Privacy Policy
Last updated: March 24, 2026
NextLevel Portugal ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Mira mobile application ("App"), and what rights you have over your data.
By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Who We Are
NextLevel Portugal is the data controller responsible for your personal data processed through the Mira App.
2. Information We Collect
2.1 Account Information
When you sign in using a third-party authentication provider (Google or Apple), we receive basic profile information from that provider, which may include:
- Your name
- Your email address
- A unique identifier from the authentication provider
We use this solely to create and identify your account.
2.2 Subscription Data
All subscription information you enter into the App is stored and managed by you. This includes:
- Subscription name, price, and billing cycle
- Start dates, renewal dates, and trial periods
- Payment method labels (e.g., "Visa", "PayPal") — not actual card numbers or banking credentials
- Personal notes and categories
- Shared participant names and cost splits
We do not collect or store actual financial credentials, bank account numbers, or payment card details.
2.3 Device and Technical Information
To provide core app functionality, we may process:
- Device type and operating system version
- App version
- Preferred language and currency settings
- Push notification device tokens (if you grant permission)
2.4 Usage Analytics
We collect anonymised, aggregated information about how the App is used (e.g., which features are accessed, general usage patterns). This data does not identify you personally and is used solely to improve the App.
3. How We Use Your Information
We use the information we collect to:
- Provide the service — create and maintain your account, store and sync your subscription data across devices
- Send reminders — deliver push notifications about upcoming payments (only if you grant permission)
- Process payments — facilitate in-app purchases of Mira Premium through the App Store or Google Play
- Improve the App — analyse anonymised usage data to identify issues and enhance features
- Comply with legal obligations — meet our obligations under applicable law
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract (Art. 6(1)(b) GDPR) |
| Storing and syncing subscription data | Performance of a contract (Art. 6(1)(b) GDPR) |
| Push notification reminders | Consent (Art. 6(1)(a) GDPR) — you can revoke at any time |
| Usage analytics | Legitimate interests (Art. 6(1)(f) GDPR) — improving the App |
| Compliance with legal requirements | Legal obligation (Art. 6(1)(c) GDPR) |
5. Data Storage and Security
5.1 Local Storage
Your subscription data is stored encrypted on your device using the security mechanisms provided by your operating system:
- iOS: Keychain (hardware-backed encryption)
- Android: Encrypted Keystore
5.2 Cloud Storage
For account management and optional data sync, your data is stored in a secure cloud database:
- All data is encrypted in transit using TLS
- Data at rest is encrypted
- Access is restricted solely to your authenticated account
5.3 What We Do Not Store
We never store:
- Payment card numbers or CVVs
- Bank account credentials
- Passwords (authentication is delegated entirely to Google or Apple)
- Sensitive personal data (health data, government IDs, etc.)
6. Data Retention
- Account and subscription data: Retained while your account is active. When you delete your account, all associated data is permanently deleted from our servers within a reasonable timeframe.
- Local device data: Remains on your device until you uninstall the App or clear app data.
- Anonymised analytics data: May be retained in aggregated form indefinitely as it cannot be linked back to you.
7. Third-Party Services
To operate the App, we work with third-party service providers in the following categories:
- Authentication providers — handle secure sign-in via Google or Apple
- Cloud infrastructure — host the database and backend services
- Payment processors — manage in-app subscriptions via the App Store or Google Play
- Push notification services — deliver payment reminders to your device
- Analytics providers — process anonymised usage events to help us improve the App
Each of these providers has its own privacy policy and acts either as a data processor under our instruction or as an independent data controller. We share only the minimum data necessary for each service to function.
8. Data Sharing
We do not sell, rent, or trade your personal data.
We may share your data only in the following circumstances:
- With service providers listed above, to the extent necessary to operate the App
- To comply with legal obligations, such as a court order or legal process
- To protect rights and safety, if we believe disclosure is necessary to protect the rights, property, or safety of NextLevel Portugal, our users, or others
9. Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request that we limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw any previously given consent at any time |
How to exercise your rights:
- Delete your account: Settings → Delete Account within the App (this permanently removes all cloud data)
- All other requests: Contact us at contact form
We will respond to your request within 30 days. We may ask you to verify your identity before processing the request.
10. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe we may have collected information from a child, please contact us at contact form.
11. International Data Transfers
NextLevel Portugal is based in Portugal (EU). Some of our third-party service providers may process data outside the European Economic Area. When such transfers occur, we ensure they are subject to appropriate safeguards as required by GDPR, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognising equivalent data protection standards
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by:
- Displaying a notice within the App, or
- Sending an email to the address associated with your account
The "Last updated" date at the top of this document will always reflect the most recent version. We encourage you to review this policy periodically.
13. Contact and Complaints
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
NextLevel Portugal
Contact form
If you are located in the EU and believe we have not adequately addressed your concern, you have the right to lodge a complaint with the Portuguese data protection authority:
CNPD — Comissão Nacional de Proteção de Dados
Website: www.cnpd.pt