Effective date: April 27, 2026 · Last updated: April 27, 2026
Our commitment to employees
Mira collects your location only while you are clocked in on an active shift. The moment you clock out, location collection stops completely. This boundary is enforced at the application level, meaning it is a technical constraint, not a policy setting that an employer can override. Neither Mira nor your employer can access your location after your shift ends.
HIPAA and healthcare data
Mira is built with HIPAA-ready infrastructure for home care and healthcare organizations. We maintain the administrative, physical, and technical safeguards required under the Health Insurance Portability and Accountability Act. Business Associate Agreements are available on eligible plans. Contact us at hello@joinmira.io to execute an agreement before using Mira to process Protected Health Information.
Mira does not store clinical diagnoses, treatment records, or medical histories. Employers are responsible for ensuring that any client information entered into the platform is appropriate for the subscription tier in use and consistent with any applicable BAA.
1. Who this policy applies to
This Privacy Policy applies to all individuals who interact with the Mira platform, including organization administrators, staff members using the mobile application, and visitors to our website. By using Mira in any capacity, you acknowledge that you have read and understood this policy.
Where Mira processes personal data on behalf of an organization, that organization acts as the data controller and Mira acts as a data processor. In that relationship, the organization's own privacy policies and employment agreements also govern how data is used within their operation.
2. Information we collect
From administrators and account holders
Account information: Name, email address, phone number, and organization details provided at registration.
Billing information: Payments are handled by a certified, PCI-compliant payment processor. Mira does not store, transmit, or have access to your full payment card number, bank account details, or financial credentials at any time.
Usage information: How you interact with the dashboard, features you access, and configuration settings, used to operate and improve the platform.
From staff members
Identity information: Name and contact details, typically provided by your employer when your account is created.
GPS location: Collected only during active shifts, from clock-in to clock-out. Collection is terminated automatically at the end of each shift and cannot be extended by your employer through the platform.
Shift records: Clock-in and clock-out timestamps, shift duration, and any compliance flags generated during the shift.
Incident reports: Written descriptions and any photographs you submit through the incident reporting feature during an active shift.
On Watch check-in data: For security shifts on eligible plans only. Whether you responded to a welfare check prompt, the time of your response, and any consecutive missed check-ins. This data is visible to your employer's authorized supervisors.
From website visitors
Standard web analytics including pages visited, session duration, browser type, and general geographic region derived from network information. This data is aggregated and does not identify you personally. We do not use it for advertising and we do not sell it.
3. How we use your information
Mira uses the information it collects strictly for the following purposes:
To operate the platform and deliver the services contracted by your organization.
To verify shift attendance, generate payroll data, and maintain shift history.
To enable incident reporting and maintain a complete, tamper-evident record for each organization.
To send service communications including receipts, security notifications, and support responses.
To improve platform reliability and performance using aggregated, anonymized data.
To comply with applicable legal obligations.
Mira does not use your personal data to train machine learning models, sell advertising, or profile individuals for any purpose outside the operation of the service.
4. Location data
Location data is among the most sensitive categories of personal information Mira handles. Our practices are designed to be the most restrictive reasonable interpretation of what is necessary to provide the service.
Collection window: GPS data is collected beginning at the moment a staff member clocks in and ending at the moment they clock out. There are no exceptions to this boundary.
Employer access: Location records during a shift are accessible to authorized administrators and supervisors within the employing organization for the purpose of verifying attendance and presence at an assigned location.
No post-shift access: Once a shift ends, no new location data is collected. Historical location records from completed shifts are retained only for the duration of the organization's plan history window, after which they are deleted.
No third-party sharing: Location data is never sold, shared with advertisers, or disclosed to any party other than the employing organization and the infrastructure providers necessary to store and transmit it securely.
Retention: Location records are deleted at the end of the applicable history period for the organization's subscription tier.
5. On Watch welfare checks
On Watch is a feature available on eligible plans for security operations. It sends periodic welfare check prompts to staff members during active shifts at randomized intervals. The following governs how that data is handled:
Check-in response data is recorded and made available to the employing organization's authorized supervisors.
