Privacy notice

How Mirrored Intelligence Limited uses personal data when you use MIA.

In simple terms

  • We run MIA for your business. We need some personal data to do that (for example caller numbers and messages).
  • We keep data only as long as we need it for the service or the law.
  • You can ask to see, fix, or delete your data where the law allows.
  • The sections below are the full legal notice. Read them for detail.

Contact details

Email: [email protected]

What information we collect, use, and why

We collect or use the following information to provide and operate the MIA service:

  • Names and contact details
  • Business details and account information (including registration details)
  • Call metadata and call content (for example call transcripts, summaries, and outcomes)
  • Messages and communications (SMS, email content where you use those channels)
  • Booking details (where you use calendar booking features)
  • Payment details and billing information (processed via payment providers)
  • Website and app usage information (for example IP address, device/browser data, and activity logs)
  • Support communications (queries, complaints, and correspondence)

We may also collect or use additional information where required to comply with legal obligations or where you provide it to us (for example, for recruitment).

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. Which lawful basis we rely on may affect your rights.

Our lawful bases may include:

  • Contract — to provide the service you request
  • Consent — where we ask you (and you can withdraw at any time)
  • Legal obligation — where required by law
  • Legitimate interests — for operating and securing our service (where those interests are not overridden by your rights)

Your data protection rights may include: access, rectification, erasure, restriction, objection, data portability, and withdrawing consent. If you make a request, we must respond without undue delay and in any event within one month.

To make a data protection rights request, contact us using the details above.

Where we get personal information from

  • Directly from you (or your organisation)
  • From your configured integrations (for example Google Calendar, Microsoft 365, Gmail)
  • From communications sent to or received by the service (calls, SMS, emails)
  • Publicly available sources (only where relevant and lawful)

How long we keep information

We keep personal information only for as long as necessary for the purposes set out in this notice, and to meet legal, accounting, or regulatory requirements. Where you request deletion, we aim to complete it within 30 days unless an exception applies (for example legal obligations or legal claims).

Data typeRetentionNotes
Account & tenant administration (users, roles, business profile, configuration)While your account is active; deleted on verified deletion request / tenant deletion (normally within 30 days)Some records may be retained longer where required to establish, exercise, or defend legal claims.
Call metadata and call content (summaries, transcripts)While your account is active; deleted on verified deletion request / tenant deletion (normally within 30 days)We store conversation transcripts to provide the service (lead capture, summaries, booking lifecycle).
Call recordings (audio)If enabled, retention period is agreed with the customer and documented in the DPA / order formCall recording may not be enabled for all customers. If enabled, we aim to minimise retention and support deletion requests.
Bookings and calendar events (where you connect a calendar integration)Controlled primarily by your calendar provider; we retain only what is needed to provide the booking serviceIf you connect Google Calendar / Microsoft 365, event data is stored in your calendar. We may store minimal metadata to operate the service.
Support communications (support tickets, emails, chat logs)Up to 24 months after ticket closureUsed for troubleshooting, security, and service improvement.
Authentication and security logs (e.g., SMS verification sessions)Short-lived (hours to days) depending on the session typeUsed to prevent fraud and keep accounts secure.
Billing and tax records (payments, invoices)Typically 6 years (UK statutory and tax requirements)Where required by law, we retain financial records even if you request deletion.
Marketing preferences and consent recordsUntil you withdraw consent or object, plus a small period to maintain suppression listsWe keep “do not contact” records to ensure we respect your preferences.

Who we share information with

We may share personal information with:

  • Suppliers and service providers (telephony/SMS, email delivery, cloud infrastructure, and support)
  • Payment and billing providers
  • Professional advisers (legal, accounting, insurance) where necessary
  • Organisations we’re legally obliged to share information with (regulators, law enforcement)
  • Publicly on our website or marketing media (only where you have chosen to publish or consented)

We maintain a list of subprocessors used to deliver the service. See /subprocessors.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details above.

If you remain unhappy after raising a complaint with us, you can also complain to the ICO:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint

Last updated: 30 December 2025