purged through our rolling backup system.

We may retain certain information for longer periods where required by law or for legitimate business purposes such as fraud prevention.

6Your Privacy Rights

General Rights

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete personal information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Request a copy of your data in a machine-readable format
Opt-out: Opt out of marketing communications at any time

State-Specific Rights

Connecticut Residents (CTDPA)

As a Connecticut corporation, we comply with the Connecticut Data Privacy Act. Connecticut residents have the following rights:

Right to confirm whether we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to delete your personal data
Right to obtain a portable copy of your personal data
Right to opt out of targeted advertising (when applicable)
Right to opt out of the sale of personal data (we do not sell personal data)
Right to appeal our decision regarding your privacy request

To opt out of targeted advertising, email hello@mirin.com with "Opt Out of Targeted Advertising" in the subject line. We will process your request within 15 days.

To appeal a decision, email hello@mirin.com with "Privacy Appeal" in the subject line. We will respond within 60 days.

California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know: request the categories and specific pieces of personal information we have collected about you, the sources we collected it from, the purposes for collection, and the third parties with whom we have shared or disclosed it
Right to delete: request deletion of personal information we have collected from you (subject to legal retention requirements)
Right to correct: request correction of inaccurate personal information
Right to opt out of sale or sharing: direct us to stop "selling" (we do not) or "sharing" (as defined by CPRA, for cross-context behavioral advertising) your personal information
Right to limit use of sensitive personal information: limit our use of sensitive personal information to what is necessary to provide our Services. We do not currently collect sensitive personal information, so this right does not change anything we do today, but it is preserved for any future change
Right to non-discrimination: we will not deny you Services, charge different prices, or provide a different level of quality because you exercised any of these rights

Authorized Agents

You may designate an authorized agent to submit a privacy request on your behalf. The agent must provide signed written permission from you, and we may verify your identity directly or require you to confirm the agent's authority before fulfilling the request. Send authorized agent requests to hello@mirin.com.

Other State Privacy Laws

Residents of states with comprehensive consumer privacy laws — including Virginia (VCDPA), Colorado (CPA), Utah (UCPA), Connecticut (CTDPA, addressed above), Texas (TDPSA), Florida (FDBR), Oregon (OCPA), Montana (MTCDPA), Tennessee (TIPA), Iowa, Indiana, New Jersey, Delaware, New Hampshire, Maryland, Minnesota, and any other state that has enacted similar legislation — generally have rights similar to those described in the California section above: the right to access, correct, delete, and obtain a portable copy of personal information, and the right to opt out of targeted advertising and the sale of personal information. To exercise any of these rights, email hello@mirin.com. We will respond within the time period required by your state's law (generally 30 to 45 days).

How to Exercise Your Rights

To exercise your privacy rights:

Email us at hello@mirin.com
Update information directly in your account settings (for subscription customers)
Use the unsubscribe link in marketing emails

We will respond to your request within 30 days and may need to verify your identity before processing certain requests.

7Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our Services:

Types of Cookies We Use

Essential Cookies: Required for the Services to function properly
Performance Cookies: Help us analyze how you use our Services
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertising (with consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services. For more detailed information, please see our Cookie Policy.

8International Data Transfers

Our Services are primarily designed for users in the United States. Your personal information is stored and processed in the United States using Amazon Web Services (AWS) in the US-East-1 region for backend services and Google Cloud Platform (GCP) for frontend services.

If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and central database are located.

We do not currently target or market our Services to residents of the European Union and do not process personal data subject to the General Data Protection Regulation (GDPR).

9Children's Privacy

Our Services are designed for business use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at hello@mirin.com.

10Do Not Track Signals

Some browsers and devices offer "Do Not Track" (DNT) signals or similar mechanisms. Currently, there is no universal standard for recognizing and implementing these signals.

Our Services do not currently respond to Do Not Track signals. However, you can use the cookie management options described in our Cookie Policy to control our use of cookies for analytics purposes.

11Automated Decision-Making and AI Processing

We use artificial intelligence to power certain features of our Services. Our free website audit tool uses AI to analyze website performance data and generate personalized reports. This processing is informational only and does not produce legal effects or similarly significant effects on users.

When you submit a website URL for an audit, the performance data collected is processed by third-party AI services to generate a human-readable analysis. No automated decisions are made about you or your access to services based on this analysis.

If we implement automated decision-making that produces legal effects or similarly significant effects in the future, we will update this Privacy Policy and provide appropriate notice and opt-out mechanisms as required by applicable law.

12Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Investigate the incident promptly to determine the scope and impact
Take immediate steps to contain and mitigate the breach
Notify affected users within 72 hours of confirming the breach, or as otherwise required by applicable law
Provide information about what data was affected and steps you can take to protect yourself
Report to relevant authorities as required by law

The notification timeline may be extended if law enforcement determines that notification would impede a criminal investigation.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

We will notify you of any material changes by:

Sending an email to the address associated with your account
Posting a notice on our website
Updating the "Last Updated" date at the top of this Policy

Your continued use of our Services after we post any modifications to this Policy will constitute your acknowledgment of the modifications and your consent to abide by the modified Policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mirin
310R Flanders Rd, Rear
Rear Bldg #410
East Lyme, CT 06333
United States

Email: hello@mirin.com

Response Time: We will respond to privacy inquiries within 30 days of receipt.

LiveWe've been building something special. Now it's your turn.Now live. Start building.

Privacy Policy

Updated Apr 25, 2026

Subscription Website Services: Pre-built websites for blue-collar professionals hosted on mymirin.com with optional custom domain support
E-commerce Platform Services: Full-featured e-commerce solutions with revenue-sharing arrangements for select clients
Demo and Preview Services: Preview websites for prospective subscription customers
Free Website Scorecard Tool: AI-powered website performance analysis available at mirin.com/scorecard, which collects your website URL and email address to generate and deliver scorecard reports

No Protected Health Information (PHI)

1Information We Collect

Information You Provide Directly

Account Information: Name, email address, business name, phone number, and other details you provide when registering
Profile Information: Additional details you choose to add to your account profile
Business Data: For subscription customers: business information, custom domain details, subdomain preferences, and website content
Done-For-You Project Data: For Done-For-You Website Services customers: intake form responses, business information, service descriptions, photos and images you provide, brand guidelines, and any other materials submitted for your website project
Project Communications: Emails, messages, revision requests, and other communications related to your Done-For-You Website project
E-commerce Data: For revenue-share clients: product information, customer data, sales data, and other content uploaded to the platform
Lead Information: Contact information submitted through lead capture forms on customer websites, stored in our database and accessible to website owners through their dashboard
Payment Information: Billing address and payment method details processed securely through Stripe
Device Authorization: When using the Mirin desktop app, device identifiers and authorization tokens to enable authenticated access from your local development environment
Website Audit Data: When you use our free website audit tool, we collect the website URL you submit and your email address to generate and deliver your audit report
Communications: Messages, support requests, and other communications with us

Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on our platform, and interaction patterns
Device Information: IP address, device type, operating system, browser type and version
Location Information: General location based on IP address for service optimization and security
Log Data: Server logs, error reports, and system performance data
Cookies and Tracking: Information collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

Integration Data: Information from third-party services you connect to our platform
Analytics Services: Data from analytics providers about your use of our Services
Security Services: Information from security providers for fraud detection and prevention

Categories Under California Privacy Law

For California residents, the personal information we collect maps to the following statutory categories defined by the CCPA, as amended by the CPRA:

Identifiers: Name, email address, IP address, device identifiers, cookie IDs
Customer records: Phone number, billing address, business name
Commercial information: Subscription history, payment records, products and services purchased
Internet or network activity: Browsing history on our Services, page interactions, scorecard and checkup activity
Geolocation data: Approximate location derived from IP address (we do not collect precise geolocation as defined under CPRA)
Inferences: Audience profiles derived from your activity for marketing optimization

Sensitive Personal Information

2How We Use Information

Service Provision

Provide, maintain, and improve our platform services (subscription websites and e-commerce solutions)
Process subscription payments and manage billing through Stripe
Host websites on mymirin.com subdomains and support custom domain routing
Generate and provide demo/preview websites for prospective customers
Process lead capture form submissions and deliver them to website owners
For Done-For-You Website Services: design and develop custom websites using the information and materials you provide during the intake process
For Done-For-You Website Services: communicate with you about your project, process revision requests, and deliver the completed website
For e-commerce clients: facilitate product catalog management, order processing, and email marketing
Manage revenue-sharing arrangements for applicable client accounts
Display completed websites in our portfolio and marketing materials (as described in our Terms of Service)

Communication and Support

Respond to your requests, questions, and provide customer support
Send service announcements, updates, and security notifications
Deliver marketing communications (with your consent where required)
Conduct user surveys and gather feedback

