Privacy Policy

Last updated: April 9, 2026

Mirra World, Inc. (“we,” “us,” “our”) operates Clo, an AI companion accessible via Telegram and iOS. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Information you provide:

• Account information: your Telegram user ID or Apple ID, and timezone
• Messages: everything you send to Clo
• Onboarding responses: whether you have a support network (yes/no)

Information we derive:

• Conversation summaries and facts extracted from your messages (e.g., your name, interests, life details you share with Clo)
• Safety signals: we scan messages for signs of distress to surface crisis resources when needed

Information collected automatically:

• Device tokens for push notifications (iOS)
• Usage data: daily message counts

2. How We Use Your Information

• To operate Clo: your messages are processed by AI models to generate responses, and stored to maintain conversation continuity
• To maintain Clo’s memory: we extract and store facts from your conversations so Clo remembers what you’ve shared
• To keep you safe: we scan for distress signals and surface crisis resources when needed
• To manage your subscription and enforce usage limits
• To deliver push notifications

3. Third-Party Services

Your messages are sent to third-party AI providers for processing. We currently use:

• Moonshot AI (Kimi)— primary AI provider
• Anthropic— fallback AI provider

These providers process your messages solely to generate Clo’s responses. We do not sell your data to these or any other providers.

We also use:

• Supabase— database hosting (PostgreSQL, US-based)
• Railway— application hosting
• Vercel— website hosting
• Apple— authentication and subscription management (iOS)
• Telegram— message delivery (beta)

4. Data Retention

• Your messages and conversation history are retained for as long as your account is active
• Older messages are summarized into compressed narratives; the original messages are also retained in our database
• You may request deletion of your data at any time by contacting us
• During the beta period, we may retain anonymized usage data for product improvement

5. Data Security

• All data is encrypted at rest and in transit (TLS)
• Database access is controlled via row-level security policies
• Messages are not end-to-end encrypted — server-side processing is required for the AI to function

6. Your Rights

California residents (CCPA/CPRA):

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information — we do not sell or share your personal information

All users:

• You can delete your account at any time through the app
• You can request a copy of your data by contacting us

7. Children’s Privacy

Clo is not intended for anyone under 18. We do not knowingly collect information from anyone under 18. If we learn we have collected information from someone under 18, we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or by updating the date at the top of this page.

9. Contact

If you have questions about this policy, contact us at contact@heyclo.app.