Privacy Policy
Last updated: June 16, 2026
Plain-language summary
What data does Miru collect about you?
Only what we need to deliver the service: an anonymous device identifier we generate the first time you set up your TV, and — if you create an Account — your email address and your subscription status from our payment processor. We do not collect ad-tracking identifiers, behavioral profiles, or anything we’d use to follow you around the web.
What does Miru NOT do?
Miru does not host, stream, store, broadcast, or distribute any audio-visual content. Miru does not sell your data. Miru does not profile you for advertising. Miru does not track what you watch.
Who do we share data with?
Only the service providers we need to operate: Stripe (payments), Brevo (transactional email), Supabase (database hosting), Fly.io (application hosting), and Tally.so (waitlist form on our marketing site — used only if you sign up to be notified when Miru ships on a specific platform). Each is contractually bound to process your data only on our instructions. We never sell to data brokers.
1. Who is responsible for your data
Danforth Enterprises is the controller of personal information processed in connection with the Miru service. You can reach us at support@miruplayer.app for any question covered by this policy.
2. What data we collect
| Category | Examples | When collected |
|---|---|---|
| Device identifier | Anonymous hardware-derived ID | First-launch of the TV / phone client |
| Email address | The address you use to sign in | When you create or claim an Account |
| Subscription status | Trial / active / past-due / canceled | When your subscription changes |
| Pairing tokens | Short-lived QR code values | During TV-setup pairing |
| Authentication cookies | miru-auth, miru-trial, miru-account | When signed in to the configurator |
| Server logs | IP address, user agent, request path, response status, timestamp | Each web request, retained 30 days for security only |
| Catalog snapshots | Encrypted payload from your TV containing your channel list | Only while you complete the configurator setup |
| Device fingerprints | Hardware-derived hash for trial-anti-abuse only | First-launch of the TV / phone client |
| Waitlist email | The email address you submit on the marketing site to be notified when Miru ships on a specific platform, plus the platform key you selected | Only when you voluntarily submit the waitlist form on miruplayer.app |
We do not collect: ad identifiers, advertising profiles, behavioral tracking data, location data, contact lists, photos, or your viewing history.
3. Third-party processors
We rely on these processors. Each has its own privacy policy.
- Stripe (payment processing + tax calculation) — stripe.com/privacy
- Brevo (transactional email for magic-link sign-in + legal-update notices) — brevo.com/legal/privacypolicy
- Supabase (Postgres hosting for relay + Account data) — supabase.com/privacy
- Fly.io (application hosting for relay + configurator) — fly.io/legal/privacy-policy
- Tally.so (waitlist form hosting on the marketing site
miruplayer.app) — tally.so/help/privacy. Data Tally receives: the email address you submit + theplatformfield identifying which Miru build you want to be notified about (one of:iphone,android-phone,tizen,android-tv,fire-tv-vega,roku,webos,vizio,ipad,android-tablet). Purpose: notify you when Miru becomes available on the platform you selected. Retention: Tally retains your submission until we manually delete it or until we export it (on a quarterly cadence) to our Brevo contact-list for the launch-notice email, whichever comes first. To request deletion of a Tally submission, email support@miruplayer.app with the email address you submitted.
We do not share data with advertising networks, data brokers, analytics vendors, social-media platforms, or any other third party not listed above.
4. Cookies
Miru sets up to three iron-session HTTP-only cookies on the configurator
surface (miruplayer.app/p/..., miruplayer.app/tv/...,
miruplayer.app/billing):
miru-auth— your signed Account session, present after magic-link sign-inmiru-trial— your anonymous-trial state during the 7-day trial windowmiru-account— your current Account ID, present when signed in
These cookies are HTTP-only, SameSite=Lax, and Secure in production.
They are NOT set on the legal pages themselves
(miruplayer.app/en-us/privacy, miruplayer.app/en-us/terms); reading the
policies does not initiate any session.
5. Retention
| Data | Retained | Deleted when |
|---|---|---|
| Device identifier | Indefinitely while the device is registered | You uninstall + the TV-side trial entry expires |
| Email address | While your Account exists | You delete your Account |
| Subscription status | While your Account exists + 6 months after cancellation (for tax records) | After the 6-month tax-records window |
| Pairing tokens | 5 minutes | Immediately on use or expiry |
| Authentication cookies | 30 days idle | On sign-out or expiry |
| Server logs | 30 days | After the 30-day window |
| Catalog snapshots | Until your TV applies the curation OR 24 hours, whichever comes first | Automatically per the 24-hour TTL |
| Waitlist submissions (held by Tally.so) | Until we export them quarterly to our Brevo contact-list OR until you request deletion, whichever comes first | On quarterly export or on email request to support@miruplayer.app |
6. Your rights
If you are a resident of the European Union (GDPR), the United Kingdom (UK GDPR), California (CCPA / CPRA), or another jurisdiction with equivalent data-protection law, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate personal information
- Delete your personal information
- Object to processing (e.g., direct marketing — we send none)
- Port your data in a machine-readable format
- Withdraw consent where processing is based on consent
To exercise these rights, contact us at support@miruplayer.app from the email address associated with your Account. Verification is Account-bound: we will respond only to requests sent from the registered email address. We respond within 30 days. There is no fee for the first request per 12-month period.
7. Children's privacy
Miru is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact support@miruplayer.app and we will delete it.
8. International data transfers
If you access Miru from outside the United States, your information may be transferred to and processed in the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs) for transfers from the EU
- EEA + Switzerland, and on equivalent safeguards for transfers from other jurisdictions.
9. Changes to this policy
We will revise this policy when our data practices change.
- Editorial fixes (typos, formatting): version stamp PATCH bump
(e.g.
1.0.0→1.0.1); no notice. - Clarifications (additional disclosure detail, new disclosed processor
with no new data category): MINOR bump (
1.0.0→1.1.0); no notice. - Material changes (new data category collected, new use of existing
data, new sharing): MAJOR bump (
1.0.0→2.0.0); we email registered Account holders 30 days before the change takes effect, AND we display a banner on the configurator sign-in surface during the 30-day notice window.
You can verify which version is current using the version stamp in the page footer.
10. Contact
Questions: support@miruplayer.app (verification is Account-bound — please send from your registered email).
For copyright complaints, see the DMCA section of our Terms of Service.