Analytics and Improvement

Analyze usage patterns to improve our Services and develop new features
Conduct A/B testing and performance optimization
Generate aggregated analytics and business intelligence
Monitor system performance and troubleshoot technical issues

Security and Compliance

Protect against fraud, abuse, and security threats
Enforce our Terms of Service and other policies
Comply with legal obligations and respond to legal requests
Conduct security monitoring and incident response

3Information Sharing and Disclosure

Service Providers

Cloud Hosting and Infrastructure: Amazon Web Services (AWS) for database and backend services; Google Cloud Platform (GCP) for frontend hosting; Cloudflare for content delivery (CDN), R2 object storage, and edge security
Payment Processing: Stripe for secure payment processing and subscription billing. We do not store complete payment card information on our servers
Email Services: Transactional and outbound email providers (including Amazon SES) for delivering account, lead, and nurture emails
Product Analytics: PostHog for self-hosted product usage analytics, session events, and feature adoption metrics
Marketing Analytics and Advertising: Google Analytics 4 (GA4) for website usage analytics; Meta Pixel (Facebook / Instagram) and Google Ads conversion tracking for measuring advertising effectiveness and building remarketing audiences. These services may receive your IP address, page and event activity, and a hashed version of your email address. See "Sharing for Cross-Context Behavioral Advertising" below for the CPRA disclosure
AI Processing: OpenRouter, an AI inference gateway that routes requests to underlying large language model providers (which currently include Google Gemini and other models, and may change over time). Website URLs and related performance data may be processed by these providers to generate audit reports and other AI-powered features. We do not feed sensitive personal information into AI services
Security: Fraud detection and security monitoring services
Customer Support: Help desk and support management tools

Sharing for Cross-Context Behavioral Advertising

Business Transfers

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Protection of Rights

4Data Security

We implement security measures appropriate to our size and the nature of our Services to protect your personal information:

Encryption in Transit: All data transmitted to and from our Services is encrypted using industry-standard TLS protocols
Secure Infrastructure: Our Services are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which maintain SOC 2, ISO 27001, and other security certifications
Access Controls: Limited personnel access to production systems with authentication requirements
Regular Backups: Automated daily backups with 15-day retention stored securely in AWS
Secure Authentication: JWT-based authentication tokens for user sessions
Payment Security: All payment processing is handled by Stripe; we do not store complete payment card information

5Data Retention

We retain your personal information for different periods based on the type of data and our business needs:

Active Account Information: Retained while your account is active. Upon cancellation, account data is retained for 90 days to allow reactivation, after which it is permanently deleted
Lead Capture Form Data: Stored in our database and accessible through your dashboard until you delete it or your account is terminated. Lead data is deleted within 30 days of account termination
Subscription Data: Until subscription cancellation plus 90 days for potential reactivation
Done-For-You Project Data: Intake form responses, project communications, and design assets you provide are retained for the duration of your project plus 1 year after project completion. This allows us to reference your materials if you return for additional services or support
Project Files and Deliverables: The completed website files and associated design assets are retained as long as your hosting subscription remains active, plus 90 days after cancellation
Analytics Data: Individual-level data for 1 year; aggregated data for 2 years
Transaction and Billing Records: 7 years to meet tax, audit, and legal requirements
System Logs: 90 days for security monitoring and troubleshooting
Customer Support Records: 3 years for service improvement and legal purposes

Backup Retention: Deleted data may persist in encrypted backups for up to 15 days before being automatically purged through our rolling backup system.

We may retain certain information for longer periods where required by law or for legitimate business purposes such as fraud prevention.

6Your Privacy Rights

General Rights

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete personal information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Request a copy of your data in a machine-readable format
Opt-out: Opt out of marketing communications at any time

State-Specific Rights

Connecticut Residents (CTDPA)

As a Connecticut corporation, we comply with the Connecticut Data Privacy Act. Connecticut residents have the following rights:

Right to confirm whether we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to delete your personal data
Right to obtain a portable copy of your personal data
Right to opt out of targeted advertising (when applicable)
Right to opt out of the sale of personal data (we do not sell personal data)
Right to appeal our decision regarding your privacy request

To opt out of targeted advertising, email hello@mirin.com with "Opt Out of Targeted Advertising" in the subject line. We will process your request within 15 days.

To appeal a decision, email hello@mirin.com with "Privacy Appeal" in the subject line. We will respond within 60 days.

