Mirantly Privacy Policy

Effective date: March 18, 2026 

1. Who we are and what this policy covers

Mirantly (“Mirantly,” “we,” “us,” or “our”) provides tools that may help people understand immigration pathways, organize application steps, upload and review documents, receive AI-assisted guidance, and connect with verified professionals or service providers.

This Privacy Policy explains how we collect, use, share, protect, and retain personal information when people use our websites, apps, customer support channels, marketplace features, and related services (collectively, the “Services”).

This policy is written to be transparent about high-sensitivity information. Because immigration journeys can involve identity documents, legal history, employment records, financial details, and family information, we treat certain categories of information with additional care and internal access controls.

2. The information we collect

We collect information in three main ways: (1) information you provide directly, (2) information generated through your use of the Services, and (3) limited device, diagnostics, and permission-based data needed to operate, secure, and improve the Services.

Data inventory summary

Category

Examples

Why Mirantly collects it

Account and profile data

Name, email, phone number, login credentials, country, language, and account preferences.

To create and secure accounts, personalize the experience, and communicate with users.

Journey and case data

Visa goals, education history, work history, travel history, family information, timeline details, and answers to eligibility or planning questions.

To generate relevant guidance, build checklists, track progress, and support scenario planning.

Document uploads and images

Passports, permits, forms, letters, resumes, photos, scans, supporting evidence, or user-submitted files.

To organize documents, support AI-assisted review or readiness checks, and enable users to share materials with professionals when they choose.

Messages and support records

Messages with support, conversations with professionals, feedback, survey responses, and troubleshooting details.

To provide customer support, improve the product, resolve disputes, and maintain service quality and safety.

Transaction and commercial data

Subscription records, invoices, payment status, plan selection, and purchase history. 

To manage billing, subscriptions, refunds, fraud prevention, and financial reporting.

Usage, analytics, and diagnostics

IP address, browser type, app version, operating system, referral URL, pages viewed, session events, crash logs, and performance diagnostics.

To secure the Services, understand product usage, fix bugs, prevent abuse, and improve reliability.

Optional device permissions

Camera access, microphone or audio capture for voice notes, photo library access, file access, push notification tokens, or location if enabled by the user for a specific feature.

To let users upload files, capture documents, receive alerts, or use permission-based features they choose to enable.

3. Sensitive user data

Some information processed through Mirantly may be considered sensitive because it can reveal identity, immigration status, legal history, finances, family relationships, or other highly personal details. Sensitive data may include government identifiers, passport or permit numbers, birth dates, travel history, employment and education records, immigration application materials, family documentation, or message content that includes similarly sensitive details.

Mirantly’s policy is to collect and use sensitive data only when it is reasonably necessary to provide the Services a user requested, comply with law, maintain security, or support explicit user-directed workflows. We do not request sensitive information that is unrelated to a user-facing feature or service purpose.

• We apply data minimization: only the information reasonably needed for the requested feature, workflow, support issue, or compliance obligation should be collected.
  
  
  

• Access to sensitive information should be limited to personnel, contractors, or subprocessors who need it for support, security, infrastructure, quality review, or the specific service the user requested.
  
  
  

• Sensitive uploads and private messages must not be sold, rented, or shared for third-party advertising purposes.
  
  
  

• Where Mirantly uses third-party AI or infrastructure providers, Mirantly should contractually restrict those providers from using private immigration documents or message content to train their general-purpose models, unless Mirantly gives users clear notice and obtains any consent required by law.
  
  
  

• If users choose to connect with a verified professional, agent, or partner, Mirantly should share documents or sensitive case details only in line with the user’s direction, consent, or the specific workflow they initiated.

4. Device data, permissions, and diagnostics

Mirantly may automatically collect limited device and technical data to keep the Services functioning properly, secure accounts, detect abuse, troubleshoot issues, and understand whether features are working as intended. This may include network information such as IP address, device or browser identifiers, operating system, app version, language, time zone, error logs, and analytics events that describe how the product is being used.

Mirantly should request access to device features such as camera, file storage, photo library, notifications, or location only when those permissions are relevant to a user-facing feature. For example, camera or photo access may be requested so a user can capture or upload a document; push notifications may be used to deliver reminders or case updates; and location should be optional unless required for a clearly disclosed feature. Users can usually manage these permissions in their device settings.

• Mirantly should not collect more device data than needed for product functionality, analytics, fraud prevention, or security.
  
  
  

• Mirantly should not use private documents, immigration details, or permission-derived device data for cross-context behavioral advertising.
  
  
  

• Mirantly should disclose material third-party analytics, crash reporting, communications, payment, or infrastructure partners in a public subprocessor or vendor notice where appropriate.

5. How we use personal information

Mirantly may use personal information to provide and improve the Services, including to create accounts, authenticate users, maintain profiles, generate checklists, produce AI-assisted guidance, organize documents, enable marketplace or professional connection features, process subscriptions, provide support, detect fraud, monitor service quality, enforce terms, and comply with legal obligations.

We may also use aggregated or de-identified information for analytics, operations, and product improvement, provided that such information is not used in a way that reasonably identifies an individual.

