Legal
Privacy Policy
Last updated 3 July 2026
MiraDesk (“MiraDesk”, “we”, “us”) provides a customer-support platform: a unified agent inbox, an embeddable chat widget, and public help-center pages. This policy explains what personal data we handle, why, and the choices you have. It applies to miradesk.live and its subdomains.
1. The two roles we play
MiraDesk serves business customers (“Customers”) who use it to talk to their own end-users. Our responsibilities differ depending on whose data is involved:
- As a controller — for the personal data of the agents and admins who sign up for a MiraDesk account (name, email, login and billing details). We decide how that data is used.
- As a processor— for the personal data contained in support conversations that a Customer’s end-users send them (messages, attachments, contact details). We process this only on the Customer’s behalf and under their instructions, to provide the service.
2. Information we collect
- Account data: name, work email, password (hashed by our authentication provider), workspace and role, and preferences.
- Support content:the messages, email threads, chat transcripts, tickets, and attachments exchanged through MiraDesk, plus contact identifiers (such as the end-user’s email address) needed to route them.
- Billing data: subscription plan and payment status. Card details are handled directly by our payment processor (Stripe) — we do not store full card numbers.
- Usage & technical data: log data, IP address, browser and device information, and product analytics needed to operate, secure, and improve the service.
- Cookies & local storage:a session cookie for the chat widget and browser storage to keep you signed in. See “Cookies” below.
3. How we use personal data
- To provide, maintain, and secure the support platform.
- To deliver transactional email on a Customer’s behalf — support replies, agent notifications, and workspace invitations. We do not send marketing email through the platform to end-users.
- To generate optional AI assistance (draft replies, summaries, sentiment) when a Customer enables it.
- To handle billing, prevent abuse, and comply with legal obligations.
- To respond to support requests and account communications.
4. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the service you signed up for); legitimate interests (to secure, operate, and improve MiraDesk, balanced against your rights); consent (where required, e.g. non-essential cookies); and legal obligation(e.g. tax and accounting). For end-user support data we act on our Customer’s legal basis as their processor.
5. Service providers & sub-processors
We share data only with vendors that help us run MiraDesk, under contracts that require them to protect it. Current sub-processors:
- Amazon Web Services (AWS) — cloud hosting, email send/receive (SES), object storage (S3), and messaging (SNS). Region: EU (Ireland), eu-west-1.
- Supabase — managed Postgres database, authentication, and file storage.
- Vercel — hosting for the dashboard and marketing site.
- Cloudflare — DNS and content delivery for the chat widget.
- Stripe — subscription billing and payment processing.
- Groq — inference for optional AI features (draft replies, summaries, sentiment), used only when enabled.
We do not sell personal data. We may disclose data if required by law or to protect the rights, safety, and security of MiraDesk, our Customers, or the public.
6. International transfers
MiraDesk is hosted in the EU (Ireland). Where a provider processes data outside your region, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
7. Data retention
We keep account and support data for as long as the account is active and as needed to provide the service. A Customer can delete conversations from their workspace, and we delete or anonymise data within a reasonable period after an account is closed, unless we must retain it for legal, tax, or security reasons. Suppression records (addresses that bounced or complained) are retained to protect email deliverability.
8. Security
We protect data in transit with TLS and authenticate outbound email with DKIM, SPF, and DMARC. Access to production systems is restricted and audited, secrets are stored encrypted, and stored sensitive credentials are encrypted at rest. No system is perfectly secure, but we work to protect your data using industry practices.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. For account data, contact us using the details below. For support data held on a Customer’s behalf, please contact that Customer (the business you were talking to); we will assist them as their processor.
10. Cookies & local storage
We use strictly necessary cookies and browser storage to keep agents signed in and to maintain a chat-widget session. We do not use third-party advertising cookies. You can clear these through your browser, though the product may not function correctly without them.
11. Children
MiraDesk is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16.
12. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by notifying account holders.
13. Contact us
Questions or requests about privacy? Email privacy@miradesk.live or support@miradesk.live.