Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Privacy Policy of Mirage

Version 1.0 – 10 April 2026

1. Scope of Privacy Policy

1.1 General

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you visit and use http://www.mirageprivacy.com (the "Website").

The Website is operated by Mirage Technologies AG, Gartenstrasse 6, 6300 Zug, Switzerland (the "Company", "we", "our", or "us").

1.2 Data processed by the Protocol

IMPORTANT NOTICE: The Company does not operate the decentralized Mirage protocol (the "Protocol"). The Protocol is a decentralized technical infrastructure. Neither the Company nor any other entity or person controls, operates, or is responsible for the Protocol. Any interaction by the user with the Protocol occurs directly between the user's wallet and the Protocol. The Company is not involved in the transfer of any blockchain related data from the user's wallet to the Protocol. The Website provides an optional interface to the Protocol (the "Interface") that merely proposes transactions that the user then independently broadcasts to the Protocol using his/her own wallet software.

THE COMPANY DOES NOT STORE ANY BLOCKCHAIN OR TRANSACTION RELATED INFORMATION OF ANY USER.

Any data broadcast by the user to the Protocol is processed by the Protocol in accordance with the Protocol's programmatic logic. Please refer to the technical documentation for details on how the Protocol processes data.

1.3 Data processed by the Company

As a privacy-conscious Company, the Company limits the processing of personal data to the maximum extent possible. Nevertheless, certain personal data is processed in relation to the following:

  • Use of the Website: Basic technical data for the access and use of the Website, such as IP addresses or information you provide us through feedback forms or digital communication.
  • Interface: When you connect your wallet and request a transaction through the Interface, the information strictly required to propose a transaction is processed.
  • Waitlist: You may voluntarily sign up for our updates and waitlist ("Waitlist"). When doing so, additional personal data are processed. In this Privacy Policy, we identify such additional personal data processed by using the following 'Waitlist:'.

Unless otherwise defined in this Privacy Policy, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection (FADP) or the EU General Data Protection Regulation (GDPR).

2. Personal data we collect

We may collect or receive personal information for a number of purposes connected with our business operations when you visit the Website, namely:

  • Website:
    • Request or feedback details (e.g., details and content of your inquiries and communications sent via e-mail or feedback forms)
    • Website visitor details (e.g., IP address, logfiles, terminal ID, browser data)
    • Usage and analytics information (e.g., identifiers, numbers of clicks, tracking data)
  • Interface: Wallet address(es), chain/network information (e.g., chain ID), signatures/proof of wallet control (where you sign to confirm a connection), and limited transaction metadata (e.g., transaction hashes) where needed for workflows and status displays.
  • Waitlist: Contact details (e.g., name, address, phone number, email address)

There is no obligation to provide your personal data. However, please note that the Website cannot be provided if you do not provide the required data strictly necessary for performing the contract between you and us, or – where applicable – to receive Waitlist-related communications.

For the avoidance of doubt, we do not store any data that can be linked to your on-chain activities or any transactions information and any information such as IP address or contact details are never linked to you on-chain activity. Please note that especially for alpha or beta versions, but occasionally also for production versions, temporary storage may occur. In such case, the Company will delete such data as soon as possible.

3. How we collect personal data

We collect information about our users when they use our Services, including taking certain actions within it.

Directly
  • When you visit the Website and use the Interface
  • When you correspond with us by electronic means
  • When you browse, complete a form or make an inquiry
Indirectly
  • The Interface consults wallet blacklists when a user connects its wallet to the Protocol through the Website.

