Privacy Policy

Last updated: February 9, 2026

MirrorMask ("we", "us", "the app") is a macOS application that helps you understand and reshape your online advertising profile. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data That Stays on Your Device

MirrorMask is designed with a local-first architecture. The following data is stored exclusively on your Mac and is never transmitted to our servers:

Your Google advertising interests and profile data scraped from Google Ad Center
All browsing activity performed by MirrorMask (searches, page visits, YouTube watches)
Your personas and customization settings
Session history, run logs, and activity records
Platform login status (Facebook, Reddit, Amazon, Temu)
Demographic information inferred from your ad profile

This data is stored in a local SQLite database at ~/Library/Application Support/MirrorMask/. We have no access to it.

2. Data We Collect

We collect a minimal amount of data solely for license management:

Email address — collected at the time of purchase through Stripe, used only to deliver your license key.
Machine identifier — a one-way hash (SHA-256) of your Mac's hardware UUID. This prevents a single license key from being used on multiple machines. It cannot be used to identify you personally.
License key and status — your key, activation date, plan type, and expiration date.

3. What We Do Not Collect

No analytics or telemetry
No crash reports
No IP address logging
No browsing history or search queries
No advertising interest data
No cross-device tracking
No cookies on this website (beyond what Cloudflare provides for security)

4. Third-Party Services

We use a small number of third-party services:

Stripe — processes payments. Your payment details are handled entirely by Stripe and are never stored on our servers. See Stripe's Privacy Policy.
Resend — delivers your license key via email after purchase. Only your email address and license key are shared with Resend for this purpose.
Firebase (Google Cloud) — hosts our license management backend. Stores only the license data described in Section 2. Firebase Analytics is not enabled.
Cloudflare — hosts this website and the app download. See Cloudflare's Privacy Policy.

5. How MirrorMask Uses Your Browser

MirrorMask reads your local Google Chrome profile to access your logged-in Google account. This allows the app to scrape your advertising interests from Google Ad Center and perform persona-driven browsing activity. This access is entirely local — your Chrome data is never transmitted to us or any third party by MirrorMask.

For non-Google platforms (Facebook, Reddit, Amazon, Temu), MirrorMask uses its own isolated browser profile stored locally on your Mac.

6. Data Retention

Local data — retained until you delete the app or clear its data. Uninstalling MirrorMask removes all local data.
License data — retained on our server for the duration of your license, plus a reasonable period for customer support.
Payment data — retained by Stripe per their data retention policy.

7. Your Rights

You can:

Request deletion of your license data from our server by emailing us.
Delete all local data by removing the MirrorMask application and its support folder.
Use the app's free tier without providing any personal information.

8. Children's Privacy

MirrorMask is not intended for children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of MirrorMask after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data deletion requests, contact us at hello@mirrormask.app.