Privacy Policy

Last updated: March 24, 2026

NextLevel Portugal ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Mira mobile application ("App"), and what rights you have over your data.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

1. Who We Are

NextLevel Portugal is the data controller responsible for processing your personal data through the Mira App.

Contact form

2. Information We Collect

2.1 Account Information

When you log in using a third-party authentication provider (Google or Apple), we receive basic profile information from that provider, which may include:

  • Your name
  • Your email address
  • A unique identifier from the authentication provider

We use this exclusively to create and identify your account.

2.2 Subscription Data

All subscription information you enter into the App is stored and managed by you. This includes:

  • Subscription name, price, and billing cycle
  • Start dates, renewal dates, and trial periods
  • Payment method labels (e.g., "Visa," "PayPal") — not actual card numbers or banking credentials
  • Personal notes and categories
  • Shared participant names and cost splitting

We do not collect or store actual financial credentials, bank account numbers, or payment card data.

2.3 Device and Technical Information

To provide the App's core functionality, we may process:

  • Device type and operating system version
  • App version
  • Language and currency preferences
  • Device tokens for push notifications (if you grant permission)

2.4 Usage Analytics

We collect anonymized and aggregated information about how the App is used (e.g., which features are accessed, general usage patterns). This data does not personally identify you and is used exclusively to improve the App.

3. How We Use Your Information

We use the collected information to:

  • Provide the service — create and maintain your account, store and sync your subscription data across devices
  • Send reminders — deliver push notifications about upcoming payments (only if you grant permission)
  • Process payments — facilitate Mira Premium purchases through the App Store or Google Play
  • Improve the App — analyze anonymized usage data to identify issues and enhance features
  • Comply with legal obligations — fulfill our obligations under applicable law

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal bases:

Processing Activity Legal Basis
Account creation and authenticationContract performance (Art. 6(1)(b) GDPR)
Data storage and synchronizationContract performance (Art. 6(1)(b) GDPR)
Push notification remindersConsent (Art. 6(1)(a) GDPR) — revocable at any time
Usage analyticsLegitimate interests (Art. 6(1)(f) GDPR) — App improvement
Compliance with legal requirementsLegal obligation (Art. 6(1)(c) GDPR)

5. Data Storage and Security

5.1 Local Storage

Your subscription data is stored encrypted on your device using the security mechanisms provided by your operating system:

  • iOS: Keychain (hardware-backed encryption)
  • Android: Encrypted Keystore

5.2 Cloud Storage

For account management and optional synchronization, your data is stored in a secure cloud database:

  • All data is encrypted in transit using TLS
  • Data at rest is encrypted
  • Access is restricted exclusively to your authenticated account

5.3 What We Do Not Store

We never store:

  • Payment card numbers or CVVs
  • Bank account credentials
  • Passwords (authentication is delegated entirely to Google or Apple)
  • Sensitive personal data (health data, identity documents, etc.)

6. Data Retention

  • Account and subscription data: Retained while your account is active. When you delete your account, all associated data is permanently deleted from our servers within a reasonable timeframe.
  • Local device data: Remains on your device until you uninstall the App or clear the app data.
  • Anonymized analytics data: May be retained in aggregated form indefinitely, as it cannot be linked to you.

7. Third-Party Services

To operate the App, we work with third-party service providers in the following categories:

  • Authentication providers — manage secure login via Google or Apple
  • Cloud infrastructure — host the database and backend services
  • Payment processors — manage App subscriptions via App Store or Google Play
  • Push notification services — deliver payment reminders to your device
  • Analytics providers — process anonymized usage events to help us improve the App

Each of these providers has its own privacy policy and acts as a data processor under our instruction or as an independent controller. We share only the minimum data necessary for each service to function.

8. Data Sharing

We do not sell, rent, or commercialize your personal data.

We may share your data only in the following circumstances:

  • With service providers listed above, to the extent necessary to operate the App
  • To comply with legal obligations, such as a court order or legal process
  • To protect rights and safety, if we believe disclosure is necessary to protect the rights, property, or safety of NextLevel Portugal, our users, or third parties

9. Your Rights (GDPR)

You have the following rights regarding your personal data:

Right Description
AccessRequest a copy of the personal data we hold about you
RectificationRequest correction of inaccurate or incomplete data
ErasureRequest deletion of your personal data ("right to be forgotten")
RestrictionRequest that we limit the processing of your data
PortabilityReceive your data in a structured, machine-readable format
ObjectionObject to processing based on legitimate interests
Withdraw ConsentWithdraw any previously given consent at any time

How to exercise your rights:

  • Delete your account: Settings → Delete Account in the App (permanently removes all cloud data)
  • Other requests: Contact us via contact form

We will respond to your request within 30 days. We may request identity verification before processing your request.

10. Children's Privacy

The App is not directed to children under 13 years old. We do not knowingly collect personal data from children under 13. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe we may have collected information from a child, please contact us via contact form.

11. International Data Transfers

NextLevel Portugal is based in Portugal (EU). Some of our third-party service providers may process data outside the European Economic Area. When such transfers occur, we ensure they are subject to appropriate safeguards as required by the GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by:

  • Displaying a notice within the App, or
  • Sending an email to your account email address

The "Last updated" date at the top of this document will always reflect the most recent version. We encourage you to review this policy periodically.

13. Contact and Complaints

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

NextLevel Portugal
Contact form

If you are located in the EU and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your national data protection authority.