Privacy Policy
We, Mirelo AI GmbH ("Mirelo" or "we""us"), would like to thank you for visiting our website and for your interest in our services.
We offer a platform that enables users to generate and edit audio, such as sound effects and music, through a web- based application powered by AI technology (our "AI Model/s"), making it easier to create powerful audio content ("Platform" and/or our "Service/s").
When you visit and use our website and our Platform and when you enter into or are interested in a contractual relationship with us, your personal data may be processed. The protection of your personal data is important to us, and we would like to inform you with this privacy policy in accordance with Art. 13 of the EU General Data Protection Regulation ("GDPR") about how we handle your personal data (hereinafter also referred to only as "data").
Last updated: 07.02.2025
- A. General informationB. Processing activities
- I. Customers, business partners and interested partiesII. Visiting our websiteIII. Use of our Online Offer and Platform
- 1. Joining our Waitlist2. Contacting us3. Creating an Account, Registration and Login4. User Questionnaires5. Use of our Platform6. Development and Improvement of our Services7. Newsletter / E-mail Marketing8. Job Application
A. General information
I. Definitions
Our privacy policy should be easy to read and understand for our website visitors, our Platform users and customers, business partners and interested parties. To ensure this, we would like to explain the most important terms. We use the following terms, among others, in this privacy policy:
- "personal data" means any information relating to an identified or identifiable natural person (hereinafter "Data Subject"), e.g. name, address, email addresses, user behaviour;
- "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
The Controller within the meaning of Art. 4 (7) GDPR is Mirelo AI GmbH Riedstraße 35 72070 Tübingen legal@mirelo.ai For specific questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you can contact the above-mentioned contact points at any time.
B. Processing activities
I. Customers, business partners and interested parties
If you are already a customer, business partner or prospective customer of our Services and a contractual, quasi-contractual or pre-contractual business relationship exists with us, we process the following data where necessary:
- Inventory data (e.g. first and last name, address, company, location)
- Contact details (e.g. e-mail address, telephone number)
- Payment data (e.g. bank details, billing information, payment history).
Before or when collecting this data, we will inform you transparently about what information is required. We process this data in particular to communicate with you, to respond to your enquiries, to fulfil our contractual obligations and to safeguard our rights.
The legal basis for this processing results from Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfilment and pre-contractual measures), Art. 6 para. 1 sentence 1 lit. c GDPR (with regard to a legal obligation) and otherwise from Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).
II. Visiting our website
1. Log files
When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the following personal data that your browser transmits to our server:
- IP address
- Date and time of the enquiry
- Country/City/Region
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (page visited)
- Access status/HTTP status code
- Amount of data transferred in each case
- Previously visited page
- Browser type
- Operating system used
- Language and version of the browser software
- Host name of the accessing computer
This data is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.
We use cookies on some areas of our website. Cookies are small text files that are stored by the browser on your end device (e.g. computer, tablet or mobile phone) when you visit a website and can be read by us or a third-party provider. They are used to identify your end device for a certain period of time.
Some of the cookies we use are so-called "session cookies", which are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
Some cookies are necessary for the use of our website. These cookies are not used for analysis, tracking, advertising or other non-essential purposes. Some of them only contain information about specific settings and are not personalised. These cookies are essential for user guidance, security and the operation of the website. We use these cookies on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest) to ensure basic functions of the website.
You can set your browser so that you are informed about the placement of cookies, which makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note, however, that this may result in our website no longer being displayed and some functions may no longer be technically available.
In addition, we also use technically non-essential cookies on the basis of your consent. This processing only takes place with your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 of the Telecommunications Digital Services Data Protection Act (TDDDG). You can revoke your consent at any time by clicking on the icon at the bottom of the screen and making the desired settings in the cookie consent banner that opens.
For more information on the individual cookies we use on our website, please refer to this privacy policy or our cookie consent banner.
III. Use of our Online Offer and Platform
1. Joining our Waitlist
To join our waitlist, we require you to provide your email address. This is provided voluntarily by users who subscribe to early access to our Services (i.e. the free beta version). We collect and process this data when you request to be placed on our waitlist to use our Services. If you have chosen to be added to the waitlist, we will send you emails to confirm your successful inclusion on the waitlist, to update you about our Services, including product launch information and we may send you follow up questions to better understand your needs and expectations regarding our Services. In the context of such follow-up questions, we may ask you to provide additional personal data, such as your first name, surname, and a description of your use case. We may also inquire about your industry, role, prior experience with similar tools, interest in our Services, how you plan to use our Services, your willingness to provide feedback on our Services, and details of your project if you'd like to be considered for priority access to our Services.
