Privacy Policy

Last Updated: February 8, 2026

1. Overview

Phext, Inc. ("we", "us", "our") operates Mirrorborn services. This Privacy Policy explains how we collect, use, and protect your personal information.

Our commitment: We collect minimal data, never sell your information, and give you control over your data.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Username (chosen during signup)
  • Payment information (processed by Stripe, not stored by us)

Usage Data

  • API requests (timestamp, endpoint, response time)
  • Login timestamps and IP addresses (for security)
  • Error logs (for debugging and service improvement)

Content You Store

  • Phext scrolls stored in SQ Cloud
  • Metadata (coordinate addresses, timestamps, scroll sizes)
  • API keys you generate

What We Don't Collect

  • Browsing history outside our services
  • Third-party tracking cookies
  • Biometric or sensitive personal data
  • Credit card numbers (handled by Stripe)

3. How We Use Your Information

We use collected information to:

  • Provide services: Store your data, process API requests, manage accounts
  • Communicate: Send service updates, security alerts, billing notifications
  • Improve services: Analyze usage patterns, fix bugs, optimize performance
  • Security: Detect abuse, prevent fraud, enforce terms of service
  • Legal compliance: Respond to subpoenas, court orders, legal obligations

We never: Sell your data, share it with advertisers, or use it for targeted ads.

4. Data Storage & Security

Your data is stored on servers managed by Phext, Inc. in the United States.

Security measures:

  • HTTPS/TLS encryption for all connections
  • API authentication via JWT tokens
  • Regular backups (encrypted)
  • Access controls limiting who can view data

Backups: We perform automated backups for disaster recovery. Backups are retained for 30 days.

While we implement industry-standard security, no system is 100% secure. You are responsible for keeping your credentials safe.

5. Data Sharing

We share data only in these limited cases:

  • Stripe: Payment processing (email, billing info)
  • Service providers: Hosting infrastructure (AWS, as needed)
  • Legal requirements: Court orders, subpoenas, law enforcement requests
  • Business transfers: If Phext, Inc. is acquired, your data may transfer to the new owner

We do NOT share data with:

  • Advertisers or data brokers
  • Social media platforms
  • Analytics companies (we may add privacy-first analytics like Plausible in the future)

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Export: Download your scrolls via API
  • Delete: Request account deletion (data removed within 30 days)
  • Correct: Update your email or username
  • Opt-out: Unsubscribe from marketing emails (service emails still sent)

To exercise these rights, contact privacy@phext.io.

7. Data Retention

We retain data for:

  • Active accounts: Indefinitely (as long as you subscribe)
  • Canceled accounts: 30 days (for recovery/export)
  • Logs: 90 days (for security and debugging)
  • Backups: 30 days (rolling window)

After these periods, data is permanently deleted.

8. Cookies & Tracking

We use minimal cookies:

  • Session cookies: Keep you logged in (JWT token in httpOnly cookie)
  • Preference cookies: Remember light/dark mode, language (localStorage, not cookies)

We do NOT use:

  • Third-party tracking cookies (Google Analytics, Facebook Pixel, etc.)
  • Advertising cookies
  • Cross-site tracking

If we add analytics in the future, we will use privacy-first tools (e.g., Plausible) and update this policy.

9. Third-Party Services

Stripe: Handles payments. See Stripe's Privacy Policy.

Discord: Community chat. See Discord's Privacy Policy.

We are not responsible for third-party privacy practices.

10. International Users

Our services are hosted in the United States. By using Mirrorborn, you consent to data transfer to the US.

If you are in the EU/EEA, you have rights under GDPR (right to access, deletion, portability, etc.). Contact privacy@phext.io to exercise these rights.

11. Children's Privacy

Our services are not intended for users under 13. We do not knowingly collect data from children.

If you believe a child has created an account, contact privacy@phext.io and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or service announcement.

Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions or requests:

Phext, Inc.
Email: privacy@phext.io
General Support: support@phext.io
Discord: discord.gg/kGCMM5yQ