What we collect
Account data: email address, OAuth provider sub if you log in with Google or GitHub. That is everything in our database keyed to you, excluding billing data which lives entirely in Stripe.
Telemetry: opt-in only. If you toggle "share latency measurements" we receive p50/p90 first-token latency numbers anonymized to a random session ID. No transcript content is ever included.
What we do not collect
Your résumé and STAR stories: stored in localStorage on your device. We do not have a copy. They are sent to the LLM provider you selected (Anthropic, Google, etc.) as part of the per-session system prompt — we do not store the prompt, the response, or any intermediate state.
Audio: streamed to the STT provider (Deepgram by default, configurable to whisper.cpp on-device on Apple Silicon). We never proxy or archive audio. The transcript is held in renderer memory and discarded when the session ends.
Interview content: we do not log questions, answers, or conversation turns. The product is fundamentally pass-through.
BYOK option
For users with stricter privacy needs, you can configure your own LLM and STT API keys (Anthropic, Google, Deepgram, Soniox) and the desktop app will route traffic directly to those providers from your machine. Our backend is not in the path.
Subprocessors
Stripe for billing. Vercel for hosting this marketing site. Plausible for privacy-respecting analytics (no cookies, no cross-site tracking). Resend for transactional email.
Contact
Privacy questions: hi@mirly.com. We respond within 48 hours, including for GDPR/CCPA data-deletion requests.