Privacy Policy

We Do Not Store Your Videos

MIR Capture never uploads, stores, or processes your video or image files. All media stays on your device. During capture, only cryptographic hashes (SHA-256 digests) and metadata are transmitted to our servers — never the media itself.

What We Collect

• Account information — name, email address, and hashed password when you create an account.
• Capture session metadata — device platform, capture timestamps, session duration, and media type (e.g., "video/webm"). No media content.
• Hash chain entries — SHA-256 frame hashes, sequence numbers, timestamps, and optionally GPS coordinates and motion sensor data if you grant permission.
• API keys — stored as SHA-256 hashes; we cannot recover the original key.
• Signing public keys — your public signing key is stored to enable assertion verification. Private keys never leave your device.
• Server logs — IP addresses, request paths, and timestamps for security and operational purposes.

What We Do Not Collect

• Video or image files
• Audio recordings
• Cookies for advertising or tracking
• Behavioral analytics or usage profiling

How We Use Your Data

Your data is used solely to operate the MIR Capture service:

• Authenticating your account and API requests
• Building and validating hash chains for capture provenance
• Creating and verifying cryptographic assertions on the MIR Assertions registry
• Maintaining service security and preventing abuse

Data Sharing

We do not sell, rent, or share your personal data with third parties.

We will only disclose information if required by law, such as in response to a valid subpoena, court order, or government request.

Public Assertions

When you create a capture assertion, the following information is published to the MIR Assertions registry and is publicly verifiable:

• The SHA-256 hash of the captured media
• Your issuer name (display name)
• The assertion timestamp
• Your cryptographic signature

This is by design — public verifiability is the core purpose of the service. Do not create assertions for media you do not wish to be associated with.

Data Retention

Account data and capture session metadata are retained for as long as your account is active. Assertions published to the MIR Assertions registry are permanent and cannot be deleted, as they serve as a public record of provenance.

Server logs are retained for up to 90 days.

Security

All data is transmitted over HTTPS. API keys are stored as irreversible SHA-256 hashes. Private signing keys are generated and stored exclusively on your device using platform secure storage and are never transmitted to our servers.

Contact

For questions about this privacy policy or your data, contact us at privacy@mircapture.com.