1. Introduction
Jakub Rusniok, doing business as JRcreative (sole proprietor, IČO 05282241, DIČ CZ9411175411) (“we,” “our,” “us”) respects your privacy. This Policy explains how we collect, use, disclose, and safeguard your information when you use the Miretta mobile application (“App”). By installing or using the App you accept these practices.
2. Information We Collect
2.1 Information You Provide
- Display name (optional)
- Optional gender selection
- Apple / Google authentication tokens
- Chosen affirmation categories, notification schedule, favourites
- Progress data (completed affirmations, streak length)
2.2 Information Collected Automatically
- Feature interactions, completion logs, session duration
- Crash reports, device model, OS version, App version
- Time-zone and locale, Firebase Analytics events, push-token
2.3 Information from Third-Party Sign-In
When you use Apple or Google sign-in we receive a unique identifier and, if you grant permission, your display name and email address.
3. How We Use Your Information
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide core features, sync data, send reminders | Contract |
| Personalise affirmations & UX | Legitimate interest |
| Analytics, crash diagnosis, feature improvement | Legitimate interest |
| Payment processing & subscription management | Contract |
| Compliance with laws, fraud prevention | Legal obligation / Legitimate interest |
| Marketing email (only if introduced later) | Consent |
4. Data Storage & Security
| Location | Provider | Safeguards |
|---|---|---|
| User auth & cloud data | Google Firebase (EU servers where possible) | TLS in transit, AES-256 at rest |
| Subscription status | RevenueCat | PCI-DSS compliant payment partners |
| Local device cache | Your device | OS sandbox & encryption |
5. Data Sharing
- Firebase / Google – authentication, analytics, storage
- RevenueCat – subscription validation (no raw card data)
- Apple & Google – in-app purchases
- Legal / safety – where required by law or to protect users
We do not share data with advertising networks and do not sell personal data.
6. Your Rights & Choices
6.1 In-App Controls
- Edit profile data in Settings.
- Request Deletion: Open Settings → Request Deletion. The App launches a pre-filled email that contains your anonymous User-ID. After we receive the email, we permanently erase all cloud data within 30 days and confirm the deletion via reply.
- Opt-out of analytics in Settings.
- Disable notifications in device settings.
6.2 GDPR & CCPA Requests
Email privacy@jrcreative.cz with any additional requests (access, rectification, portability, etc.). We will verify your identity before processing.
6.3 Data Retention
- Active accounts – stored until deletion
- Crash / analytics logs – 24 months (aggregated thereafter)
- Subscription receipts – 10 years (Czech accounting law)
- Legal claim data – for the statutory limitation period
7. Children’s Privacy
The App is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from them. Contact us if you believe a child has provided information so we can delete it.
8. International Transfers
Data may be processed outside your country. We rely on EU Standard Contractual Clauses or similar safeguards where required.
9. Analytics & Advertising
Analytics: Firebase Analytics collects anonymised usage metrics. You can opt-out in Settings or via system privacy options.
Advertising: The App displays no third-party advertisements.
10. Push Notifications
We store a device token to deliver reminders. Disable notifications anytime in your device settings.
11. Subscriptions & Payments
Payments are processed by Apple / Google. We receive a transaction identifier, never your card details. RevenueCat stores subscription status.
12. Data-Incident Response
If a personal-data breach occurs we will investigate promptly, contain the issue, notify affected users and regulators where required.
13. Changes to This Policy
We may update this Policy. We will change the “Last Updated” date and highlight material changes in-app. Continued use after an update means acceptance.
14. Regional Notices
14.1 EU / EEA
You have rights under GDPR. Supervisory authority: ÚOOÚ (Czech Data Protection Authority).
14.2 California
We do not sell personal information. You have CCPA rights to know, delete and non-discrimination.
15. Contact
Data Controller
Jakub Rusniok – JRcreative (OSVČ)
Vendryně 927, 739 94 Vendryně, Czech Republic
General inquiries: support@jrcreative.cz
Privacy requests / DPO: privacy@jrcreative.cz
Effective as of 12 June 2025 and supersedes all previous versions.