Privacy Policy
This is the legal version of a simple promise: Mira works for you, your data belongs to you, and our only revenue is your subscription. The plain-language story is at dailia.pages.dev/privacy — this page is the precise one.
1. Who is responsible
The data controller is [LEGAL ENTITY — to complete before launch], operating the Dailia service ("Dailia", "we"). Contact: nils@hirstclub.com.
2. What we collect
- Account data — email or phone number, name, plan, channel preferences.
- Your Mira’s profile — your interview answers and what she learns from your conversations, stored as her memory of you, attached to your agent.
- Conversation content — the messages you exchange with your Mira, processed to generate her replies and retained so she remembers.
- Connected sources — data from connectors you explicitly grant (calendar, email, bank, health…), read within the scopes you set. Anything you mark private is never fetched.
- Voice and face media — only if you provide them during onboarding, with explicit consent, to build your twin’s voice and avatar.
- Technical data — IP address and request logs kept briefly for security and abuse prevention.
Location is used in the moment when you share it; a location history is not kept — by design.
3. Why we process it (legal bases)
- To provide the service (contract) — running your Mira, her memory, her actions.
- With your consent — voice cloning, face avatar, each connector you link. Consent is per-source and revocable in one tap.
- Legitimate interest — securing the service, preventing fraud and abuse.
- Legal obligation — where the law requires retention or disclosure.
4. What we never do
- We never sell or rent your data, and we show no advertising.
- Your conversations and content are never used to train our or anyone else’s AI models.
- No human at Dailia browses your threads. Support operates on account state, not message content.
- If a company pays for your seat, it sees aggregate usage only — never content.
5. Processors we rely on
Mira runs on infrastructure from a small set of processors, each bound by data-processing agreements:
- Anthropic — the AI models that power her reasoning (conversation content is processed to generate replies; not used for training).
- Cloudflare — website hosting, network security.
- Supabase — encrypted database and media storage.
- Twilio — SMS and WhatsApp delivery.
- ElevenLabs — voice cloning, only if you opt in.
- Google — sign-in and the Google connectors you choose to link.
- Plaid — bank connections, only if you link one.
Where processors are outside the EU, transfers rely on adequacy decisions or Standard Contractual Clauses.
6. Retention
Your data lives as long as your account does. Delete a memory, a connector or your whole account and it is purged — not archived. Payment records are kept as long as accounting law requires.
7. Your rights
Under the GDPR you can access, correct, export (portability), restrict, object to, or erase your data at any time — from the account page or by writing to nils@hirstclub.com. You may lodge a complaint with the CNIL (cnil.fr).
8. Cookies & local storage
The site sets no advertising or analytics cookies. We use your browser’s local storage for one thing: keeping you signed in. Fonts are currently served by Google Fonts, which involves your IP address reaching Google when pages load.
9. Security
Data is encrypted in transit and at rest. Access is scoped per agent, endpoints are rate-limited and origin-restricted, and what you mark private is never fetched in the first place. Report vulnerabilities via security.txt.
10. Age
Dailia is not directed at children under 15. If you believe a child has created an account, contact us and we will delete it.
11. Changes
If this policy changes materially, we tell you in your thread — not in a footnote. The date at the top always reflects the latest version.