Privacy Policy
MirrorMap is run by Dan McCarthy. This policy explains what we collect, what we don’t, and what we do with it. We try to be straightforward.
The short version
We collect the minimum we need to charge you for a subscription and deliver routing to your watch. That includes accessing your location while you’re using the app, because routing requires knowing where you are. We don’t store your location, we don’t sell anything to advertisers, and we don’t share data except where we have to in order to provide the service.
What we collect
When you subscribe to MirrorMap Routes or MirrorMap Dash, we collect:
- Your email address — needed to deliver your access code and any service emails (renewal, cancellation, etc.).
- Payment information — handled directly by Stripe (Routes) or Google Play (Dash). We never see your card number; we only see whether payment succeeded.
- Subscription metadata — an internal customer ID and subscription ID from Stripe or Google Play, plus the status of your subscription.
- Your MirrorMap access code — the code we issued you, so we can validate it when your watch makes API requests.
- Per-day usage counts — the number of routing or geocoding API calls your code has made today, plus the timestamp of the most recent call. Used to enforce daily quotas and detect abuse. Reset to zero every night.
-
Your location (precise GPS). MirrorMap needs your
location to compute routes and follow turn-by-turn navigation. While
you’re using the app, your device’s GPS coordinates are
sent through our backend to Google’s Routes API (for routing)
or Geocoding API (for address lookups) so Google can return
directions. We process these coordinates in memory only and discard
them once the response comes back — we don’t store your
location history, your trips, or any individual route you took. All
transmission is encrypted in transit (HTTPS/TLS).
- MirrorMap Dash (Android) accesses your phone’s precise location directly through Android, including background location, so the app can keep mirroring Google Maps navigation onto your watch while your phone is in your pocket or the screen is off. An in-app disclosure explains this before Android prompts you for the permission.
- The MirrorMap watchapp (on Pebble) uses your phone’s GPS — accessed through the Pebble app — to power its on-device navigation features. If you have a MirrorMap Routes subscription, the watchapp also sends origin and destination coordinates through our backend to Google’s Routes API to compute routes, and to Google’s Geocoding API to resolve address searches. Without a Routes subscription, the watchapp uses your location only locally on your phone and watch — it doesn’t transmit your coordinates to our backend, to Google, or anywhere else.
What we don’t collect
- Browsing or analytics data on this website. No Google Analytics, no Facebook pixel, no cookies for tracking. Just the request logs your browser makes for static pages.
- Anything from the free tier. If you’re using MirrorMap without a code, you don’t talk to our backend at all and we have no record of you.
- Your location history. We pass coordinates through to Google in real time to get a route back. We don’t log where you’ve been, build a profile of your movements, or retain your trips.
Third parties we use
Providing MirrorMap involves a handful of vendors. They each see only the data they need to do their job.
- Stripe — handles payments for MirrorMap Routes. Subject to Stripe’s privacy policy.
- Google Play — handles payments and distribution for MirrorMap Dash on Android. Subject to Google’s privacy policy.
- Google Maps Platform — provides the routing and geocoding APIs your subscription pays to access. Receives your precise location (origin, destination, and waypoints) when you request a route or look up an address. We forward these requests through our backend so your individual queries aren’t tied to your identity. Subject to Google’s privacy policy.
- Resend — delivers your code-delivery emails. Sees your email address. Subject to Resend’s privacy policy.
- Firebase / Google Cloud — hosts our backend and stores your access-code record. Subject to Google’s privacy policy.
- Cloudflare — handles DNS for mirrormap.app.
Cookies
This website doesn’t set any cookies. Stripe’s checkout pages do set cookies during your subscription flow; those are governed by Stripe’s policy.
How long we keep things
We keep your access-code record for as long as your subscription is active, plus a short period afterward for accounting and abuse detection. Location coordinates are not retained — they exist in memory only for the duration of a single routing or geocoding request and are discarded once Google returns a response. If you cancel and ask us to delete your remaining account data entirely, we will, subject to legal retention requirements.
Your rights
You can email us at hello@mirrormap.app at any time to:
- Get a copy of the data we have on you
- Correct something that’s wrong
- Delete your data (subject to legal retention requirements)
- Cancel your subscription
If you’re in the EU/UK, you have the rights laid out in the GDPR or UK GDPR. If you’re in California, you have the rights laid out in the CCPA/CPRA. We’ll honor them. We’re a small operation and easier to reach than the big platforms; just email us.
Children
MirrorMap Dash is intended for users 18 and over; on the Google Play Store, distribution and subscription purchases are restricted to adult users. The MirrorMap watchapp (on Pebble) is also intended for adult users and isn’t directed at children. We don’t knowingly collect data from children under 13. If we find out we have, we delete it.
Changes
If this policy changes materially, we’ll email anyone with an active subscription. The effective date at the top will always reflect the most recent version.
Contact
Questions? hello@mirrormap.app.