6. AI-assisted features and automated processing

Mirantly may use AI-assisted tools to summarize information, organize steps, flag missing items, analyze document completeness, generate scenario guidance, or support customer experience workflows. AI-generated outputs are intended to support user understanding and preparation; they are not legal advice, do not guarantee outcomes, and do not replace decisions made by governments, schools, employers, or licensed professionals.

When appropriate, Mirantly may use human review to audit quality, investigate abuse, respond to support issues, or improve safety. Users should avoid entering unnecessary sensitive information into free-text fields when a structured field or secure upload flow is available.

7. When we share personal information

Mirantly may share personal information only in the following situations:

• With vendors and service providers that help us operate the Services, such as hosting, storage, analytics, communications, payment processing, fraud detection, customer support, document processing, or AI infrastructure providers.
  
  
  

• With professionals, marketplace partners, or other third parties when a user asks Mirantly to make a connection, submit a request, or share information as part of a workflow the user initiated.
  
  
  

• With affiliates or within a corporate transaction, such as a merger, financing, reorganization, or asset sale, subject to appropriate notice where required by law.
  
  
  

• With regulators, courts, law enforcement, or other parties when disclosure is required by law, legal process, or a good-faith belief that disclosure is necessary to protect rights, safety, or the integrity of the Services.
  
  
  

• With a user’s consent or at the user’s direction.
  
  
  

Mirantly’s policy is not to sell personal information, and not to sell or rent sensitive immigration documents, private messages, or device permission data to data brokers or advertisers.

8. Cookies, SDKs, and similar technologies

Mirantly may use cookies, pixels, software development kits (SDKs), local storage, and similar technologies to remember user preferences, maintain secure sessions, measure feature usage, detect fraud, and improve app or website performance. Where required by law, Mirantly will offer consent controls or similar choices for non-essential technologies.

9. Data retention

Mirantly should keep personal information only for as long as reasonably necessary for the purposes described in this policy, including to provide the Services, maintain accounts, complete user-requested actions, meet contractual obligations, resolve disputes, enforce agreements, and comply with law.

Retention periods may differ depending on the type of data, the sensitivity of the information, whether a user maintains an active account, and whether Mirantly must preserve records for security, tax, accounting, or legal reasons.

Sensitive documents, diagnostic logs, and support records should be reviewed against defined retention schedules, and deleted or anonymized when they are no longer needed.

10. Security

Mirantly should use administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include encryption in transit, encryption at rest where appropriate, access controls, authentication protections, logging, vendor due diligence, secure development practices, and incident response procedures. No system is perfectly secure, but Mirantly’s policy should be to apply security measures proportionate to the sensitivity of the data it handles.

11. International data transfers

Mirantly may store or process information in countries other than the user’s country of residence. When that happens, Mirantly should use legally recognized transfer mechanisms and contractual protections where required by applicable law.

12. User choices and privacy rights

Depending on where a user lives, they may have rights to request access to, correction of, deletion of, or export of their personal information; to object to or restrict certain processing; to withdraw consent where processing is based on consent; or to opt out of certain marketing communications.

Mirantly should provide a clear method for users to exercise those rights, subject to identity verification and any legal exceptions.

• Users can usually update profile details, preferences, and notification settings from within their account.
  
  
  

• Users can unsubscribe from marketing emails using the link in the message, though service-related communications may still be sent when necessary.
  
  
  

• Users can often disable device permissions such as camera, photos, or notifications through their operating system settings.

13. Children’s privacy

Mirantly is not intended for children under 13 unless Mirantly expressly launches a child-directed experience and updates this policy and its product controls accordingly. If Mirantly learns that it collected personal information from a child under 13 without the consent required by applicable law, Mirantly should delete that information as required and restrict further collection until the issue is resolved.

If Mirantly ever targets or knowingly serves children under 13, Mirantly should follow these additional rules

Control area

Policy commitment

Notice and parental consent

Before collecting personal information from a child under 13 beyond any narrow legal exception, Mirantly should provide direct notice to a parent or guardian and obtain verifiable parental consent where required by law.

Data minimization

Mirantly should collect only the information reasonably necessary for the child-facing feature or service, and should not condition participation on providing more information than is reasonably necessary.

Parental rights

Parents or guardians should be able to review the child’s personal information, request deletion, refuse further collection or use, and manage permissions consistent with applicable law.

Use and disclosure limits

Mirantly should not use children’s data for behavioral advertising, profiling unrelated to the service, or disclosure practices that are incompatible with the reason the information was collected.

Retention and security

Children’s data should be retained only as long as necessary for the specific purpose collected, and protected with heightened administrative and technical safeguards.

Age-appropriate design

Mirantly should use plain-language notices, age-appropriate defaults, limited sharing, and product settings that reduce unnecessary exposure of a child’s data.

14. Changes to this policy

Mirantly may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, security practices, or business operations. When required, Mirantly should provide notice of material changes and update the effective date above.

15. Contact information

For privacy questions, rights requests, or complaints, users should be able to contact Mirantly at: [marketing@mirantly.com].