1. Who we are
Mirkaat is operated by 26Studio LLC, a company registered in the state of Wyoming, United States. Mirkaat is a B2B SaaS platform designed exclusively for social media agencies and freelancers. It is not intended for personal or consumer use.
For any privacy-related questions, requests, or concerns, contact: hello@mirkaat.com.
We do not currently have a designated Data Protection Officer. All data protection queries are handled directly by the founding team.
2. Who this policy applies to
- Agency users and freelancers who create a Mirkaat account ("you", "users")
- Visitors to our website at mirkaat.com
- Client data that agency users upload or generate within the platform (data relating to their own end clients - brands, businesses, etc.)
Mirkaat is a business-to-business platform. We do not knowingly collect data from individuals under the age of 18, and our service is not directed at consumers. By creating a Mirkaat account, you confirm that you are acting on behalf of a business or as a professional freelancer.
3. What data we collect and why
3a. Account and agency data
When you create a Mirkaat account, we collect:
- Full name - to identify your account and personalise your experience
- Work email address - to create your account, send transactional emails, and communicate with you
- Phone number - provided during signup for account verification and support purposes
- Agency name and agency type - to configure your workspace appropriately
- Agency logo - uploaded by you, stored and used to brand generated reports
- Agency brand colours - stored and applied to report templates as your default branding
Legal basis (GDPR): Performance of a contract - this data is necessary to provide the Mirkaat service you have signed up for.
3b. Client data you upload
As part of using Mirkaat, you may upload or enter data relating to your own clients (the brands or businesses you manage). This includes:
- Client name
- Client website URL
- Client logo
- Client brand colours
- Client context notes - free-text descriptions you write about each client, used to inform AI commentary generation
This data is stored securely on our infrastructure and is used solely to generate reports on your behalf. We do not sell, share, rent, or use your clients' data for any purpose other than operating the Mirkaat service for you.
Legal basis (GDPR): Legitimate interests - storing this data is necessary for us to provide the core reporting functionality you have contracted us for.
3c. Social media performance data
When you connect a client's Instagram or Pinterest account to Mirkaat, we pull performance data directly from the official Instagram Graph API and Pinterest API. This includes metrics such as follower counts, engagement rates, reach, impressions, post performance data, and similar analytics.
We store this data on our infrastructure for the following purposes:
- To generate the current report
- To enable historical comparison between reporting periods (for example, comparing March 2025 to February 2025)
- To display performance trends within the Mirkaat dashboard
We do not sell this data, share it with third parties for commercial purposes, or use it to train any AI models. Social media credentials (passwords) are never stored by Mirkaat - we use the official OAuth authentication flows provided by Instagram and Pinterest.
Legal basis (GDPR): Performance of a contract - storing this data is necessary to provide the comparison and historical reporting features of Mirkaat.
3d. Generated report data
- We do not store the Google Slides file on our servers. The finished deck is delivered directly to your connected Google Drive via the Google Slides API.
- We do store a copy of the report content (the data, AI-generated commentary, and slide structure) within the Mirkaat in-app report editor. This allows you to view, edit, and reference past reports inside the platform.
- AI commentary is generated using Anthropic's Claude API at the point of report generation. We pass relevant metrics and your client context notes to Claude to produce the commentary. This data is not retained by Anthropic for training purposes under our API usage agreement.
Legal basis (GDPR): Performance of a contract - storing report content is necessary to provide the report history, editing, and comparison features.
3e. Payment data
Payments are processed by Dodo Payments. When you enter payment details, that information is transmitted directly to and stored by Dodo Payments. Mirkaat does not store, process, or have access to your full payment card details.
We receive and store:
- Subscription plan information
- Billing history and invoice records
- Transaction IDs for support and dispute resolution purposes
Please refer to Dodo Payments' privacy policy for details on how they handle your payment data.
Legal basis (GDPR): Performance of a contract and legal obligation - we are required to maintain billing records.
3f. Usage and analytics data
We use Google Analytics on both our public website and within the Mirkaat dashboard to understand how users interact with our product. This may include pages visited and time spent, features used, device/browser/OS, country or city level geography, and referral source.
We also use Hotjar for session recording and heatmap analysis. Hotjar records anonymised user sessions within the dashboard to help us understand user behaviour and identify usability issues. Hotjar is configured to mask any sensitive form fields and personal information.
You can opt out of Hotjar tracking at any time by visiting hotjar.com/legal/compliance/opt-out.
Legal basis (GDPR): Legitimate interests - understanding how our product is used allows us to improve it for all users.
