Privacy Policy
1. Who we are
Hey Mira is an astrology AI service available as a Telegram bot (@HeyMiraBot), mobile apps for Android (Google Play) and iOS (App Store), and, in the future, a web version at heymira.live.
The controller of your personal data:
MB HeyMira — a Lithuanian small partnership (Mažoji bendrija) Company code: 307651397 · VAT: LT100020121516 Address: Perkūnkiemio g. 19, Vilnius, LT-12120, Lithuania, EU Email for data matters: support@heymira.live
2. Adults only (18+)
Hey Mira is intended exclusively for people who are 18 or older. By signing up and using the service, you confirm that you are at least 18 years old.
We do not knowingly collect data from minors. If we learn that data was provided by a user under 18, we will stop processing it, delete the data, and close the account. If you believe a minor has shared their data with us, write to support@heymira.live — we will look into it and delete the data.
3. What data we collect
Data you provide yourself:
- Birth data — your name, date, time (if provided), and place of birth. This is the foundation of your natal chart; the service does not work without it.
- Chat messages — your questions and Mira's responses. We keep these so Mira remembers the context of your conversations and can return to it.
- Data about third parties — if you use compatibility analyses or build natal charts for other people in our products, you enter the name, date, time, and place of birth of those people (a partner, relative, colleague). See the dedicated Section 5.
- Email — in the mobile apps, for your account and communication.
Data we receive automatically:
- Telegram user ID and username — in the Telegram version, to identify your account.
- Subscription and purchase data — subscription status, purchase history. The payments themselves are handled by payment platforms: Telegram (Stars), Google Play, Apple, and, in our products with direct payment (such as the web version), Stripe or a similar payment provider. We do not receive or store card numbers.
- Technical data — timestamps, message counts, usage statistics, device identifiers (in the mobile apps), crash data.
We do not collect real-time location data and do not access your contacts, photos, or other device data without your knowledge. Certain features of our apps may request access to such data — for example, to your contacts, to notify you that someone you know also uses the service (works only when both people have allowed syncing). Such access is possible only with your explicit consent, is requested separately at the moment you enable the feature, and can be revoked in settings at any time.
4. Why and on what basis we process data
- Building your natal chart, chatting with Mira, forecasts, compatibility — i.e., providing the service itself — Birth data, chat messages, account identifiers · Performance of a contract — Art. 6(1)(b)
- Processing subscriptions and purchases — Subscription data, identifiers · Performance of a contract — Art. 6(1)(b)
- Conversation memory: Mira remembers names, topics, and the context of your conversations — Chat messages · Performance of a contract — Art. 6(1)(b)
- Processing sensitive topics you choose to raise in the chat (Section 6) — Chat messages · Explicit consent — Art. 9(2)(a)
- Analyses involving third-party data (Section 5) — Third parties' birth data · Legitimate interest — Art. 6(1)(f)
- Marketing messages and product news — Account identifiers · Consent — Art. 6(1)(a), separate opt-in, withdrawable at any time
- Security, abuse and fraud prevention — Technical data · Legitimate interest — Art. 6(1)(f)
- Bug fixing and service improvement — Technical data, de-identified statistics · Legitimate interest — Art. 6(1)(f)
We do not sell your personal data and do not share it with third parties for their own advertising. We may use de-identified and aggregated data — which does not allow you to be identified — for analytics, service improvement, training our own AI models, and marketing purposes. If we ever want to use your personal data in a way not described in this policy (for example, to train models on non-anonymized data), we will ask for your separate consent first.
5. Third-party data: compatibility and other people's charts
When you enter another person's birth data — for a compatibility analysis, a group reading, or to build their natal chart in any of our products — you are providing us with a third party's personal data. The rules here are:
- By entering another person's data, you confirm that you have the right to share it — for example, you have that person's consent, or you have another lawful basis (you are a parent, or the data concerns your family life).
- We use this data only to build the chart and produce the analyses you requested. We do not contact these people, do not create user profiles for them, and do not use their data for any other purpose.
- This data is stored within your account and is deleted together with it.
- If someone entered your data into Hey Mira and you object — write to support@heymira.live. We will delete your data from the service and confirm the deletion. This is your right under Art. 21 GDPR.
6. Sensitive data in the chat
Conversation with Mira is open-ended. You may choose to talk about your health, relationships, intimate life, or religious or philosophical views. Under the GDPR, these are special categories of data (Art. 9).
