Mirror Reader Privacy Policy
Effective Date: July 16, 2026
Last Updated: July 16, 2026
This Privacy Policy explains how Mirror Reader ("Mirror Reader," "we," "us," or "our") collects, uses, stores, and shares information when you use the Mirror Reader mobile application, website, and related services (collectively, the "Service").
Mirror Reader is a reading and language-learning service. It provides a cloud catalog of public-domain books, generated covers and translations, reading and vocabulary tools, subscriptions, pronunciation feedback for learners of English, and Creator tools for importing user-provided texts. A user-provided text can be a book, document, article, note, study material, or other supported text. Import and translation are not limited to one fixed language pair; available languages and quality depend on the app version and the configured translation model.
For privacy questions or requests, contact [email protected].
1. Summary
- We collect account, learning, subscription, device, usage, diagnostic, network, support, and user-content information as described below.
- Guest mode creates a real cloud-backed anonymous account. Registered users may sign in with Apple, an email code or link, or email and password.
- Creator users can upload their own texts. When they request cloud preparation or translation, text fragments and selected languages may be processed by an AI routing intermediary and one or more selected or automatically routed model providers.
- Model providers have different rules for retention, training, evaluation, and service improvement. Mirror Reader does not promise that every model route is Zero Data Retention (ZDR). See Section 4.
- Eligible Premium and Creator users can request pronunciation feedback for English. Short recordings leave the device and are processed in parallel by a third-party cloud speech-analysis provider and a Mirror Reader-operated phonetic-analysis service. The audio is discarded after the real-time request.
- Apple processes subscription payments. We do not receive payment-card details.
- We do not use IDFA, third-party advertising SDKs, cross-app advertising tracking, or data-broker sharing.
- You can delete a cloud account and its active synced data in the app. Deleting a Mirror Reader account does not cancel an Apple subscription.
2. Information We Collect
2.1 Account and Sign-In Information
Mirror Reader may create a cloud-backed guest account before registration. If you register or sign in, we may process:
- email address, including an Apple private relay address where applicable;
- authentication provider and sign-in method;
- authentication-service user ID, scoped user ID, account ID, and related authentication identifiers;
- Apple authentication identifiers and authorization records needed for Sign in with Apple and revocation on account deletion;
- account creation time, sign-in time, session and security events; and
- encrypted access and refresh tokens needed to keep the account signed in.
Passwords are handled by our authentication provider. Mirror Reader does not store or log a plain-text password in its own backend or app data. The iOS app stores session tokens in the iOS Keychain.
2.2 Reading, Library, and Learning Data
We may process and sync:
- books and texts opened, reading position, progress, and completion activity;
- bookmarks, annotations, saved places, and library selections;
- dictionary and vocabulary words;
- assessments, answers, scores, and learning progress;
- native, learning, interface, source, and target language choices;
- theme, font, layout, playback, and reader settings; and
- related sync state and timestamps.
In-reader search runs against reading content. The current release does not intentionally maintain a separate cloud search-history profile.
2.3 User-Provided Texts
Creator users may import texts from supported files. Depending on the feature used, we may process and store:
- the uploaded file and file name;
- extracted text, title, author, chapter structure, and language metadata;
- preparation and translation jobs, fragments, language layers, and alignments;
- generated translations and processed packages;
- prompts and responses used to prepare the text; and
- technical status, error, usage, and cost metadata.
The uploaded text and generated artifacts are stored so the text can be prepared, opened, synchronized, and restored across sessions or devices. Translation and alignment caches can contain original and translated fragments. A bounded internal AI diagnostic log can contain request prompts and model responses so we can investigate failures and quality problems. Account deletion removes rows tied to the deleted user from these active caches and logs, as described in Section 8.
Do not upload confidential, legally protected, highly sensitive, or third-party material unless you have the rights and a suitable legal basis to process it through the providers described in this Policy.
2.4 Subscription and Purchase Data
Mirror Reader offers auto-renewable Premium and Creator subscriptions through Apple StoreKit. Premium unlocks full cloud catalog books. Creator includes Premium access and adds import and cloud preparation of user-provided texts.