When you join our waitlist and express an interest in using our Services, the processing of your data is based on the legal grounds of Art. 6 para. 1 sentence 1 lit. b GDPR, as it is necessary for entering into or performing a contract with you and to analyse your individual needs and expectations for our Services. We may also have a legitimate interest as per Art. 6 para. 1 sentence 1 lit. f GDPR in keeping you informed about our market expansion and related Service updates, as long as this does not override your rights and freedoms.
2. Contacting us
If you contact us (e.g. via an online contact form, email or social media), your data will be processed insofar as this is necessary to answer your contact enquiry and to carry out the requested measures.
Regardless of the type of communication selected, we process the content of your enquiry (e.g. entries in online contact forms: First and last name, company, e-mail address, telephone number, if applicable, and other voluntary information).
We process your data for the following purposes: to communicate with you individually, to process and respond to your enquiries and to provide you with the information or services you require.
We process your data to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to respond appropriately to contact enquiries. If there is already a customer relationship with us or you are enquiring about a Service offered, the processing is carried out to implement (pre-)contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
3. Creating an Account, Registration and Login
To create an account and sign-in to the Platform, you can register using e.g. your Google, Github, LinkedIn account (see under “Authentication Providers” for more information on the data processed). You may also be offered the option to sign up with your email address, in which case, after registering, you will receive an email to confirm your registration (“double opt-in”).
As part of using our registration and login functions, as well as your user account, we collect and store the IP address and the timestamp of each user action. This data is stored based on our legitimate interests, as well as the interests of our users, to protect against misuse and unauthorized use. In general, this data is not shared with third parties unless necessary for the enforcement of our claims or if required by law. We process the following data in connection with registration, login, and your user account:
- inventory data (e.g. name, address)
- contact data (e.g. email address, telephone number if applicable)
- content data (e.g. entries in the online form)
- device data (device name, country code if applicable, language, name of operating system and version)
- connection data (IP address, mail provider)
- date and time of registration and confirmation
Processing during registration is carried out on the basis of our legitimate interests for the performance and/or initiation of a user contract, for the provision of Services, for the administration and/or answering of enquiries, and as a security measure (legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR: contract performance and pre-contractual enquiries; Art. 6 para. 1 sentence 1 lit. f GDPR: legitimate interests).
4. User Questionnaires
We may process your data when you provide such information in our questionnaires, such as introductory questionnaires for new users of the free beta version. Answering these questions is a requirement to access the free beta version. This data may include user information (e.g. industry or field of work), usage goals, experience levels, and other data that you as a user provide to us.
We rely on Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests) to process the information, as we have a legitimate interest in ensuring that users are suitable for the beta testing, improving our product based on user feedback, and adjusting the user interface (UI) to better suit different types of users.
5. Use of our Platform
Our Service is designed to process user-provided input, which may include code, videos, images, information, data, text, software, music, sound, other audio, photographs, graphics, messages, and various other materials and formats (collectively referred to as "Input"). Based on this Input, the Service generates and delivers audio output ("Output"). Together, the Input and Output are collectively referred to as "Content."
If you use our Service to generate Content, we process the data contained and associated with such Content. Content may constitute or contain personal data, such as your voice or image.
The data processing outlined above is necessary for the provision of our Platform and is based on contract fulfilment: The data processing is required to provide the Platform and enable its functionalities (Art. 6 para. 1 sentence 1 lit. b GDPR).
6. Development and Improvement of our Services
We may use certain Content to provide, develop and improve our Services, including to train and enhance the AI Models that power them. Specifically, we may collect and analyse user Input or Output, such as how audio events are aligned with images in terms of timing and content. This information enables us to enhance functionalities like developing AI Models that more accurately synchronize audio and video tracks or identify optimal audio placements in videos. Any use of Content for training is solely aimed at developing and improving service functionalities, such as audio generation, alignment and synchronization.
We rely on legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) as the legal basis for processing data when it is necessary to provide and improve our Services, including AI-based functionalities. Our legitimate interest lies in enhancing the quality of our Platform and ensuring the effectiveness, accuracy, performance, and functionality of our AI Models. You can opt out of this data processing at any time by contacting us (see under your “Right to Object” below).
