Mirror Trip logo Mirror Trip

Legal

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Mirror Trip, operated by Yash Chauhan ("Mirror Trip", "we", "us", or "our"), collects, uses, discloses, and protects information when you use the Mirror Trip mobile application and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy.

Public website and policy resources:

1. Scope

This Privacy Policy applies to information collected through the Mirror Trip mobile application, including when you:

  • browse public trips as a guest
  • create or use an account
  • plan, edit, publish, or delete trips
  • upload photos
  • use location-related features
  • contact support

2. Information We Collect

2.1 Information you provide directly

Depending on how you use the Service, we may collect:

  • username
  • email address
  • password for email/password sign-in
  • optional profile information such as display name, date of birth, gender, and profile photo
  • trip information such as trip title, destinations, dates, traveller counts, notes, activities, costs, and itinerary details
  • photos you choose to upload to your profile or trips
  • support communications and account-related requests you send to us

2.2 Authentication information

You may sign in using:

  • email and password
  • Google Sign-In
  • Sign in with Apple on supported iOS devices

When you use Google Sign-In or Sign in with Apple, we receive identity information and tokens needed to authenticate your account. We do not receive your password for those third-party sign-in methods.

2.3 Location information

We collect precise location information only when you explicitly choose to use a location feature, such as selecting your current location while adding or editing a trip activity.

Location information is:

  • collected only when you actively request it
  • not tracked continuously
  • not collected in the background
  • stored only as part of the trip or activity information you choose to save

You can also manually search for and select places without sharing your device's current location.

2.4 Public content

Trips are private by default. If you choose to publish a trip, the trip content you publish may become visible to other users and guests within the mobile app.

At this time, published trips do not display your email address, real name, username, or profile photo publicly through the app's current public trip experience.

2.5 Information collected automatically

We and our service providers may automatically collect limited technical and diagnostic information, including:

  • IP address, used for rate-limiting and abuse prevention
  • request metadata such as request ID, HTTP method, route, status, and error details
  • limited authenticated user identifiers in error or request logs where needed for security or troubleshooting
  • crash and error diagnostics through Sentry in supported non-development environments

We do not currently use analytics SDKs or advertising SDKs in the Service.

2.6 Local device storage

We store authentication/session tokens locally on your device using Expo Secure Store or equivalent secure device storage so that you can remain signed in between sessions.

3. How We Use Information

We use information we collect to:

  • provide, operate, and maintain the Service
  • create and manage user accounts
  • authenticate users and secure accounts
  • verify email addresses and support password reset flows
  • enable Google Sign-In and Sign in with Apple
  • let you create, edit, publish, unpublish, and delete trips
  • process and store uploaded photos
  • power maps, place search, and location-based trip features
  • allow users to wishlist or report trips
  • prevent fraud, abuse, and unauthorized use
  • diagnose bugs, errors, and service failures
  • respond to support requests and account restoration requests during the deletion grace period
  • comply with legal obligations and enforce our terms and policies

We do not sell your personal information.

4. Legal Bases and Privacy Rights

Depending on where you are located, applicable privacy laws may provide you with rights regarding your personal information, including rights to access, correct, delete, or object to certain processing.

Where applicable, we generally process personal information because:

  • it is necessary to provide the Service you request
  • it is necessary for our legitimate interests in operating, securing, and improving the Service
  • you have given consent, such as for optional location access
  • we are required to do so by law

To make a privacy-related request, contact us at support@mirrortrips.com.

5. Sharing and Disclosure

We share information only as needed to operate the Service, comply with law, protect users, or enforce our rights.

We may share information with service providers that help us provide the Service, including providers for:

  • hosting and backend infrastructure
  • database and storage services
  • email delivery
  • maps, geocoding, and place search
  • crash and error monitoring

We may also disclose information:

  • if required by law, regulation, legal process, or government request
  • to investigate, prevent, or address fraud, abuse, security issues, or violations of our policies
  • in connection with a merger, acquisition, financing, or sale of assets, subject to applicable confidentiality obligations

6. Third-Party Services and Processors

We currently use third-party providers including:

  • Railway for backend hosting and infrastructure
  • MongoDB Atlas for primary database storage
  • Cloudflare R2 for storage of uploaded images and related media files
  • Google services for maps, place search, and geocoding features
  • Resend for transactional email delivery such as account-related emails
  • Sentry for crash and error monitoring

These providers may process personal information on our behalf as needed to provide their services.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

In particular:

  • account and trip data are generally retained while your account remains active
  • temporary rate-limit and abuse-prevention records typically auto-expire within approximately 1 minute to 1 hour depending on the endpoint
  • application logs and Sentry error events may be retained by the relevant providers under their own retention settings

8. Account Deletion

You can request account deletion from within the app.

When you request deletion:

  • your account is suspended immediately
  • you cannot sign back in unless the account is restored during the grace period
  • your published content is hidden from other users and guests during the grace period
  • a 15-day grace period begins before permanent deletion

During the 15-day grace period, you may request restoration by contacting support@mirrortrips.com. Restoration is not guaranteed.

If the account is not restored before the grace period ends, we permanently delete the account and associated data, including trips, days, activities, and related uploaded photos. We do not retain backups after permanent deletion.

Additional account deletion information is available at:

9. Children's Privacy

Mirror Trip is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at support@mirrortrips.com so we can review and take appropriate action.

10. International Processing

The Service may be operated and supported through infrastructure located in multiple countries. For example, our production infrastructure may involve services hosted or distributed from Singapore, India, and other jurisdictions used by our service providers.

As a result, your information may be processed in countries other than the one where you live. By using the Service, you understand that your information may be transferred to and processed in these jurisdictions, subject to applicable law.

11. Security

We use reasonable technical and organizational measures designed to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure.

However, no system is completely secure, and we cannot guarantee absolute security.

12. Your Choices

You can choose whether to:

  • create an account or continue using limited guest-access features
  • upload profile or trip photos
  • publish a trip publicly within the app
  • grant location permission for current-location features
  • request account deletion

You may also contact support@mirrortrips.com with requests relating to your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will update the "Last updated" date above. Your continued use of the Service after an update becomes effective means you accept the revised Privacy Policy.

14. Contact Us

If you have questions, privacy requests, or account deletion/restoration questions, contact:

support@mirrortrips.com

You can also visit: