AI Mirror

Privacy & Security

Last updated: June 18, 2026. This page explains how we handle the data you share with AI Mirror through our website, chat widget, and orders. It is provided by AI Mirror and is not a third-party certification.

What we collect

  • Chat: name and contact you provide, message content, attachments, language, page URL, and a coarse user-agent string for session diagnostics.
  • Orders: billing/shipping details (name, email, phone, address) and order line items.
  • Account: email and authentication metadata for staff users.

How we protect it

  • All traffic is served over HTTPS (TLS).
  • Anonymous chat clients cannot query our database directly: each browser session gets a private random token, and the widget reaches its own session only through a server-side function that verifies that token.
  • Database row-level security restricts chat sessions, messages, and uploads to staff with an explicit admin or manager role; customers can only read their own orders.
  • Chat file uploads are stored in a private bucket. Links are short-lived, server-signed URLs scoped to the requesting session.
  • Secrets (API keys, notification tokens) are stored server-side and never shipped to the browser.

Your rights (GDPR)

You can request access, correction, export, or deletion of your personal data. Contact us and we will respond within 30 days.

Reporting a vulnerability

If you believe you've found a security issue, please email us. Please do not publicly disclose the issue until we've had a reasonable chance to investigate and fix it.