← Back

Privacy Policy

What we collect · Where it goes

The short version

Your photos are processed on your device. We send your photo to OpenAI and Replicate to generate your analysis and renders, then we forget it. We do not sell your data. We do not train AI on your face. We do not require an account.

What we collect

On your device: photos you take with the scan camera, the measurements derived from them, your score, your active protocol, and your purchase receipts. Nothing leaves your device unless you tap a button that clearly says it will send an image to our servers (e.g. "GENERATE IMAGE", "SCAN").

On our servers, temporarily: the single photo you submit to /scan, /rate, /tryon, or /maximize for the duration of that one request (seconds), plus the measurements and the generated image URL. We do not attach your photo to a persistent account, because there is no account.

Who processes your photos

OpenAI — GPT-4o Vision runs your analysis and honest rating. Replicate — Google Nano Banana renders your transformation images; cdingram/face-swap locks the identity. Both providers process the photo for the duration of one API request and do not, by their terms, retain or train on the data we send them through the API.

What we do not collect

No name. No email. No phone number. No location. No social contacts. No tracking across other apps. No advertising identifier for profiling purposes.

Children

Mirrorly is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app, email hello@mirrorly.app and we will delete any on-device and server-side records associated with the submission.

Your rights

Access: all your data is on your device; open it in Settings → App Privacy → See all app data. Deletion: delete the app to erase on-device data; the transient server-side request data is auto-expired. Opt-out of auto-renewal: App Store or Google Play account settings.

Purchases

Billing is handled by Apple (App Store) or Google (Play Billing). Mirrorly never sees your card number. We see only a receipt that confirms whether your subscription is active.

Security

Photos in transit are sent over HTTPS. On your device, photos are stored in the app's sandboxed documents directory and are deleted when the app is uninstalled.

Changes

We may update this policy. Material changes will be surfaced inside the app before they take effect.

Contact

Questions or data requests? Email hello@mirrorly.app.

Last updated 23 April 2026.