Privacy policy

This policy describes how Mireum handles the personal data of people who subscribe to the waitlist or use the app. We wrote it in plain language, not legalese, because we believe the right to understand what happens with your data is part of the respect we owe you.

Who we are

We are two people building Mireum for you and for ourselves. Until recently, we did not know we needed an instrument like this — something that invites us not just to see what happens, but to be present, to observe, and to understand over time who we have been becoming without knowing.

Because the material Mireum touches is intimate, we built the app so that your events, transcriptions, and graph never leave your device. The rest of this policy describes how we handle the only information that does reach us: your email, when you subscribe to the waitlist.

What data we collect

On the landing page (current pre-launch phase)

When you subscribe to the waitlist, we collect:

• Email. The one you voluntarily enter in the form.
• Language selected, so we can send you emails in that language.
• Date and time of the subscription and of each state change (confirmation, unsubscribe).
• Basic technical information (IP address, browser) that the server records automatically at the time of each action, for security, spam prevention, and legal traceability of consent.

We do not collect your name, phone, precise location, social media information, or any other personal data in this phase.

In the Mireum app (when available)

The Mireum iOS app is designed with privacy as an architectural principle. When you use it:

Your events, transcriptions, and personal graph are processed and stored exclusively on your device. They never travel to our servers or to any third party.

We do not use analytics or behavioral tracking of how you use the app.

We do not collect usage data, metrics, or telemetry about how you use the app.

This policy will be updated with more detail when the app is available.

What we use your email for

We use your email to send you editorial communications from Mireum. This includes:

• The monthly essay from Mireum, our regular publication.
• Occasional updates about the project: launch of the iOS app, relevant editorial milestones, substantive changes in scope, and important messages that warrant going outside the monthly calendar.

All of these communications share the same editorial identity — there are no separate lists, no segmentation, no commercial sends. They are messages from the co-founders to those who chose to read.

We also use your email to send the transactional messages needed for the subscription to work: the double opt-in confirmation when you subscribe, and the acknowledgment when you unsubscribe.

We do not use your email to:

• Sell it or share it with third parties for commercial purposes
• Send you advertising from other companies
• Profile or analyze your behavior
• Any purpose other than those declared above

Legal basis for processing

Processing of your email is based on your explicit consent, given when you check the form's checkbox and confirm your subscription by email (double opt-in). This consent is free, informed, specific, and unambiguous, in accordance with the requirements of Chile's Law 21.719.

You may withdraw that consent at any time and without needing to justify it (see "Your rights" below).

Who we share your data with

To operate the landing page and the newsletter, we use two external data processors:

• Resend Inc. (Delaware, United States) — provider of transactional email delivery. Receives your email, the message content (text and HTML), and sending metadata (sender, subject, timestamps). Does not use your data for its own purposes. We have signed their data processing agreement (DPA), publicly available at resend.com/legal/dpa.
• Cloudflare, Inc. (California, United States) — provides the technical infrastructure that runs the landing page: the Worker that processes the form, the D1 database where we store your subscription, the DNS for the mireum.app domain, and the Turnstile system that verifies you are not a bot when you subscribe. Cloudflare's DPA is available at cloudflare.com/cloudflare-customer-dpa.

Both processors were selected for their security reputation and their compliance with international data protection frameworks. We do not share your email with any other third party.

International transfer

Resend and Cloudflare are based in the United States, which means your data is transferred internationally. These transfers are made under the standard contractual clauses included in each DPA, which establish guarantees equivalent to those required by Law 21.719 for processing personal data outside of Chile.

How long we keep your data

• If you are actively subscribed: we keep your email for as long as you remain subscribed.
• If you unsubscribe: you stop receiving emails immediately. Your email is deleted from the record after 30 days. The record itself (without your email, without information that directly identifies you) is kept as auditable evidence of your prior consent and subsequent withdrawal, in accordance with the traceability obligations of Law 21.719.
• If you do not confirm the double opt-in: we delete your email after 7 days, and the pending record is removed along with it.

Deletion runs automatically through a daily routine that checks these deadlines. If you want us to erase all your data before the automatic deadlines, write to privacidad@mireum.app (see "Your rights" below).

Your rights

As the holder of your personal data, you have the following rights under Law 21.719:

• Access: know what data we have about you and how we use it.
• Rectification: correct data we have that is incorrect or incomplete.
• Erasure: request that we delete your data ("right to be forgotten").
• Restriction: request that we temporarily suspend processing of your data in cases provided by law (for example, while a pending rectification is verified).
• Objection: object to the processing of your data for specific purposes.
• Portability: receive your data in a standard format to use it with another service.
• Withdrawal of consent: withdraw your consent at any time and without needing to justify it.

How to exercise these rights

Send an email to privacidad@mireum.app stating:

• Which right you want to exercise
• Your email (so we can identify you and verify that you are the data subject)
• Any other relevant details

We will respond within 30 days at most.

Direct unsubscribe

If you only want to stop receiving emails, every newsletter email includes an "Unsubscribe" link that you can use directly without needing to contact us.

Security measures

We implement reasonable technical and organizational measures to protect your data:

• Encrypted connections (HTTPS) across the entire site
• Restricted access to the subscriber database (only the co-founders)
• External data processors selected for their security reputation
• We do not store sensitive data (see next section)

In case of a breach

If a security breach occurs that affects your data, we will comply with the legal obligation to notify Chile's Personal Data Protection Agency and you within the timeframes established by law.

Sensitive data

We do not collect sensitive data in the current landing page phase.

When the Mireum app is available, the events you record (dreams, synchronicities, intimate reflections) could be considered sensitive data by their nature. That is why they are processed entirely on your device and never travel to our servers.

The app's onboarding will ask for your specific and separate consent to process this type of information, in accordance with the strengthened explicit consent requirement that Law 21.719 sets for sensitive categories. This policy will be updated with specific details when the app launches.

Minors

Mireum is intended for adults. We do not knowingly collect data from anyone under 18. If you are a minor, please do not use the subscription form.

If we discover that we have collected data from a minor without parental consent, we delete it immediately.

Cookies

The Mireum landing page does not use tracking or analytics cookies. We do not have Google Analytics, Facebook Pixel, or equivalents.

Cloudflare's Turnstile widget — which we use only on the subscription form to verify that you are not a bot — may set a minimal technical cookie when it loads. That cookie serves only for the anti-abuse verification; it does not track your browsing or profile your behavior. The full cookie policy for that widget is at cloudflare.com/privacypolicy.

The browser may also use minimal technical cookies needed for the site to function (for example, remembering display preferences), but we do not use them to track you or profile your behavior.

Changes to this policy

We will update this policy when relevant aspects of data processing change (for example, when we launch the app, change processors, etc.).

If there are substantive changes that affect your rights, we will notify you by email before they take effect, and you will have the chance to withdraw your consent if you do not agree.

The last-updated date is always visible at the start of this document.

Data Protection Agency

If you consider that we are not complying with the law, you have the right to file a complaint with Chile's Personal Data Protection Agency (the body created by Law 21.719, with full powers since December 1, 2026).

Contact

Data controller: Daniel Sandoval Ulloa and Makarena Donoso Pavez, residing in Chile, jointly as co-founders of the project.

For any question about this policy, the processing of your data, or to exercise your rights:

Email: privacidad@mireum.app

We respond within 30 days at most — typically much sooner.

This policy is governed by Chile's Law 21.719 on the protection of personal data, and will be updated as the regulation and the product evolve.