You have the option to subscribe to our newsletter, through which we keep you informed about us and our offers. To subscribe, you need to provide your email address. Upon registration, your email address will be transmitted to us (or our email provider) and stored. You will then receive an email to confirm your subscription (“double opt-in”).
Our newsletter is sent based on your prior explicit consent, in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact options provided in this privacy policy or via a link included in the newsletter. After unsubscribing, we will delete your email address from our recipient list, unless you have explicitly consented to further use of your data under Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data for other purposes, permitted by law, and outlined in this privacy policy.
If we receive your email address in connection with the purchase of a product or service and you have not opted out, we reserve the right to send you offers for similar products or services via email, based on Section 7 (3) of the German Act Against Unfair Competition (UWG). This serves to protect our legitimate interest in conducting direct marketing, which takes precedence after balancing interests, according to Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to this use of your email address at any time by sending a message to the contact options listed in this privacy policy or via a link provided in the marketing email (see also below on your right to object), without incurring any costs other than the transmission costs according to the basic tariffs.
8. Job Application
You can apply for open positions by e-mail. In order to process your application, we collect the data you provide (usually: first and last name; e-mail address; telephone number; application documents such as certificates and CV; earliest possible starting date, salary expectations).
We process your data exclusively for the purpose of handling the application process and for the implementation of pre-contractual measures.
The legal basis for the processing of your application documents and data is Art. 6 para. 1 sentence 1 lit. b and Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 Federal Data Protection Act (BDSG).
IV. Use of Third-Party Tools
As part of our business operations and to offer certain services, we work with service providers who act as Processors. This includes functions such as marketing, hosting, platform infrastructure, payment processing, website operations, system monitoring and analytics as well as security and domain management. We are also using third party cloud providers to host our AI Models, training data and for processing user requests. We have entered into Data Processing Agreements (DPAs) with these service providers to ensure compliance with data protection regulations.
Some of these service providers may transfer personal data to third countries outside of the EU/EEA. We take appropriate measures to guarantee an adequate level of protection. These measures may include:
- EU Adequacy Decisions: Recognizing the countries as offering sufficient data protection based on EU Commission decisions, e.g. the EU-US Data Privacy Framework (DPF) regarding transfers to the USA.
- Standard Contractual Clauses (SCCs): Implementing EU-approved contractual safeguards
- Explicit Consent: Where necessary, obtaining your informed consent before the transfer.
Our commitment is to handle your data with care and in compliance with all applicable legal and security standards.
Below we list some of the service providers that we are currently using. However, we may add or change providers over time. If you would like more information about all of the specific recipients of your data, please don't hesitate to contact us via the contact details outlined above in this privacy policy.
1. Stripe (Payment Processing)
We use the payment service provider Stripe to process payments on our Platform. Stripe is offered by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. As part of this process, your payment data (e.g., name, credit card details, billing address, account number, bank code), transaction data (e.g., amount, date, time), and meta/communication data (e.g., IP address) are transmitted to and processed by Stripe.
This data processing is carried out based on Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of a contract and Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in ensuring the secure and efficient processing of payments.
For more information about data processing by Stripe, please refer to Stripe's Privacy Policy.
2. Authentication Providers
To enhance user experience and simplify the login process, we offer the option to authenticate and log in to our Platform using third-party authentication providers. These built-in authentication services include Google, GitHub, and LinkedIn. When you choose to use one of these authentication methods, you are redirected to the respective third-party service, where you can securely log in using your existing credentials for that service. Depending on the authentication provider, the personal data processed may include your name, email address, profile information, and authentication tokens.
The primary purpose of processing your personal data in relation to third-party authentication is to verify your identity and allow you to access your account on our platform, enhance user Experience, to provide a more seamless and efficient login process without the need to remember or create new credentials and to ensure that your access to our platform is secure and protected against unauthorized access.
The authentication and data processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR, as it is required to perform a contract with you, by granting you access to our Platform.
We also have a legitimate interest as per Art. 6 para. 1 sentence 1 lit. f GDPR in ensuring secure and efficient authentication processes, which help us protect the Platform from unauthorized access and improve the overall user experience.
By using third-party authentication, you acknowledge that your personal data will be shared with the respective third-party service for the authentication process. These providers will process your data in accordance with their own privacy policies.
- For Google, please refer to their privacy policy.
- For GitHub, please refer to their privacy policy.
- For LinkedIn, please refer to their privacy policy.
