Privacy Policy
Last Updated: December 26, 2025
In Plain English
We collect your email and diagnostic responses to send you personalized results and helpful content about founder alignment. We don’t sell your data. You can request deletion anytime. We use Brevo to send emails and Google Workspace to store responses. </div>
1. Who We Are
The Mills Mirror (“we,” “us,” or “our”) provides research-backed diagnostic tools and resources for startup founders. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website at mirror.alterrell.com and our diagnostic tools.
2. Information We Collect
Information You Provide Directly
- Contact Information: Name and email address when you complete diagnostic tools
- Diagnostic Responses: Your answers to questions in our Founder Profile Diagnostic, Co-Founder Diagnostic, Equity Calculator, and Responsibility Mapper
- Communication: Any information you provide when contacting us via email or contact forms
Information We Do NOT Collect
- We do not collect IP addresses
- We do not collect browser or device information
- We do not use tracking cookies or analytics beyond basic website functionality
- We do not collect payment information (handled securely by third-party payment processors)
3. How We Use Your Information
We use the information we collect to:
- Deliver Diagnostic Results: Send you personalized results via email based on your diagnostic responses
- Improve Our Services: Analyze aggregated, anonymized data to improve our diagnostic tools and frameworks
- Send Relevant Content: Share educational content, product updates, and promotional offers about our kits and tools
- Respond to Inquiries: Answer your questions and provide customer support
- Legal Compliance: Comply with applicable laws and regulations
4. How We Store Your Information
Data Storage
- Diagnostic Responses: Stored in Google Workspace (Google Sheets) with enterprise-grade security
- Email Communications: Managed through Brevo (formerly Sendinblue), our email service provider
- Website Data: Hosted on Bluehost with standard security measures
Data Security
We implement reasonable security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
5. Who We Share Your Information With
We do not sell, rent, or trade your personal information. We only share your information with:
Service Providers
- Brevo: Email delivery and marketing automation
- Google Workspace: Data storage and form processing
- Bluehost: Website hosting
- Payment Processors: Secure payment processing for kit purchases (we do not store payment card information)
These service providers are contractually required to protect your data and only use it to provide services to us.
Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.
6. Your Rights and Choices
Email Preferences
- You can unsubscribe from marketing emails at any time using the “unsubscribe” link in any email
- Note: You cannot opt out of transactional emails (like diagnostic results you requested)
Access and Correction
- You can request a copy of the personal information we have about you
- You can request corrections to inaccurate information
Data Deletion
- You can request deletion of your personal information at any time
- We will delete your name and email address within 30 days of your request
- Anonymized diagnostic responses (with no identifying information) may be retained for research purposes
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request details about the personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information (subject to certain exceptions)
- Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
7. Data Retention
We retain your information for different periods depending on the type:
- Active Users: We keep your information as long as you engage with our content (open emails, take diagnostics, etc.)
- Inactive Users: After 2 years of no engagement, we may delete your personally identifiable information (name and email)
- Anonymized Data: Diagnostic responses with all identifying information removed may be kept indefinitely for research purposes
- Deletion Requests: We will honor deletion requests within 30 days
8. Children’s Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
9. International Users
Our services are primarily intended for users in the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located. By using our services, you consent to this transfer.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on this page with a new “Last Updated” date
- Sending an email notification if the changes significantly affect how we use your information
Your continued use of our services after changes indicates your acceptance of the updated policy.
11. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
12. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us via the Contact page.
To Request Data Deletion:
Send an email with the subject line “Data Deletion Request” and include:
- Your full name
- The email address you used for our diagnostics
- Confirmation that you want your data deleted
We will respond within 30 days and delete your personally identifiable information from our active systems.
Summary of Your Rights
| Right | What It Means |
|---|---|
| Access | Request a copy of your data |
| Correction | Fix inaccurate information |
| Deletion | Remove your personal information |
| Unsubscribe | Stop marketing emails |
| Portability | Export your data in a readable format |