We may receive or store:
- entitlement and plan status;
- StoreKit product ID;
- transaction ID, signed transaction evidence, subscription state, and purchase history;
- renewal, expiration, refund, revocation, and cancellation status; and
- technical license and content-access records.
Apple handles payment-card and Apple Account payment information. Deleting a Mirror Reader account does not cancel billing through Apple.
2.5 Pronunciation Audio and Feedback
Eligible Premium and Creator users whose learning language is English can hold a word and choose to record a short pronunciation attempt. The app shows a recording indicator while the microphone is active.
For each request:
- the app keeps a temporary recording on the device only while the result is open, so the user can replay it, and removes it when the result is closed or replaced;
- the audio and selected English word are sent through Mirror Reader's backend to a third-party cloud speech-analysis provider for real-time pronunciation assessment;
- the audio bytes, without the selected word, are also sent to a separate Mirror Reader-operated phonetic-analysis service, which returns detected speech sounds and timing;
- the Mirror Reader-operated service analyzes the audio in memory, does not write the recording to a file, and runs without request access logs;
- Mirror Reader's backend does not store the recording, selected word, raw processor responses, or result history after returning the response; and
- the third-party cloud processor is configured for real-time processing and does not retain customer audio for this feature after servicing the request.
We may retain non-content operational data, such as request count, audio duration, status, provider latency, error category, and estimated cost, for quota enforcement, reliability, security, and abuse prevention. If the Mirror Reader-operated phonetic-analysis service is unavailable, the feature can still return cloud-provider feedback without the additional detected-sound analysis.
Microphone access is optional. Denying or revoking permission does not block ordinary reading features.
2.6 Device, IP, Usage, and Diagnostic Data
We may process:
- app opens, session activity, and feature interactions;
- app version, build, operating system, device model, platform, and locale;
- app installation identifier, guest device key and hash, device fingerprint, and guest recovery records;
- DeviceCheck, App Attest-style, or similar platform-integrity signals;
- IP address, IP hash, and approximate city, region, country, timezone, or locale derived from IP;
- request, security, error, crash, reliability, and performance logs; and
- quota, entitlement, license, download, and anti-abuse events.
Admin and support tools may show the most recent full IP address and IP-derived approximate location for security, fraud prevention, diagnostics, and support. We do not use this information for third-party advertising tracking.
2.7 Website and Communications
Our website may process IP address, browser and device information, pages viewed, referral data, security signals, cookies, and similar technical data needed for hosting, reliability, analytics, and abuse prevention. If you contact us, we process your email address, message, attachments, and information you choose to provide.
3. How We Use Information
We use information to:
- provide and secure guest and registered accounts;
- sync reading, library, vocabulary, settings, and learning state;
- provide catalog access and subscription entitlements;
- import, extract, translate, align, store, synchronize, and display user-provided texts;
- provide optional English pronunciation and phoneme feedback;
- enforce quotas, licenses, device integrity, and anti-abuse rules;
- diagnose errors, investigate quality problems, and improve reliability;
- provide support and respond to privacy requests;
- process Apple subscription state; and
- comply with law, accounting, security, App Store, and legal obligations.
We do not sell personal information or use it for cross-context behavioral advertising.
4. AI Translation and Model Providers
Catalog translations may be generated before publication. User-provided texts are processed dynamically only when the user starts a preparation or translation feature.
Mirror Reader currently uses an AI routing intermediary for these dynamic text-model requests. We send the text fragments needed for the requested operation, selected source and target languages, and system instructions. We do not intentionally include account credentials, reading progress, bookmarks, vocabulary lists, assessment results, purchase history, or pronunciation audio in a text-translation request.
The intermediary transmits inputs to a model provider selected by an explicit choice or automatic routing. Different model providers and even different endpoints from the same provider may have different rules about:
- retaining inputs and outputs;
- using them to train, fine-tune, evaluate, or improve models;
- abuse and safety review;
- human access;
- processing location; and
- deletion and retention periods.
The routing intermediary and selected model provider can apply different policies to request content and metadata. Mirror Reader therefore takes a conservative approach when a provider's storage or training practices cannot be confirmed.
