Your privacy comes first.

What Quiet Mirror is (and is not)

Quiet Mirror is a journaling and reflection companion. It is not a clinical service, not emergency support, and not a substitute for professional care. If you are in immediate danger or experiencing a crisis, please contact your local emergency services or a crisis helpline.

What information we collect

• Account details: email address and basic authentication identifiers required to sign you in.
• Your content: journal entries and related reflections you submit.
• Usage/security data: limited technical data needed for reliability, abuse prevention, and troubleshooting (for example, timestamps and basic request metadata).
• Payment data: if you subscribe to Premium, payment details are collected and processed directly by Stripe. Quiet Mirror does not store your card number.

What we do not do

• We do not sell your personal data.
• We do not turn your private journal into public content by default.
• We do not use your private entries to train AI models — ours or anyone else's. Our AI provider processes your text solely to generate the reflection you requested and does not retain or train on that data.
• We do not serve ads or sell access to your data to advertisers.

How your data is used

We use your data to provide the service (sign-in, saving entries, generating reflections you request), to keep the platform secure, and to improve reliability and user experience.

AI reflections

If you choose to generate an AI reflection, the text you provide is sent to our AI provider to produce that reflection. We aim to keep this processing minimal and aligned to your request. The AI provider does not use your data to train models.

Data storage and subprocessors

Quiet Mirror uses third-party infrastructure to operate. Your data is stored and processed by these providers strictly to deliver the service to you, and for no other purpose. Our current subprocessors are:

• Vercel — hosting and serverless functions.
• Supabase — authentication, database storage, and row-level security.
• Groq — AI inference for generating reflections.
• Stripe — payment processing for Premium subscriptions.
• Resend — transactional email delivery (magic links, sign-in codes).

We will update this list if subprocessors change.

Retention and deletion

We keep your data for as long as your account is active, or as needed to provide the service. You can request deletion of your account and all associated data by emailing hello@quietmirror.me. We will process deletion requests within 30 days.

Security

We use standard security practices appropriate for a modern web application (secure transport, access controls, and least-privilege principles). No system can be guaranteed 100% secure, but privacy and safety are core product requirements for Quiet Mirror.

Cookies and analytics

We use essential cookies for login and session handling. We may use privacy-focused analytics to understand broad usage patterns (such as page views and feature adoption). Analytics data is aggregated and is not used to identify, profile, or target individual users. We do not use advertising cookies or third-party tracking pixels.

Your choices

• Access and update basic account information.
• Request export or deletion of your data.
• Choose what you write and what you submit for reflection.

Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top and, where appropriate, notify you by email. Continued use of Quiet Mirror after changes are posted constitutes acceptance of the updated policy.