California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know: request the categories and specific pieces of personal information we have collected about you, the sources we collected it from, the purposes for collection, and the third parties with whom we have shared or disclosed it
Right to delete: request deletion of personal information we have collected from you (subject to legal retention requirements)
Right to correct: request correction of inaccurate personal information
Right to opt out of sale or sharing: direct us to stop "selling" (we do not) or "sharing" (as defined by CPRA, for cross-context behavioral advertising) your personal information
Right to limit use of sensitive personal information: limit our use of sensitive personal information to what is necessary to provide our Services. We do not currently collect sensitive personal information, so this right does not change anything we do today, but it is preserved for any future change
Right to non-discrimination: we will not deny you Services, charge different prices, or provide a different level of quality because you exercised any of these rights

Authorized Agents

Other State Privacy Laws

How to Exercise Your Rights

To exercise your privacy rights:

Email us at hello@mirin.com
Update information directly in your account settings (for subscription customers)
Use the unsubscribe link in marketing emails

We will respond to your request within 30 days and may need to verify your identity before processing certain requests.

7Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our Services:

Types of Cookies We Use

Essential Cookies: Required for the Services to function properly
Performance Cookies: Help us analyze how you use our Services
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertising (with consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services. For more detailed information, please see our Cookie Policy.

8International Data Transfers

We do not currently target or market our Services to residents of the European Union and do not process personal data subject to the General Data Protection Regulation (GDPR).

9Children's Privacy

Our Services are designed for business use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at hello@mirin.com.

10Do Not Track Signals

Some browsers and devices offer "Do Not Track" (DNT) signals or similar mechanisms. Currently, there is no universal standard for recognizing and implementing these signals.

Our Services do not currently respond to Do Not Track signals. However, you can use the cookie management options described in our Cookie Policy to control our use of cookies for analytics purposes.

11Automated Decision-Making and AI Processing

12Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Investigate the incident promptly to determine the scope and impact
Take immediate steps to contain and mitigate the breach
Notify affected users within 72 hours of confirming the breach, or as otherwise required by applicable law
Provide information about what data was affected and steps you can take to protect yourself
Report to relevant authorities as required by law

The notification timeline may be extended if law enforcement determines that notification would impede a criminal investigation.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

We will notify you of any material changes by:

Sending an email to the address associated with your account
Posting a notice on our website
Updating the "Last Updated" date at the top of this Policy

Your continued use of our Services after we post any modifications to this Policy will constitute your acknowledgment of the modifications and your consent to abide by the modified Policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mirin
310R Flanders Rd, Rear
Rear Bldg #410
East Lyme, CT 06333
United States

Email: hello@mirin.com

Response Time: We will respond to privacy inquiries within 30 days of receipt.

LiveWe've been building something special. Now it's your turn.Now live. Start building.

Privacy Policy

Updated Apr 25, 2026

Subscription Website Services: Pre-built websites for blue-collar professionals hosted on mymirin.com with optional custom domain support
E-commerce Platform Services: Full-featured e-commerce solutions with revenue-sharing arrangements for select clients
Demo and Preview Services: Preview websites for prospective subscription customers
Free Website Scorecard Tool: AI-powered website performance analysis available at mirin.com/scorecard, which collects your website URL and email address to generate and deliver scorecard reports

No Protected Health Information (PHI)

1Information We Collect

Information You Provide Directly

Account Information: Name, email address, business name, phone number, and other details you provide when registering
Profile Information: Additional details you choose to add to your account profile
Business Data: For subscription customers: business information, custom domain details, subdomain preferences, and website content
Done-For-You Project Data: For Done-For-You Website Services customers: intake form responses, business information, service descriptions, photos and images you provide, brand guidelines, and any other materials submitted for your website project
Project Communications: Emails, messages, revision requests, and other communications related to your Done-For-You Website project
E-commerce Data: For revenue-share clients: product information, customer data, sales data, and other content uploaded to the platform
Lead Information: Contact information submitted through lead capture forms on customer websites, stored in our database and accessible to website owners through their dashboard
Payment Information: Billing address and payment method details processed securely through Stripe
Device Authorization: When using the Mirin desktop app, device identifiers and authorization tokens to enable authenticated access from your local development environment
Website Audit Data: When you use our free website audit tool, we collect the website URL you submit and your email address to generate and deliver your audit report
Communications: Messages, support requests, and other communications with us

Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on our platform, and interaction patterns
Device Information: IP address, device type, operating system, browser type and version
Location Information: General location based on IP address for service optimization and security
Log Data: Server logs, error reports, and system performance data
Cookies and Tracking: Information collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

Integration Data: Information from third-party services you connect to our platform
Analytics Services: Data from analytics providers about your use of our Services
Security Services: Information from security providers for fraud detection and prevention

Categories Under California Privacy Law

For California residents, the personal information we collect maps to the following statutory categories defined by the CCPA, as amended by the CPRA:

Identifiers: Name, email address, IP address, device identifiers, cookie IDs
Customer records: Phone number, billing address, business name
Commercial information: Subscription history, payment records, products and services purchased
Internet or network activity: Browsing history on our Services, page interactions, scorecard and checkup activity
Geolocation data: Approximate location derived from IP address (we do not collect precise geolocation as defined under CPRA)
Inferences: Audience profiles derived from your activity for marketing optimization

Sensitive Personal Information

2How We Use Information

Service Provision

Provide, maintain, and improve our platform services (subscription websites and e-commerce solutions)
Process subscription payments and manage billing through Stripe
Host websites on mymirin.com subdomains and support custom domain routing
Generate and provide demo/preview websites for prospective customers
Process lead capture form submissions and deliver them to website owners
For Done-For-You Website Services: design and develop custom websites using the information and materials you provide during the intake process
For Done-For-You Website Services: communicate with you about your project, process revision requests, and deliver the completed website
For e-commerce clients: facilitate product catalog management, order processing, and email marketing
Manage revenue-sharing arrangements for applicable client accounts
Display completed websites in our portfolio and marketing materials (as described in our Terms of Service)

Communication and Support

Respond to your requests, questions, and provide customer support
Send service announcements, updates, and security notifications
Deliver marketing communications (with your consent where required)
Conduct user surveys and gather feedback

Analytics and Improvement

Analyze usage patterns to improve our Services and develop new features
Conduct A/B testing and performance optimization
Generate aggregated analytics and business intelligence
Monitor system performance and troubleshoot technical issues

Security and Compliance

Protect against fraud, abuse, and security threats
Enforce our Terms of Service and other policies
Comply with legal obligations and respond to legal requests
Conduct security monitoring and incident response

3Information Sharing and Disclosure

Service Providers

Cloud Hosting and Infrastructure: Amazon Web Services (AWS) for database and backend services; Google Cloud Platform (GCP) for frontend hosting; Cloudflare for content delivery (CDN), R2 object storage, and edge security
Payment Processing: Stripe for secure payment processing and subscription billing. We do not store complete payment card information on our servers
Email Services: Transactional and outbound email providers (including Amazon SES) for delivering account, lead, and nurture emails
Product Analytics: PostHog for self-hosted product usage analytics, session events, and feature adoption metrics
Marketing Analytics and Advertising: Google Analytics 4 (GA4) for website usage analytics; Meta Pixel (Facebook / Instagram) and Google Ads conversion tracking for measuring advertising effectiveness and building remarketing audiences. These services may receive your IP address, page and event activity, and a hashed version of your email address. See "Sharing for Cross-Context Behavioral Advertising" below for the CPRA disclosure
AI Processing: OpenRouter, an AI inference gateway that routes requests to underlying large language model providers (which currently include Google Gemini and other models, and may change over time). Website URLs and related performance data may be processed by these providers to generate audit reports and other AI-powered features. We do not feed sensitive personal information into AI services
Security: Fraud detection and security monitoring services
Customer Support: Help desk and support management tools

Sharing for Cross-Context Behavioral Advertising

Business Transfers

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Protection of Rights

4Data Security

We implement security measures appropriate to our size and the nature of our Services to protect your personal information:

Encryption in Transit: All data transmitted to and from our Services is encrypted using industry-standard TLS protocols
Secure Infrastructure: Our Services are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which maintain SOC 2, ISO 27001, and other security certifications
Access Controls: Limited personnel access to production systems with authentication requirements
Regular Backups: Automated daily backups with 15-day retention stored securely in AWS
Secure Authentication: JWT-based authentication tokens for user sessions
Payment Security: All payment processing is handled by Stripe; we do not store complete payment card information

5Data Retention

We retain your personal information for different periods based on the type of data and our business needs:

