Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to MirrorWorks Smart FactoryOS ("we," "our," or "us"). We operate the manufacturing ERP platform accessible through our application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

• Full name (first and last name)

• Email address

• Phone number

• Job title and department

• Company/organization name

• Company address

• Tax identification numbers

• Profile photos (optional)

Business Information:

• Factory and facility details

• Manufacturing data and production schedules

• Inventory and supply chain information

• Customer and supplier information

• Sales and financial data

• Employee information (for administrators)

Technical Content:

• 3D models and CAD files uploaded to the platform

• Product designs and specifications

• Documents and reports

• Notes and comments

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• IP address

• Browser type and version

• Device information

• Operating system

• Access times and dates

• Pages viewed and actions taken

• Referring website addresses

2.3 Information from Third Parties

We may receive information about you from:

• Your organization's administrators

• Integration partners (when you connect third-party services)

• Payment processors (Stripe) for billing information

3. How We Use Your Information

We use the collected information to:

• Provide and maintain the Service: Including user authentication, data storage, and feature delivery

• Process transactions: Handle subscriptions and billing through our payment processor

• Communicate with you: Send service updates, security alerts, and support messages

• Improve our Service: Analyze usage patterns and optimize performance

• Ensure security: Detect and prevent fraud, unauthorized access, and other harmful activities

• Comply with legal obligations: Meet regulatory requirements and respond to legal requests

• Provide customer support: Respond to inquiries and resolve issues

3.1 Payment Information

We use Stripe as our payment processor. When you make a payment:

• We do not store credit card numbers or banking details on our servers

• Stripe processes and stores all payment information in compliance with PCI-DSS standards

• We only receive and store transaction identifiers and subscription status

• Payment data is used solely for billing, refunds, and fraud prevention

• For detailed payment terms, please refer to our Terms of Service

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored using:

• Supabase: Database, authentication, and file storage (utilizing AWS infrastructure)

• Amazon Web Services (AWS) S3: Additional file storage and backups

• Google Cloud Platform: Application hosting and deployment

• Stripe: Payment and billing information (PCI compliant, data stored on Stripe's secure servers)

Data centers are located in multiple regions including the United States and Australia. By using our Service, you consent to the transfer and storage of your information in these locations.

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL)

• Encryption at rest for sensitive data

• Secure authentication with Supabase Auth

• Role-based access controls

• Regular security updates and patches

• Secure API endpoints with proper authentication

• Regular backups and disaster recovery procedures

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following situations:

5.1 With Your Consent

We may share your information with your explicit consent.

5.2 Within Your Organization

• With other users in your organization based on their roles and permissions

• With your organization's administrators

5.3 Service Providers

We share data with third-party service providers:

• Supabase (database and authentication)

• Amazon Web Services (S3 storage and SES email service)

• Google Cloud Platform (hosting and infrastructure)

• Stripe (payment processing)

5.4 Legal Requirements

We may disclose information if required to:

• Comply with legal obligations

• Respond to valid legal requests from Australian or international authorities

• Protect our rights, privacy, safety, or property

• Prevent fraud or security issues

6. Data Retention

We retain your information for as long as:

• Your account is active

• Necessary to provide our services

• Required for legal, accounting, or reporting obligations

Upon account termination, we will delete or anonymize your personal data within 90 days, except where retention is required by law. Manufacturing data and 3D models may be retained longer if required for compliance or audit purposes.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access and receive a copy of your personal information.

7.2 Correction

You can update your account information through the Service settings or by contacting us.

7.3 Deletion

You may request deletion of your account and personal information, subject to legal retention requirements.

7.4 Opt-Out

You can opt-out of:

• Non-essential email communications

• Analytics tracking (through browser settings)

7.5 Do Not Track

We do not currently respond to Do Not Track browser signals.

8. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

9. International Data Transfers

Our Service operates globally. If you access our Service from outside Australia, please be aware that your information may be transferred to, stored, and processed in Australia, the United States, and other countries where our service providers operate. These countries may have different data protection laws than your country.

10. Australian Privacy Rights

As an Australian company, we comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Australian residents have the right to:

• Access personal information we hold about you

• Request correction of inaccurate information

• Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

• Request information about our privacy practices

11. Regional Privacy Rights

11.1 California (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected

• Right to know if personal information is sold or disclosed (we do not sell personal information)

• Right to say no to the sale of personal information

• Right to access personal information

• Right to request deletion

• Right to equal service and price

11.2 Canada (PIPEDA)

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act:

• Right to access personal information

• Right to challenge accuracy and completeness

• Right to withdraw consent (subject to legal restrictions)

• Right to file a complaint with the Privacy Commissioner of Canada

11.3 New Zealand

New Zealand residents have rights under the Privacy Act 2020:

• Right to access and correct personal information

• Right to complain to the Office of the Privacy Commissioner

• Right to request information about data breaches

11.4 Singapore

Singapore residents have rights under the Personal Data Protection Act:

• Right to access and correct personal information

• Right to withdraw consent

• Right to data portability

To exercise any of these rights, contact us at the information below.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

• Consent (where you have given consent)

• Contract (necessary for our service agreement)

• Legitimate interests (to operate and improve our business)

• Legal obligations (to comply with laws)

Additional Rights:

• Right to withdraw consent

• Right to lodge a complaint with supervisory authorities

• Right to data portability

• Right to restriction of processing

• Right to object to processing

13. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page

• Updating the "Last Updated" date

• Sending email notification for material changes

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

MirrorWorks Smart FactoryOS
Email: support@mirrorworks.app

For privacy-specific inquiries, please use "Privacy Inquiry" in your email subject line.

15. Cookie Policy

We use cookies and similar tracking technologies to:

• Maintain your session

• Remember your preferences

• Analyze Service usage

• Provide security features

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function

• Functional Cookies: Remember your preferences and settings

• Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

16. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites.

17. Manufacturing Data and Compliance

Given the sensitive nature of manufacturing data, we implement additional safeguards:

• Industry-standard encryption for all CAD files and 3D models

• Secure multi-tenancy ensuring data isolation between organizations

• Audit logs for all data access and modifications

• Compliance with manufacturing industry standards where applicable

18. Complaints and Disputes

If you have a complaint about our handling of your personal information:

1. Contact us at support@mirrorworks.app

2. We will investigate and respond within 30 days

3. If unsatisfied with our response, Australian residents may contact:

   • Office of the Australian Information Commissioner (OAIC)

   • Website: www.oaic.gov.au

   • Phone: 1300 363 992

19. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of New South Wales, Australia, without regard to its conflict of law provisions. While we make efforts to comply with local privacy laws where we operate, our primary legal obligations are under Australian law.

For any disputes arising from this Privacy Policy:

• Australian residents: Disputes will be resolved in the courts of New South Wales

• International users: We encourage resolution through our complaint process first, followed by arbitration if necessary

20. Global Operations Notice

MirrorWorks Smart FactoryOS operates globally. By using our Service from any location, you acknowledge that:

• Your data may be processed in Australia, United States, and other countries

• Different countries have different data protection standards

• We commit to applying Australian Privacy Principles as our baseline standard globally

• Additional protections may apply based on your location (GDPR, CCPA, etc.)

• For commercial terms, payment obligations, and service levels, please refer to our Terms of Service

By using our Service, you acknowledge that you have read
and understood this Privacy Policy and agree to its terms.