3g. Cookies and tracking technologies
We use the following categories of cookies:
Essential cookies - Necessary for platform operation (sessions, security tokens, core preferences). These cannot be disabled.
Analytics cookies - Used by Google Analytics. These are only placed with your consent via our cookie banner.
Marketing and tracking cookies - Used for Meta and Google Ads campaign measurement and ad relevance.
You can manage cookie preferences via the Cookie settings link in the footer of our website. You can also opt out of interest-based advertising at youradchoices.com or youronlinechoices.eu.
Legal basis (GDPR): Consent - we obtain your consent for non-essential cookies before placing them.
3h. Communications data
We use Resend to send transactional and marketing emails. We collect and store email open rates, click rates, and email preferences/unsubscribe status.
You can unsubscribe from marketing emails at any time. Transactional emails (account notifications, billing receipts, password resets) cannot be opted out of because they are necessary for account operation.
Legal basis (GDPR): Consent for marketing emails. Legitimate interests for transactional emails.
4. How we store and protect your data
Infrastructure
Your data is stored on infrastructure provided by Vercel, with servers located in Singapore, Ireland (EU), and New York (USA). Data may be stored in or processed through any of these regions depending on your location and system load balancing.
Security measures
- All data is encrypted in transit using TLS (HTTPS)
- All data is encrypted at rest
- Access to production data is restricted to authorised team members only
- OAuth tokens for Instagram and Pinterest are stored in encrypted form
- Regular security practice reviews
No method of transmission or storage is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. Use a strong, unique password for your Mirkaat account.
5. Third parties who access your data
We do not sell your data. We do not share your data for advertising purposes. The following providers process limited data as necessary:
| Third party | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Anthropic (Claude API) | AI commentary generation | Client context notes, report metrics | anthropic.com/privacy |
| Google (Slides API) | Report deck delivery | Report content, formatting | policies.google.com |
| Google Analytics | Usage analytics | Anonymised usage data | policies.google.com |
| Hotjar | Session recording and heatmaps | Anonymised session data | hotjar.com/legal/privacy |
| Dodo Payments | Payment processing | Billing details | dodo payments privacy policy |
| Resend | Transactional and marketing email | Email address, name | resend.com/legal/privacy-policy |
| Vercel | Hosting and infrastructure | All platform data (encrypted) | vercel.com/legal/privacy-policy |
| Meta | Advertising pixel | Website visitor behaviour | facebook.com/privacy |
| Google Ads | Advertising pixel | Website visitor behaviour | policies.google.com |
6. Data retention
- Account data - retained for active account duration, plus 30 days after deletion for accidental recovery
- Report and client data - retained for active account duration, then deleted within 30 days
- Social media performance data - retained for active account duration, deleted with account
- Billing records - retained for 7 years to meet legal obligations
- Analytics data - retained in anonymised, aggregated form per provider defaults
- Email marketing data - retained until unsubscribe or deletion request
Once data is deleted, it is permanently and irreversibly removed.
7. Your rights
If you are in the UK or EU (GDPR)
- Right to access
- Right to rectification
- Right to erasure
- Right to data portability
- Right to restrict processing
- Right to object
- Right to withdraw consent
If you are in the United States
Depending on your state, you may have additional rights under laws such as CCPA or similar state legislation. We do not sell personal information.
How to exercise your rights
Email hello@mirkaat.com with the subject line "Data Request" and details of your request. We will respond within 30 days and may ask for identity verification.
You also have the right to lodge a complaint with a supervisory authority. In the UK this is the ICO (ico.org.uk).
8. Connected social media accounts
- You authorise Mirkaat to access analytics data via official APIs
- Access is read-only. We never post or modify connected accounts
- You can disconnect any social account in your dashboard
- After disconnection, new pulls stop. Historical data in past reports may be retained
You are responsible for ensuring you have appropriate authorisation to connect clients' social media accounts.
9. Children's data
Mirkaat is intended for businesses and professional freelancers only. We do not knowingly collect personal data from individuals under 18. If you believe a minor has created an account, contact hello@mirkaat.com and we will delete it.
10. International data transfers
26Studio LLC is registered in Wyoming, USA. Data may be processed in Singapore, Ireland, and the USA as described above.
For UK/EU users, transfers to the USA are made under appropriate safeguards, including Standard Contractual Clauses (SCCs) where required.
11. Changes to this policy
We may update this policy to reflect changes in practices, technology, legal requirements, or other factors. For material changes, we will update the date, notify you by email where appropriate, and request renewed consent where required.
12. Contact us
Email: hello@mirkaat.com
Company: 26Studio LLC
Jurisdiction: Wyoming, United States
We aim to respond to privacy enquiries within 5 business days.