Active Account Information: Retained while your account is active. Upon cancellation, account data is retained for 90 days to allow reactivation, after which it is permanently deleted
Lead Capture Form Data: Stored in our database and accessible through your dashboard until you delete it or your account is terminated. Lead data is deleted within 30 days of account termination
Subscription Data: Until subscription cancellation plus 90 days for potential reactivation
Done-For-You Project Data: Intake form responses, project communications, and design assets you provide are retained for the duration of your project plus 1 year after project completion. This allows us to reference your materials if you return for additional services or support
Project Files and Deliverables: The completed website files and associated design assets are retained as long as your hosting subscription remains active, plus 90 days after cancellation
Analytics Data: Individual-level data for 1 year; aggregated data for 2 years
Transaction and Billing Records: 7 years to meet tax, audit, and legal requirements
System Logs: 90 days for security monitoring and troubleshooting
Customer Support Records: 3 years for service improvement and legal purposes

Backup Retention: Deleted data may persist in encrypted backups for up to 15 days before being automatically purged through our rolling backup system.

We may retain certain information for longer periods where required by law or for legitimate business purposes such as fraud prevention.

6Your Privacy Rights

General Rights

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete personal information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Request a copy of your data in a machine-readable format
Opt-out: Opt out of marketing communications at any time

State-Specific Rights

Connecticut Residents (CTDPA)

As a Connecticut corporation, we comply with the Connecticut Data Privacy Act. Connecticut residents have the following rights:

Right to confirm whether we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to delete your personal data
Right to obtain a portable copy of your personal data
Right to opt out of targeted advertising (when applicable)
Right to opt out of the sale of personal data (we do not sell personal data)
Right to appeal our decision regarding your privacy request

To opt out of targeted advertising, email hello@mirin.com with "Opt Out of Targeted Advertising" in the subject line. We will process your request within 15 days.

To appeal a decision, email hello@mirin.com with "Privacy Appeal" in the subject line. We will respond within 60 days.

California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know: request the categories and specific pieces of personal information we have collected about you, the sources we collected it from, the purposes for collection, and the third parties with whom we have shared or disclosed it
Right to delete: request deletion of personal information we have collected from you (subject to legal retention requirements)
Right to correct: request correction of inaccurate personal information
Right to opt out of sale or sharing: direct us to stop "selling" (we do not) or "sharing" (as defined by CPRA, for cross-context behavioral advertising) your personal information
Right to limit use of sensitive personal information: limit our use of sensitive personal information to what is necessary to provide our Services. We do not currently collect sensitive personal information, so this right does not change anything we do today, but it is preserved for any future change
Right to non-discrimination: we will not deny you Services, charge different prices, or provide a different level of quality because you exercised any of these rights

Authorized Agents

Other State Privacy Laws

How to Exercise Your Rights

To exercise your privacy rights:

Email us at hello@mirin.com
Update information directly in your account settings (for subscription customers)
Use the unsubscribe link in marketing emails

We will respond to your request within 30 days and may need to verify your identity before processing certain requests.

7Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our Services:

Types of Cookies We Use

Essential Cookies: Required for the Services to function properly
Performance Cookies: Help us analyze how you use our Services
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertising (with consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services. For more detailed information, please see our Cookie Policy.

8International Data Transfers

We do not currently target or market our Services to residents of the European Union and do not process personal data subject to the General Data Protection Regulation (GDPR).

9Children's Privacy

Our Services are designed for business use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at hello@mirin.com.

10Do Not Track Signals

Some browsers and devices offer "Do Not Track" (DNT) signals or similar mechanisms. Currently, there is no universal standard for recognizing and implementing these signals.

Our Services do not currently respond to Do Not Track signals. However, you can use the cookie management options described in our Cookie Policy to control our use of cookies for analytics purposes.

11Automated Decision-Making and AI Processing

12Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Investigate the incident promptly to determine the scope and impact
Take immediate steps to contain and mitigate the breach
Notify affected users within 72 hours of confirming the breach, or as otherwise required by applicable law
Provide information about what data was affected and steps you can take to protect yourself
Report to relevant authorities as required by law

The notification timeline may be extended if law enforcement determines that notification would impede a criminal investigation.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

We will notify you of any material changes by:

Sending an email to the address associated with your account
Posting a notice on our website
Updating the "Last Updated" date at the top of this Policy

Your continued use of our Services after we post any modifications to this Policy will constitute your acknowledgment of the modifications and your consent to abide by the modified Policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mirin
310R Flanders Rd, Rear
Rear Bldg #410
East Lyme, CT 06333
United States

Email: hello@mirin.com

Response Time: We will respond to privacy inquiries within 30 days of receipt.