Some routes offer Zero Data Retention (ZDR) endpoints, which are designated as not storing request data. Mirror Reader's current request code does not force a per-request ZDR restriction for every translation, and account-level or route-level settings may change. Unless Mirror Reader expressly identifies a request as ZDR-enforced, users should not assume every selected provider is ZDR or that every provider forbids model training.
Generated translations and alignments can be inaccurate. They are not certified or official translations and should not be used as the sole basis for legal, medical, financial, safety-critical, or other high-stakes decisions.
5. How We Share Information
We share information only as needed for the Service, with your direction, or where legally required. Current categories include:
- authentication and database providers: account authentication, database records, synced learning state, and service logs;
- hosting, content-delivery, object-storage, network, and security providers: website and API delivery, stored packages, network metadata, security, and performance;
- AI routing intermediaries and model providers: user-provided text fragments, language settings, and instructions needed for requested text preparation or translation;
- a third-party cloud speech-analysis provider: short audio and the selected English word for real-time pronunciation assessment;
- a Mirror Reader-operated phonetic-analysis service: short audio only, for transient detected-sound analysis; and
- Apple: App Store distribution, StoreKit, Sign in with Apple, DeviceCheck and platform security, TestFlight, analytics, and crash reports.
These parties may act as processors or independent controllers under their own terms and policies. Mirror Reader maintains the actual provider identities in its internal processor records and provides recipient information where applicable law requires. We may also disclose information to comply with law, protect users and systems, address fraud or security incidents, or complete a business transfer subject to applicable protections.
6. Legal Bases
Where a legal basis is required, we rely on one or more of:
- performance of a contract, to provide the features the user requests;
- legitimate interests, such as operating, securing, debugging, and improving the Service;
- consent, including optional microphone access and optional features where required; and
- legal obligations, including accounting, tax, security, and lawful requests.
7. Retention
We retain active account, learning, user-text, and subscription records while needed to provide the Service and until deletion, subject to backup cycles and legal requirements. Some operational logs and security records are retained for limited periods. AI diagnostic logs are bounded rather than intended as a permanent content archive.
Guest accounts with no meaningful activity may be identified for cleanup after a configured inactivity period. Provider-side copies are governed by the applicable provider policy and may not be automatically erased by deleting a Mirror Reader account.
8. Account and Data Deletion
Users can delete a registered or guest cloud account from Profile. The backend removes the authentication account and associated synced records, owned user-text files and processed packages, preparation and translation jobs, generated language layers and alignments, user-linked processing caches, AI prompt/response diagnostic logs, sync events, licenses, device links, App Attest records, and other active user-scoped records. Shared catalog material that must remain is detached from the deleted user identifier.
For an administrator-initiated deletion, Mirror Reader may retain a minimal deletion audit containing the deleted internal account ID, deletion time, status, and counts, without retaining the deleted profile or uploaded text in that audit. Limited security, legal, accounting, fraud-prevention, or Apple transaction records may be retained where necessary or permitted.
Deleting a Mirror Reader account does not:
- cancel an Apple subscription;
- delete Apple's purchase or account records;
- guarantee deletion from a model provider beyond that provider's policy; or
- remove every operating-system backup immediately.
See Data Deletion or contact [email protected].
9. Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, restrict, object, withdraw consent, receive a copy, or appeal a privacy decision. Use the in-app deletion option or contact [email protected]. We may verify identity before acting on a request.
We do not sell personal information or share it for cross-context behavioral advertising.
10. International Processing
Mirror Reader and its providers may process information in the United States and other countries. Data-protection laws may differ from those in your country. We use legally required safeguards where applicable.
11. Security
We use administrative, technical, and organizational safeguards designed to protect information. These include encrypted transport, authenticated provider endpoints, token protection, platform Keychain storage, and access controls. No system is completely secure. You are responsible for protecting your device and account credentials.
12. Children's Privacy
Mirror Reader is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Contact [email protected] if you believe a child has provided personal information.
13. Third-Party Links
Third-party websites and services have their own privacy practices. This Policy does not control those services.
14. Changes
We may update this Policy as the Service, providers, or laws change. We will update the date above and provide additional notice where required.
15. Contact
Mirror Reader Email: [email protected] Website: https://www.mirrorreader.com