1. Data Controller

Miraye Solutions OÜ — Estonian limited liability company (OÜ) — Estonian Commercial Register : 14717109 — VAT (EE) : EE102156920 — Headquarters : Lõõtsa tn 8a, 11415 Tallinn, Estonia — Email : contact@miraye.com

2. Data Processed

Identity & Contact : last name, first name, email, phone, language, country.

Account : credentials, photo, biography, skills, languages, certifications.

Imported Contacts : If you create an account via Google and authorize access to your Google contacts during signup, we import the name and email of your contacts to suggest people to invite. You can delete these contacts at any time from your Contacts page.

Commercial: bookings, history, invoices, payments (Stripe references), session notes.

Technical : logs, IP, device, browser, cookies/trackers, preferences.

Content : messages, posts, articles, reviews and reports.

3. Purposes & Legal Bases

Service Provision (account creation, matchmaking, booking, video, messaging) — contract performance (art. 6-1-b).

Payments & Fraud Prevention — legitimate interest / legal obligation.

Support & Security (support, logging, abuse prevention) — legitimate interest (art. 6-1-f).

Product Improvement & Analytics — legitimate interest ; for non-essential analytics, consent (art. 6-1-a).

Marketing (emails, notifications) — consent or legitimate interest B2B as applicable, with opt-out.

Legal Obligations (accounting, tax, DSA) — legal obligation (art. 6-1-c).

4. Retention

Account: during service usage then 24 months after last activity or closure.

Accounting documents/invoices : 10 years according to applicable law.

Technical logs : 12 months.

Cookies : according to their purpose (see Cookies section).

5. Recipients & Processors

Limited access to authorized personnel at Miraye. List of processors:

Hosting : Vercel : https://vercel.com/docs/security/compliance#gdpr

Hosting : AWS : https://aws.amazon.com/fr/compliance/gdpr-center/

Payment Processing : Stripe : https://stripe.com/fr-ca/privacy

Payment Processing : Paypal : https://www.paypal.com/fr/webapps/mpp/paypal-and-your-data

6. Transfers outside EEA

If transfers to third countries occur, we use appropriate safeguards (EU Standard Contractual Clauses, Binding Corporate Rules, or adequacy decision).

7. Your GDPR Rights

Access, rectification, erasure, restriction, portability, objection. Withdraw consent at any time for processing based on your consent. Post-mortem directives (if applicable in your country). Exercise your rights: contact@miraye.com.

8. Security

Encryption in transit (TLS), access control, logging. Regular testing and patches, backups. Incident management and notification procedure as required by GDPR.

9. Cookies & Trackers

Essential : necessary for functionality (auth, cart, security).

Functional : user comfort.

Analytics : aggregated statistics — deployed with consent if non-essential.

Marketing : disabled by default, subject to consent.

10. Minors

The service is not intended for those under 16 years old. If a minor registers, their account may be closed.

11. Automated Decisions & Profiling

No exclusively automated decision producing legal effects. Possible content recommendations may be based on your interactions (light profiling).

12. Data Sources

Data comes directly from you, and possibly with your consent if you accept the transfer of information from a partner site.

13. Changes

We may update this policy. In case of substantial changes, we will indicate it on the website.