Skip to privacy policy content

Privacy Policy

Your privacy comes first.

Quiet Mirror is designed to be a quiet, private place for reflection. This page explains what we collect, what we don't, and how your data is handled.

Last updated: May 7, 2026

Questions? Email us at hello@quietmirror.me.

What Quiet Mirror is (and is not)

Quiet Mirror is a journaling and reflection companion. It is not a clinical service, not emergency support, and not a substitute for professional care. If you are in immediate danger or experiencing a crisis, please contact your local emergency services or a crisis helpline.

What information we collect

  • Account details: email address and basic authentication identifiers required to sign you in.
  • Your content: journal entries and related reflections you submit.
  • Usage/security data: limited technical data needed for reliability, abuse prevention, and troubleshooting (for example, timestamps and basic request metadata).
  • Payment data: if you subscribe to Premium, payment details are collected and processed directly by Dodo Payments. Quiet Mirror does not store your card number.

What we do not do

  • We do not sell your personal data.
  • We do not turn your private journal into public content by default.
  • We do not use your private entries to train AI models β€” ours or anyone else's. Our AI provider processes your text solely to generate the reflection you requested and does not retain or train on that data.
  • We do not serve ads or sell access to your data to advertisers.

How your data is used

We use your data to provide the service (sign-in, saving entries, generating reflections you request), to keep the platform secure, and to improve reliability and user experience.

AI reflections

If you choose to generate an AI reflection, the text you provide is sent to our AI provider to produce that reflection. We aim to keep this processing minimal and aligned to your request. The AI provider does not use your data to train models.

Data storage and subprocessors

Quiet Mirror uses third-party infrastructure to operate. Your data is stored and processed by these providers strictly to deliver the service to you, and for no other purpose. Our current subprocessors are:

  • Vercel β€” hosting and serverless functions.
  • Supabase β€” authentication, database storage, and row-level security.
  • Groq β€” AI inference for generating reflections. Groq does not use your data to train models; see their Privacy Policy.
  • Dodo Payments β€” payment processing for Premium subscriptions.
  • Resend β€” transactional email delivery (magic links, sign-in codes).
  • PostHog β€” privacy-focused product analytics (EU cloud). PostHog does not sell your data; see their Privacy Policy.

We will update this list if subprocessors change.

Retention and deletion

We keep your data for as long as your account is active, or as needed to provide the service. You can request deletion of your account and all associated data by emailing hello@quietmirror.me. We will process deletion requests within 30 days.

Security

We use standard security practices appropriate for a modern web application (secure transport, access controls, and least-privilege principles). No system can be guaranteed 100% secure, but privacy and safety are core product requirements for Quiet Mirror.

Cookies and analytics

We use essential cookies for login and session handling. We may use privacy-focused analytics to understand broad usage patterns (such as page views and feature adoption). Analytics data is aggregated and is not used to identify, profile, or target individual users. We do not use advertising cookies or third-party tracking pixels.

Your choices

  • Access and update basic account information.
  • Request export or deletion of your data.
  • Choose what you write and what you submit for reflection.

Your rights (UK & EU users)

If you are located in the United Kingdom or European Economic Area, you have the following rights under UK GDPR and GDPR respectively:

  • Access β€” request a copy of the personal data we hold about you.
  • Erasure β€” request deletion of your data (right to be forgotten).
  • Portability β€” request your data in a machine-readable format.
  • Rectification β€” request correction of inaccurate personal data.
  • Objection β€” object to processing where we rely on legitimate interests.

To exercise any of these rights, email hello@quietmirror.me. We will respond within 30 days. UK users may also lodge a complaint with the Information Commissioner's Office (ICO). EU users may contact their local supervisory authority.

Changes to this policy

If we make material changes to this policy, we will update the β€œLast updated” date at the top and, where appropriate, notify you by email. Continued use of Quiet Mirror after changes are posted constitutes acceptance of the updated policy.

Terms of Service β†’Security & Privacy Architecture β†’

Ready to try a private check-in?

Start free. Upgrade only if it genuinely helps you go deeper with insights, timelines, and richer reflections.

Start free journalingSee what Premium addsLearn about Quiet Mirror β†’