Missed check-in records are informational. They indicate that a response was not received within the allotted window. They do not constitute a determination of any failure, misconduct, or policy violation on the part of the staff member.
On Watch data is collected only during active shifts. It is not collected before clock-in or after clock-out.
Employers activating On Watch are required by our Terms of Service to disclose its use to affected staff members prior to its activation. Mira does not independently verify that this disclosure has occurred and bears no responsibility for an employer's failure to comply.
6. HIPAA and protected health information
For organizations operating in home care and healthcare, Mira supports HIPAA-compliant use through the following safeguards:
Encryption: All data is protected using industry-standard encryption both when stored and when transmitted.
Access controls: Permissions are enforced at the data level, not only at the interface level, ensuring that staff members can access only the information relevant to their assigned role and clients.
Audit logging: All access to client records and shift data is logged with timestamps and is available to authorized administrators for review.
Data isolation: Each organization's data is completely separated from all other organizations on the platform.
Business Associate Agreements: Available on eligible plans for organizations that require a BAA to meet their HIPAA obligations. Contact hello@joinmira.io to initiate this process.
7. Data sharing
Mira does not sell personal information. Full stop. We share data only in the following limited circumstances:
With the employing organization: Shift records, location data during active shifts, incident reports, and On Watch check-in data are accessible to authorized administrators and supervisors within the organization that employs the staff member.
With infrastructure providers: Mira uses vetted, contracted third-party providers to process payments, host data, and deliver the application. These providers are permitted to process data only as necessary to provide their services to Mira and are contractually prohibited from using it for any other purpose.
When required by law: Mira may disclose data in response to a valid court order, subpoena, or lawful request from a government authority. Where legally permitted, Mira will attempt to notify the affected organization before complying.
In a business transfer: In the event of a merger, acquisition, or sale of substantially all assets, user data may be transferred as part of that transaction. Mira will notify affected users in advance and ensure that the receiving entity is bound by privacy obligations no less protective than those in this policy.
8. Data retention
Mira retains data only for as long as necessary to provide the service and meet legal obligations. The following retention periods apply:
Shift history and location records: Retained for the history window of the organization's subscription tier. Deleted automatically at the end of that window.
Account information: Retained for the life of the account and for 30 days following cancellation, after which it is deleted upon request.
Incident reports: Retained for the life of the account given their potential relevance to legal or regulatory proceedings.
Billing records: Retained as required by applicable financial and tax regulations.
9. Security
Mira implements and maintains industry-standard security practices across all layers of the platform, including encrypted data storage, secure data transmission, role-based access controls enforced at the data level, and regular security reviews. We take reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction.
No system can guarantee absolute security. In the event of a data breach that is reasonably likely to result in harm to affected individuals, Mira will notify affected organizations in accordance with applicable law. If you discover a potential security vulnerability, please report it to security@joinmira.io. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.
10. Your rights
Depending on your location, you may have rights regarding your personal data. These may include the right to access, correct, delete, or receive a copy of your data, and the right to object to or restrict certain types of processing.
California residents have additional rights under the California Consumer Privacy Act, including the right to know what categories of personal information have been collected about them, the right to request deletion, and the right to opt out of the sale of personal information. Mira does not sell personal information.
Staff members seeking to exercise data rights should be aware that Mira holds their data on behalf of their employer. In many cases, requests should be directed to the employing organization in the first instance. To exercise rights directly with Mira, contact privacy@joinmira.io. We will respond within the timeframe required by applicable law.
11. Children
The Mira platform is not intended for use by individuals under the age of 18. Mira does not knowingly collect personal information from minors. If we become aware that personal information has been collected from a minor without appropriate consent, we will take steps to delete that information promptly.
12. Changes to this policy
Mira may update this Privacy Policy as the platform evolves or as legal requirements change. When we make material changes, we will update the effective date at the top of this page and notify account holders by email in advance of the changes taking effect. Your continued use of Mira after updated terms take effect constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
13. Contact
For questions or concerns about this Privacy Policy or how Mira handles your data, contact us at privacy@joinmira.io. For general inquiries, reach us at hello@joinmira.io.