Mirror Beta

Privacy Policy

Last Updated: June 2026

Mirror is built on projects and user-entered decision records: issues, decisions, reasoning, expectations, outcomes, and learnings. Reflections are generated by Mirror from those records. The more honestly you're able to use Mirror, the more powerful it becomes. Privacy is critical to its success. This policy explains what Mirror stores, what it does not store in readable form, and when your content leaves your device.

Mirror is operated by MQ, LLC, a California limited liability company.

1. What Mirror Does Not Store in Plaintext

Mirror does not store readable private reasoning, expectations, learnings, or raw saved chat drafts in the cloud vault. Your saved vault data is encrypted in your browser before it is saved to Mirror's cloud vault. Mirror hosts the encrypted vault so you can access your history across devices, but Mirror does not store your vault key.

If you share a decision with a project team, consulted teammate, or another Mirror user, Mirror may store and show the enterprise-visible layer for that share: decision text, outcome text, dates, project/work-object references, and related metadata. Your reasoning, expectations, and learnings stay private to you unless you choose to disclose them outside Mirror.

Your employer, team, or workspace does not receive your private Mirror reasoning, expectations, or learnings from us.

2. What Mirror Stores

  • Account information, including email, name, role, and a salted password hash
  • Session records needed to keep you signed in
  • Decision metadata, including internal decision ids, shared decision ids, decision timestamps, update timestamps, check-in dates, project links, parent-decision links, work-object references, and whether an outcome exists
  • Encrypted decision vault blobs and encrypted saved chat drafts created in your browser before upload
  • Shared decision records, project decision records, project membership, invitations, consulted-teammate links, and the decision/outcome text needed to show the team-visible accountability layer
  • Privacy-safe product events, such as login, save, export, import, wipe, and check-in activity, plus hashed IP and user-agent data for security
  • OAuth records needed if you connect Mirror to ChatGPT or another MCP client
  • Abstracted decision memory if you explicitly generate or sync it for hosted MCP or agent use
  • Agent access records and agent query logs, including who queried an agent, when, the query text, and the generalized response returned

Product event logs are designed not to include issues, decisions, reasoning, expectations, outcomes, learnings, or generated reflections.

3. Encrypted Cloud Vault

Your account password is used in your browser to derive the vault key that unlocks your encrypted cloud vault. Mirror stores a password hash, not your plaintext password. If an admin resets your password and you do not still have access to the old password or an exported JSON backup, old encrypted decision content may not be recoverable.

Mirror does not keep a readable decision-log cache in browser storage. Unlocked decision content is held in memory for the active session. Live decision-support chat content is held in active browser memory while the chat is open. If you choose Save Draft, your browser encrypts that chat thread with your vault key so you can resume later or open a new chat. Draft chats do not create a saved decision record, abstracted memory, MCP context, or agent memory until you choose Decision Reached and save. If you do not save a draft or decision record, live chat content is discarded from browser memory when the browser tab/session is closed, refreshed, or reset. Mirror may keep a session-only derived vault key so a normal page refresh does not force a full login; it is cleared on logout or when the browser session ends. Exported JSON files are user-controlled copies that you create explicitly.

4. Decision Chat and AI Reflections

Decision Chat and AI-generated reflections are separate from cloud vault storage. When you use Decision Chat, your live chat text, attached images, and relevant recent context are sent through Mirror's authentication proxy to the selected AI provider. When Mirror generates reflections or abstracted memory from saved records, your browser may decrypt the relevant vault records and send that text through the same proxy. The proxy validates that the request is from an authenticated Mirror user and attaches Mirror's API credentials. Mirror's proxy forwards the request and does not store the plaintext request content in Mirror's database, but the content is processed transiently while the response is generated.

We can't read it, and we don't opt-in to third-party AI training. OpenAI states that API inputs and outputs are not used to train models by default unless an organization explicitly opts in. Anthropic states that commercial product and API inputs and outputs are not used for model training by default. The selected provider may retain API inputs and outputs for abuse monitoring, legal compliance, or feature-specific storage according to its own policies. OpenAI may retain API inputs and outputs for up to 30 days by default for many API uses. Anthropic's standard commercial/API policy says API inputs and outputs are deleted within 30 days. Provider-specific exceptions may apply, including legal requirements, policy enforcement, longer-retention features, feedback submissions, or Zero Data Retention arrangements. You can review the provider policies at platform.openai.com/docs/guides/your-data, help.openai.com, privacy.claude.com, and Anthropic's model-training policy.

5. MCP and Agent Access

Mirror's hosted MCP server exposes three tools: ask_mirror, mirror_memory_summary, and mirror_privacy_boundary. These tools query abstracted decision memory, not raw private history. If you make your agent available to another user, Mirror may log that user's query and the generalized response so you can see agent usage.

The normal cloud decision vault is encrypted with the user's account-derived key and is not readable by the hosted MCP server. MCP responses must not expose raw decisions, raw reasoning, company facts, client names, deal amounts, confidential terms, learnings, or outcome records.

6. What You Should Not Submit

Mirror is in private beta. Do not submit confidential, regulated, employer-restricted, medical, legal, financial-account, credential, or highly sensitive personal information. You are responsible for what you choose to log.

7. Your Choices

Access: You can view your unlocked decision data in Mirror when you are signed in.

Export: You can download a full JSON copy of your decision history or an abstracted export that removes obvious personal and company identifiers at export time.

Deletion: You can delete your encrypted decision vault from the app and clear the active browser session. An admin can wipe server-side account data while keeping the login account active, or delete a non-admin beta account. To request deletion, contact hello@use-mirror.com.

California residents: You may request access or deletion under applicable California privacy laws. We do not sell personal data.

8. Security

Mirror uses salted password hashes, authenticated sessions, client-side encryption for cloud vault decision content, and privacy-safe event logging. No system is perfectly secure. During beta, do not log information you would be unwilling to have exposed in the event of a breach, device compromise, model-provider disclosure, or legal process.

9. Children

Mirror is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes

We may update this policy as Mirror changes. Continued use after an update means you accept the updated policy.

11. Contact

MQ, LLC / Mirror
hello@use-mirror.com