3. PostHog (User Analytics)
We use PostHog provided by PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, USA for user behaviour analytics on our Platform. The personal data processed includes your IP address, usage data, browser information, and session data. The purpose of this processing is to analyse user behaviour and improve the functionality and performance of our Platform. The use of PostHog is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can revoke your consent at any time by clicking on the icon at the bottom of the screen and making the desired settings in the cookie consent banner that opens.
You can review PostHog’s privacy practices in their privacy policy.
We have various presences on social media platforms. We operate these pages with the following providers:
- Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.instagram.com/; Privacy Policy: https://help.instagram.com/519522125107875
- X (formerly Twitter), Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Website: https://x.com/, Privacy Policy: https://x.com/de/privacy
- Discord, Discord Inc., 444 de Haro Street Suite 200, San Francisco, CA 94107, USA, Website: https://discord.com/, Privacy Policy: https://discord.com/privacy
- LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland, Website: https://www.tiktok.com/; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en
We use the technical platforms and services of respective providers to offer our information services. Please note that you use our presence on social media platforms and their features at your own risk. This includes the use of interactive functions (e.g., commenting, rating, sharing).
When you visit our social media pages, the platform providers collect your IP address and other information stored on your device in the form of cookies. This data is used to provide us, as the account operator, with statistical insights into your interactions with our posts. The platforms process the collected data, which may be transferred to countries outside the EU, particularly to the USA.
The providers mentioned above (except TikTok) are certified under the EU-US Data Privacy Framework (DPF) and have committed to adhering to European data protection principles. We have entered into EU Standard Contractual Clauses (SCCs) with TikTok under Art. 46 para. 2 lit. c GDPR to ensure that data transfers comply with EU data protection standards.
We are not aware of how the social media platforms use the data from your visit to our account and interactions with our posts for their own purposes, how long they store this data, or whether they share it with third parties. Data processing may vary depending on whether you are logged in to the social network or visiting as a non-registered and/or non-logged-in user. When you access a post or our account, the IP address assigned to your device is transmitted to the platform provider. If you are logged in, cookies on your device may track your online behaviour. The platforms may use integrated buttons on websites to track your visits and associate them with your profile to deliver targeted content or advertising. To prevent this, you should log out, deactivate the "stay logged in" function, delete cookies on your device, and restart your browser.
As the provider of the information service, we only process the data that you provide to us through interactions on our Service. For example, if you ask us a question that requires an email response, we will store your information according to the general data processing principles outlined in this privacy policy. The legal basis for processing your data on the social media platform is Art. 6 para. 1 sentence 1 lit. f GDPR.
For information requests and exercising Data Subject rights, we recommend addressing these directly with the platform providers, as they have access to user data and can take appropriate actions or provide direct information. If you need further assistance, feel free to contact us.
The social media platform providers detail the information they collect and how it is used in their privacy policies. These policies (see links above) also provide information on contact options and advertising settings.
C. Storage and deletion of data
The data processed by us will be deleted in accordance with the statutory provisions as soon as your consent to data processing is revoked or if the purpose for processing this data no longer applies or the data is no longer required for the purpose. This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the required minimum. In addition, we only store your data if we are authorised or obliged to do so in accordance with the statutory retention periods.
D. Your Rights as a Data Subject
You have the right to
- Access your personal data in accordance with Art. 15 GDPR,
- Rectification of inaccurate personal data in accordance with Art. 16 GDPR,
- Erasure of your personal data in accordance with Art. 17 GDPR,
- Restriction of processing in accordance with Art. 18 GDPR,
- Objection to the processing of your data in accordance with Art. 21 (Right to object, see details below), and
- Data portability in accordance with Art. 20 GDPR.
As outlined in the relevant sections of this privacy policy, you have the right to withdraw your consent to the processing of your personal data at any time. You can exercise this right by using the contact details provided in this privacy policy. Please note that the withdrawal of consent is only effective for future processing. Any processing that occurred before the withdrawal remains unaffected.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR.
E. Right to Object
You have the right to object, at any time and for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on this provision as defined in Art. 4 para. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
The objection can be made via the contact options described in this privacy policy.
F. Data processing when accessing linked content
Our website may contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, and we have no influence on the content of third-party websites. If you are redirected to other sites via links on the website, please inform yourself there about the respective handling of your data.
G. Automated decision making / profiling
No automated decision-making or profiling takes place.
H. Changes to this privacy policy
Due to the further development of our website and our online offer or due to changed legal and official requirements, it may become necessary to amend this privacy policy from time to time.
If you have any questions regarding the processing of your data, you can contact us at any time.
***