Privacy Policy
1. Data Controller
The data controller is Mirai Societe (sole proprietorship of Leon Hieber), Strasbourg, France. Contact: mirai.societe@gmail.com.
2. Processed Data (Minimisation Principle)
Account data: email, identifiers, language or settings, proof of acceptance of the TOS and Privacy Policy. Billing: payment references (via Stripe), amounts, currency, transaction status, country for VAT. Support: messages sent to support and technical metadata provided voluntarily to investigate an incident. Technical operation: metadata strictly necessary for service operation (for example the peer WireGuard state to establish a session), never correlated to browsing activity.
3. Purposes and Legal Bases
Contract performance: provide the VPN service, manage the account, billing, and assistance. Legal obligations: accounting, taxation, fraud prevention. Legitimate interest: service security, abuse prevention, reasonable experience improvement (no advertising profiling). Consent (if applicable): non-essential analytics cookies or marketing communications (opt-in).
4. Subcontractors and Recipients
Stripe (payments) - Stripe Payments Europe Ltd / Stripe, Inc. Resend (transactional emails). Vultr and VPSserver.com (hosting and VPN servers). These service providers act only on instruction from Mirai Societe and offer appropriate security and confidentiality guarantees.
5. Transfers Outside the EU
When data is transferred to third countries, Mirai Societe implements appropriate safeguards (Standard Contractual Clauses and complementary technical or organisational measures).
6. Retention Periods
Accounts: for the duration of the contractual relationship, then limited archiving for legal obligations or proof. Billing: legal retention for accounting and tax purposes according to applicable law. Support: retained for the time necessary to process the request, then purged regularly. Technical operation: retained for the time strictly necessary for service operation.
7. Data Subject Rights
Rights of access, rectification, erasure, restriction, objection, portability, and post-mortem directives (France). Exercise of rights: mirai.societe@gmail.com. Responses are provided within 30 days. Right to complain: to the CNIL (cnil.fr) or the competent local authority.
8. Security
Technical and organisational measures include encryption, access compartmentalisation, administrative logging, regular review of subcontractor access, and firewalls or IDS on VPS nodes. There is no correlation between account identity and encrypted VPN traffic (NoLogs).
9. Cookies and Traceability
See the Cookies and Traceability Policy. No advertising cookies are used. Analytics are subject to prior consent.
10. Modifications
Any substantial modification to this policy will be notified by reasonable means. The updated version prevails.
Refund and data retention
MiraiVPN honours refund requests within 48 hours max after activation, provided usage stays within the fair-use threshold. Operational logs are limited to running the service and are purged after aggregation.