Before you start using the chat, we ask for your explicit consent to process such data if you choose to share it. Without this consent, the chat is unavailable, because we cannot technically know in advance what you will write.
You can withdraw your consent at any time (in settings or by writing to support@heymira.live) — in that case we will delete your chat history. We recommend not sharing sensitive information beyond what your question actually requires.
7. AI processing: who processes your data and where
Mira's responses are generated by large language models (LLMs). To make that possible, fragments of your data (the relevant part of your natal chart, your question, the conversation context) are transmitted to AI providers:
- Amazon Web Services (AWS Bedrock) — Stockholm region, Sweden (eu-north-1)
- Microsoft Azure (Azure OpenAI / Azure AI) — Sweden Central region, Sweden
Processing takes place in data centers within the EU. Your data is not transferred to data centers outside the EU during AI processing. This is an architectural decision: we chose the European regions of both providers.
For transparency: AWS and Microsoft are companies headquartered in the United States. Transfers of data to them as processors are legally protected by the EU Standard Contractual Clauses and/or certification under the EU-U.S. Data Privacy Framework. As with any US-based provider, there is a theoretical possibility of data requests by US authorities under US law (for example, the CLOUD Act). We minimize this risk: data is stored and processed in European regions, the volume of data sent to AI models is limited to what is necessary, and the providers are contractually prohibited from using your data to train their models.
Voice and other multimedia features (for example, spoken forecasts and responses) are provided by speech synthesis and related AI services; the content transmitted for processing is limited to what the specific feature requires.
The current list of subprocessors is available on request at support@heymira.live.
8. Who else we share data with
- Telegram — the platform the bot runs on (if you use the Telegram version). Telegram's data processing is governed by its own policy.
- Telegram Stars / Google Play / Apple App Store — payment processing. Payment data (cards) is handled by the platforms themselves.
- Hosting and infrastructure — servers in EU data centers.
We may disclose data where required by law, a valid court order, or a binding request from a competent authority — to the minimum extent necessary, and after verifying the lawfulness of the request.
9. Retention periods
- Birth data and profile — for as long as you have an account.
- Chat history — for as long as you have an account, to maintain conversation memory.
- Third-party data — for as long as you have an account, or until the third party themselves requests deletion.
- Inactive accounts — data is deleted 24 months after your last activity.
- Payment records — we keep transaction records for as long as Lithuanian accounting and tax law requires (up to 10 years), in minimal form.
- Deletion on request — at any time (Section 11).
10. Security
Data is stored on protected servers in EU data centers. We apply encryption in transit, access controls, data minimization in AI requests, and regularly review our safeguards. No system can guarantee absolute security, but we treat protecting your data as a baseline requirement, not an option.
11. Account deletion and your rights
You can delete your account:
- in the mobile app — via the "Delete account" button in settings;
- at heymira.live/delete — without installing the app;
- in the Telegram bot — via the "Help" section;
- by writing to support@heymira.live.
When your account is deleted, your birth data, chat history, third-party data, and profile are deleted. We retain only what the law obliges us to keep (for example, payment records for accounting) and information necessary to prevent abuse.
Your rights under the GDPR:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data (birth data can be changed in your profile).
- Erasure — the "right to be forgotten."
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Restriction — request that processing be restricted.
- Withdrawal of consent — at any time, without affecting the lawfulness of processing before withdrawal.
Send requests to support@heymira.live. We respond within 30 days.
Complaint to a supervisory authority. If you believe we are violating your rights, you can contact the Lithuanian supervisory authority — the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, [email protected] — or the data protection authority of your EU country of residence.
12. AI notice (EU AI Act)
Mira is an artificial intelligence system, not a human. We tell you this at the first interaction and within the service interface. The content Mira generates — texts, forecasts, voice messages — is AI-generated and is labeled as such in accordance with Art. 50 of the EU Artificial Intelligence Act.
13. Cookies (heymira.live website)
The heymira.live website uses only technically necessary cookies. If we add analytics or other non-essential cookies, we will ask for your consent via a banner before setting them and publish a detailed cookie policy.
14. Changes to this policy
We may update this policy. We will announce material changes within the service (via a notification in the bot or app) at least 7 days before they take effect. The date of the last update is always shown at the top of this document.
15. Contact
Data controller: MB HeyMira, code 307651397, Perkūnkiemio g. 19, Vilnius, LT-12120, Lithuania, EU Email for privacy and data subject rights: support@heymira.live