Privacy Policy

Last updated: 2 March 2026

Effective date: 2 March 2026

1. Who We Are

Miromap ("we", "us", "our") is a product operated by Ambassador Digital Ltd, registered in England and Wales. We provide a Chrome browser extension and associated website at miromap.com that helps users export, organise, and back up AI conversations from third-party platforms.

Data controller contact: privacy@miromap.com

2. What Data We Collect

2.1 Extension (Free Tier)

The free extension processes all data locally in your browser. We do not collect, transmit, or store any of your AI conversation content. Specifically:

  • Conversation text is read from AI platform pages solely to generate export files
  • Export files are created locally and downloaded directly to your device
  • Format preferences are stored in Chrome local storage on your device only
  • No analytics, tracking pixels, or telemetry are embedded in the free extension

2.2 Extension (Pro Tier)

If you upgrade to Pro, the following additional data processing occurs:

  • Account email: Required for authentication and licence validation via Supabase
  • Payment data: Processed by Stripe. We do not see or store your full card number
  • Google Drive backup (optional): If enabled, conversation exports are uploaded to your own Google Drive via OAuth. We do not store copies of your backed-up data

2.3 Website

When you visit miromap.com, we may collect:

  • Usage analytics: Page views, referral source, device type, and browser via privacy-friendly analytics (no personal identifiers)
  • Contact form submissions: Name, email, and message content when you contact us
  • Cookies: Essential cookies for site functionality. See our Cookie Policy for details

3. How We Use Your Data

We use collected data exclusively to:

  • Provide and maintain the Miromap extension and website
  • Process payments and manage Pro subscriptions
  • Respond to support requests and contact form submissions
  • Improve the product through aggregated, anonymised usage statistics
  • Send transactional emails (purchase confirmations, password resets)

We do not use your data for advertising, profiling, or selling to third parties. We will never sell your personal data.

4. Legal Basis for Processing (UK GDPR)

We process personal data under the following lawful bases:

  • Contract performance: Processing account and payment data to deliver Pro features you have purchased
  • Legitimate interest: Anonymised analytics to improve the product, fraud prevention
  • Consent: Marketing communications (if and when offered), optional Google Drive integration

5. Data Sharing & Third Parties

We share data only with the following processors, strictly for service delivery:

  • Supabase (US): Authentication and user account storage
  • Stripe (US): Payment processing
  • Vercel (US): Website hosting
  • Resend (US): Transactional email delivery
  • Google (US): Google Drive API for optional backup feature (user-authorised only)

All processors are bound by data processing agreements. For transfers outside the UK, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request
  • Payment records: Retained for 7 years as required by UK tax law
  • Contact form submissions: Retained for 12 months then deleted
  • Analytics data: Aggregated and anonymised; no individual retention
  • Extension local storage: Under your control; cleared when you uninstall the extension

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Where processing is based on consent, withdraw at any time

To exercise any right, email privacy@miromap.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS/HTTPS), secure authentication, and access controls. The extension processes data locally to minimise exposure. No system is 100% secure, but we take reasonable steps to protect your information.

9. Children

Miromap is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

10. Cookies

Our website uses essential cookies for site functionality. For full details, see our Cookie Policy.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the website. Continued use of Miromap after changes constitutes acceptance of the updated policy.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Contact

For any privacy-related questions or requests:

Email: privacy@miromap.com

Website: miromap.com/contact