4. Legal Basis and purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To perform our contractual obligations or take steps linked to a contract with you. In particular:

  • To provide you with customer support
  • To display the Website
  • To propose a transaction and display information when using the Interface

Consent: We may rely on your freely given consent at the time you provided your personal data. In particular:

  • To analyse, improve, personalise and monitor the usage of our Website and communication
  • To place non-essential cookies and other tools on your browser
  • Waitlist: To provide users with news, newsletters, and general information about our services and the Protocol

Legitimate interests: We rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular:

  • To place essential cookies and other tools on your browser that are technically necessary for our Website
  • To develop new services
  • To maintain and improve our Website, as well as to detect, prevent, and address security threats and abuse

Necessity for compliance with legal obligations: To meet regulatory and public interest obligations. In particular:

  • To notify you about changes to our Website and our Privacy Policy
  • To comply with applicable regulations and legislation
  • For the legal enforcement of claims and rights

5. Data retention

We retain personal data for so long as it is needed for the purposes for which it was collected and in line with legal and regulatory requirements or contractual arrangements. After this period, we delete or fully anonymize your personal data.

We do not store any user blockchain addresses or other data relating to any transaction on the Protocol.

6. Data recipients

We engage third-party companies ("Service Providers") to facilitate the operation of our the Website, assist in analysing the usage of the Website, or perform necessary services, such as payment and the provision of IT services. These third parties have access to your personal data only to the extent necessary to perform these tasks.

Type(s) of Service Providers who might access your personal data:

  • Professional advisers that we use, such as accountants and lawyers
  • Third parties that are engaged in the course of your matter, such as counsels, compliance screening providers, KYC/AML service providers, and postal or courier providers
  • Third parties who provide IT and software services, such as Supabase and Discord for Waitlist purposes.
  • Third parties who help us with client insights and marketing, such as Google Tag Manager; Google Analytics, and Microsoft Clarity.
We do not share any user address or transaction data relating to your use of the Interface or the Protocol.

7. Data transfers

We and/or our Service Providers may transfer your personal data to and process it in the following countries:

  • EU and EEA
  • USA
  • UK

We may use Service Providers partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e., countries whose level of data protection does not correspond to that of the EU or Switzerland.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include:

  • The transfer to countries that have been deemed to provide an adequate level of protection according to the Federal Council, as well as to countries where there is an adequacy decisions by the European Commission in place
  • Applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) can gain access to the transferred data and that the enforceability of your data subject's rights cannot be guaranteed.

8. Data disclosure

We may disclose your personal data in the good faith belief that such action is necessary:

  • To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency)
  • To protect the security of our Services and defend our rights or property
  • To prevent or investigate possible wrongdoing in connection with us

9. Data security

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the service providers that we engage are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to safeguard your system.

10. Your rights

You have the below data protection rights. To exercise these rights, you may contact the above address or send an e-mail to: whisper@mirageprivacy.com. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
  • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time with effect for the future. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented to unless there is another legal basis for processing. To stop receiving emails from us, please click on the 'unsubscribe' link in the email you received or contact us at whisper@mirageprivacy.com.
  • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
  • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
  • Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, if this is data which you have provided to us and if we are processing it on the legal basis of your consent or to perform our contractual obligations.
  • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.
  • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html). In the EU and EEA, you can exercise this right, for example, before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. You can find a list of the relevant authorities here: https://edpb.europa.eu/about-edpb/board/members_en.

11. Links to Third-Party Apps, Websites, and services

Our Website may contain links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third party's website or app. We have no control over the content, privacy policies, or practices of any third-party websites or services.

In particular, the Website interacts with external blockchain networks, wallet providers, and infrastructure components that operate independently from us. These services process data under their own privacy policies and technical rules. We do not control these third-party systems. Wallet providers, RPC operators, blockchain networks, validators, node operators, and related infrastructure participants may independently process technical and blockchain transaction data. We are generally not responsible for these processing activities. You should review the respective privacy notices and documentation of these services where applicable.

For more details on the technical functionality of the protocol, please see our documentation on https://docs.mirageprivacy.com/understanding-mirage/introduction/.

