Mirror Reader Privacy Policy

Effective Date: July 16, 2026

Last Updated: July 16, 2026

This Privacy Policy explains how Mirror Reader ("Mirror Reader," "we," "us," or "our") collects, uses, stores, and shares information when you use the Mirror Reader mobile application, website, and related services (collectively, the "Service").

Mirror Reader is a reading and language-learning service. It provides a cloud catalog of public-domain books, generated covers and translations, reading and vocabulary tools, subscriptions, pronunciation feedback for learners of English, and Creator tools for importing user-provided texts. A user-provided text can be a book, document, article, note, study material, or other supported text. Import and translation are not limited to one fixed language pair; available languages and quality depend on the app version and the configured translation model.

For privacy questions or requests, contact [email protected].

1. Summary

2. Information We Collect

2.1 Account and Sign-In Information

Mirror Reader may create a cloud-backed guest account before registration. If you register or sign in, we may process:

Passwords are handled by our authentication provider. Mirror Reader does not store or log a plain-text password in its own backend or app data. The iOS app stores session tokens in the iOS Keychain.

2.2 Reading, Library, and Learning Data

We may process and sync:

In-reader search runs against reading content. The current release does not intentionally maintain a separate cloud search-history profile.

2.3 User-Provided Texts

Creator users may import texts from supported files. Depending on the feature used, we may process and store:

The uploaded text and generated artifacts are stored so the text can be prepared, opened, synchronized, and restored across sessions or devices. Translation and alignment caches can contain original and translated fragments. A bounded internal AI diagnostic log can contain request prompts and model responses so we can investigate failures and quality problems. Account deletion removes rows tied to the deleted user from these active caches and logs, as described in Section 8.

Do not upload confidential, legally protected, highly sensitive, or third-party material unless you have the rights and a suitable legal basis to process it through the providers described in this Policy.

2.4 Subscription and Purchase Data

Mirror Reader offers auto-renewable Premium and Creator subscriptions through Apple StoreKit. Premium unlocks full cloud catalog books. Creator includes Premium access and adds import and cloud preparation of user-provided texts.

We may receive or store:

Apple handles payment-card and Apple Account payment information. Deleting a Mirror Reader account does not cancel billing through Apple.

2.5 Pronunciation Audio and Feedback

Eligible Premium and Creator users whose learning language is English can hold a word and choose to record a short pronunciation attempt. The app shows a recording indicator while the microphone is active.

For each request:

We may retain non-content operational data, such as request count, audio duration, status, provider latency, error category, and estimated cost, for quota enforcement, reliability, security, and abuse prevention. If the Mirror Reader-operated phonetic-analysis service is unavailable, the feature can still return cloud-provider feedback without the additional detected-sound analysis.

Microphone access is optional. Denying or revoking permission does not block ordinary reading features.

2.6 Device, IP, Usage, and Diagnostic Data

We may process:

Admin and support tools may show the most recent full IP address and IP-derived approximate location for security, fraud prevention, diagnostics, and support. We do not use this information for third-party advertising tracking.

2.7 Website and Communications

Our website may process IP address, browser and device information, pages viewed, referral data, security signals, cookies, and similar technical data needed for hosting, reliability, analytics, and abuse prevention. If you contact us, we process your email address, message, attachments, and information you choose to provide.

3. How We Use Information

We use information to:

We do not sell personal information or use it for cross-context behavioral advertising.

4. AI Translation and Model Providers

Catalog translations may be generated before publication. User-provided texts are processed dynamically only when the user starts a preparation or translation feature.

Mirror Reader currently uses an AI routing intermediary for these dynamic text-model requests. We send the text fragments needed for the requested operation, selected source and target languages, and system instructions. We do not intentionally include account credentials, reading progress, bookmarks, vocabulary lists, assessment results, purchase history, or pronunciation audio in a text-translation request.

The intermediary transmits inputs to a model provider selected by an explicit choice or automatic routing. Different model providers and even different endpoints from the same provider may have different rules about:

The routing intermediary and selected model provider can apply different policies to request content and metadata. Mirror Reader therefore takes a conservative approach when a provider's storage or training practices cannot be confirmed.

Some routes offer Zero Data Retention (ZDR) endpoints, which are designated as not storing request data. Mirror Reader's current request code does not force a per-request ZDR restriction for every translation, and account-level or route-level settings may change. Unless Mirror Reader expressly identifies a request as ZDR-enforced, users should not assume every selected provider is ZDR or that every provider forbids model training.

Generated translations and alignments can be inaccurate. They are not certified or official translations and should not be used as the sole basis for legal, medical, financial, safety-critical, or other high-stakes decisions.

5. How We Share Information

We share information only as needed for the Service, with your direction, or where legally required. Current categories include:

These parties may act as processors or independent controllers under their own terms and policies. Mirror Reader maintains the actual provider identities in its internal processor records and provides recipient information where applicable law requires. We may also disclose information to comply with law, protect users and systems, address fraud or security incidents, or complete a business transfer subject to applicable protections.

6. Legal Bases

Where a legal basis is required, we rely on one or more of:

7. Retention

We retain active account, learning, user-text, and subscription records while needed to provide the Service and until deletion, subject to backup cycles and legal requirements. Some operational logs and security records are retained for limited periods. AI diagnostic logs are bounded rather than intended as a permanent content archive.

Guest accounts with no meaningful activity may be identified for cleanup after a configured inactivity period. Provider-side copies are governed by the applicable provider policy and may not be automatically erased by deleting a Mirror Reader account.

8. Account and Data Deletion

Users can delete a registered or guest cloud account from Profile. The backend removes the authentication account and associated synced records, owned user-text files and processed packages, preparation and translation jobs, generated language layers and alignments, user-linked processing caches, AI prompt/response diagnostic logs, sync events, licenses, device links, App Attest records, and other active user-scoped records. Shared catalog material that must remain is detached from the deleted user identifier.

For an administrator-initiated deletion, Mirror Reader may retain a minimal deletion audit containing the deleted internal account ID, deletion time, status, and counts, without retaining the deleted profile or uploaded text in that audit. Limited security, legal, accounting, fraud-prevention, or Apple transaction records may be retained where necessary or permitted.

Deleting a Mirror Reader account does not:

See Data Deletion or contact [email protected].

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object, withdraw consent, receive a copy, or appeal a privacy decision. Use the in-app deletion option or contact [email protected]. We may verify identity before acting on a request.

We do not sell personal information or share it for cross-context behavioral advertising.

10. International Processing

Mirror Reader and its providers may process information in the United States and other countries. Data-protection laws may differ from those in your country. We use legally required safeguards where applicable.

11. Security

We use administrative, technical, and organizational safeguards designed to protect information. These include encrypted transport, authenticated provider endpoints, token protection, platform Keychain storage, and access controls. No system is completely secure. You are responsible for protecting your device and account credentials.

12. Children's Privacy

Mirror Reader is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Contact [email protected] if you believe a child has provided personal information.

13. Third-Party Links

Third-party websites and services have their own privacy practices. This Policy does not control those services.

14. Changes

We may update this Policy as the Service, providers, or laws change. We will update the date above and provide additional notice where required.

15. Contact

Mirror Reader Email: [email protected] Website: https://www.mirrorreader.com