MiraScore Privacy Policy

Last updated: 2026-05-22

1. Who we are

MiraScore is a multi-tenant SaaS platform providing management software to CrossFit boxes and other gyms across Latin America. This policy describes how we collect, use, and protect personal data processed through our web platform and mobile applications (iOS and Android).

2. Roles: controller vs processor

When a gym uses MiraScore to manage its members, that gym is the data controller for its members' personal data under Colombia's Law 1581/2012 and Decree 1377/2013 (Habeas Data) and equivalent regional laws. MiraScore acts as the data processor operating the infrastructure. For matters about your data as a gym member, contact the gym first. For matters about the platform itself, contact us at hola@mirascore.com.

3. Data we collect

Account: full name, email address, phone or WhatsApp number, optional profile picture, language preference. Membership: the gym you belong to, your role (member, coach, admin), assigned plans, booking history, attendance, 1RM lifts, waiver signatures. Usage: technical information such as device type, OS, and IP address in short-lived security logs. We do not collect precise location or biometric data.

4. Purpose of processing

To operate the app (authentication, bookings, dashboards), facilitate communication between the gym and its members (transactional emails and push notifications), generate internal billing for the gym, comply with legal and accounting obligations, and improve the security and quality of the service.

5. Third-party processors

To operate the platform we use sub-processors in the US and EU, all bound by contractual confidentiality obligations: Supabase Inc. (database, authentication, file storage in us-east-1), Vercel Inc. (hosting and CDN), Resend (transactional email), OneSignal Inc. (push notification delivery for iOS and Android; their SDK routes delivery through Apple Push Notification service and Firebase Cloud Messaging), Wompi S.A.S. (payment processing when your gym accepts online payments), Apple Inc. and Google LLC (app distribution through their stores, plus Apple Wallet and Google Wallet when you add your membership card to the system wallet). We do not sell or rent your data.

6. International transfers

Your data may be stored and processed in data centers outside your country of residence, primarily in the United States. Such transfers occur under standard contractual clauses and other recognized legal mechanisms. By using the app you consent to these transfers as necessary to deliver the service.

7. Push notifications

If you grant push notification permission, your device receives a unique token that we associate with your account through OneSignal Inc. (our notification delivery provider) to send class reminders, cancellation notices, waitlist promotions, plan renewal reminders, and gym communications. OneSignal receives your device identifier, your internal user identifier, and notification interaction events (open, dismiss) for the sole purpose of operating the service. You can disable notifications at any time from your operating system settings or your profile inside the app — once disabled, OneSignal can no longer send you messages.

8. Security

Data is stored in encrypted databases at rest and transmitted over TLS. Passwords are stored only as hashes (bcrypt). MiraScore staff access to infrastructure is limited to necessary technical operations and logged. We maintain regular backups.

9. Your rights

You have the right to access, update, rectify, delete, and port your personal data, as well as revoke processing authorization. To exercise these rights, contact the gym you belong to first. If the request concerns platform operation or you don't receive a response, email hola@mirascore.com and we will respond within 10 business days.

10. Account deletion

You can request deletion of your account and personal data by emailing hola@mirascore.com from your registered address. We process requests within 30 days, retaining only data that law requires us to keep (gym accounting records, for example) for the minimum period required.

11. Children

MiraScore is not directed at children under 13 and we do not knowingly collect data from children. If a gym enrolls a minor, the parent or legal guardian is responsible for that account. If we discover children's data collected without parental authorization, we will delete it.

12. Retention

Data is retained while your account is active. After deletion, identifiable data is erased or anonymized within 30 days, except data required to be retained for legal accounting or tax obligations, kept for the minimum period required by law.

13. Cookies and local storage

We use cookies and local storage only to keep your session signed in and save preferences (language, theme). We do not use advertising tracking cookies or share data with ad networks.

14. Changes to this policy

This policy may be updated. The current version is always available at https://mirascore.com/privacy. When changes are material we will notify you by email or in-app before they take effect.

15. Contact

For any question about this policy or about personal data processing by the platform, email hola@mirascore.com.