12. Cookies

Our Website uses cookies and similar technologies (collectively "Tools") provided either by us or by third parties. A cookie is a small text file that is stored on your device by the browser. Comparable technologies are web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or only stored with your prior consent. If you refuse cookies or similar technologies, you may not be able to use all of our Services without problems.

In the following, the Tools we use are listed by category, whereby we inform you in particular about the providers of the Tools, the storage period, and their purpose. If personal data is transferred to third countries, we refer you to section 6 of our Privacy Policy, also with regard to the risks this may entail.

We use Tools that are necessary for the operation of the website on the basis of our legitimate interest in enabling you to use our Services more conveniently and individually and to make use of it as time-saving as possible. In certain cases, these Tools may also be necessary for the performance of a contract or to carry out pre-contractual measures. In these cases, access to and storage of information in the terminal device is absolutely necessary and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states.

We use all other Tools, especially those for marketing purposes, on the basis of your consent. In these cases, access to and storage of information in the end device is subject to consent and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states. If you have given your consent to use certain Tools, we will (also) transfer the data processed when using the Tools to third countries on the basis of this consent.

You can withdraw your consent for certain Tools directly with the provider or by adjusting your browser settings. Where the Website provides a cookie banner or preference settings, you can also use those settings.

12.1 Essential tools

None.

12.2 Non-essential tools

12.2.1 Google Analytics 4

Our website uses the web analytics service Google Analytics 4, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Analytics 4"). If you have not consented to the use of the analytics tools, your data will not be collected as part of Google Analytics 4.

Google Analytics 4 uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. This is used to analyse your usage behaviour and to improve our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transferred to a Google server in the USA. We will process the information obtained in order to evaluate your use of the website and to compile reports on website activities.

The data collected as part of the usage analysis of Google Analytics 4 is enriched with data from the Google Search Console and linked to data from Google Ads, in particular to measure the success of our advertising campaigns (so-called conversions).

The following data may be processed by Google Analytics 4: IP address; user ID and device ID; referrer URL (previously visited page); pages viewed (date, time, URL, title, length of stay); downloaded files; clicked links to other websites; achievement of certain goals (conversions); technical information (operating system; browser type, version and language; device type, brand, model and resolution); approximate location (country, region and city, if applicable, based on anonymised IP address).

Tools used:

  • _ga (1 year 5 days): Distinguishes unique users by assigning a randomly generated client ID.
  • _ga_L6Y08V6LCS (1 year 5 days): Persists session state for the GA4 property

To know more about Google's cookie usage, consult its privacy policy here.

12.2.2 Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Tag Manager"). Google Tag Manager is used by us to manage the tools and external services that we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website in order to control, for example, which page or service elements and tools are activated and loaded in which order. In some cases, the data is processed on a Google server in the USA.

No regular first-party Google Tag Manager cookies were observed for ordinary visitors. The following tools may be used for authorized Tag Manager Preview & Debug sessions:

  • gtm_auth (session): Authenticates the Preview & Debug session for authorized Tag Manager users.
  • gtm_debug (session): Enables debug view for authorized Tag Manager users.
  • gtm_preview (session): Identifies the Tag Manager container version being previewed.

To know more about Google's cookie usage, consult it's privacy policy here.

12.2.3 Microsoft Clarity

Our website uses Microsoft Clarity, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. It is a user behaviour analytics tool that helps us understand how users are interacting with our website through session replays and heatmaps. Depending on configuration and consent state, it may set tracking and advertising cookies on visitors to our website.

Tools that may be set if Clarity tracking is enabled:

  • _clck (1 year): Persists the Clarity user ID and preferences so returning visits on the same site are attributed to the same user.
  • _clsk (1 day): Connects multiple page views by a user into a single Clarity session recording.

To know more about Microsoft's cookie usage, consult it's privacy policy here.

13. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact us

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at: Mirage Technologies AG, Gartenstrasse 6, 6300 Zug, Switzerland, whisper@mirageprivacy.com.

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to whisper@mirageprivacy.com.