MiroShark
Legal

Privacy Policy

This policy explains what MiroShark collects, why, who we share it with, and the choices you have. Last updated July 10, 2026.

Who we are

MiroShark is a product of Aeon Inc(“MiroShark”, “we”, “us”), a company incorporated in the British Virgin Islands. We are the data controller for the personal data described here. Questions or requests: aaron@aeon.fun.

Information we collect

We collect only what we need to run MiroShark:

  • Account & identity. When you sign in through our auth provider (Privy) we receive your email address, the identifier from your chosen login (Google or X), a display identity, and your wallet address.
  • Payment records. When you pay for a run we store the amount, the network, the transaction hash, and your wallet address. Blockchain transactions are inherently public and permanent.
  • Usage & device data. Through PostHog and Umami we collect events (sign-in, buy, swap, top-up, simulation runs), pages viewed, referrer, and technical data such as browser type and IP-derived signals.
  • Approximate location. Our CDN provides a country code derived from your IP address, used only to default the on-ramp currency.
  • Simulation inputs. The scenarios, prompts, and any content you submit for a run are processed by our model providers to generate the simulation.
  • Cookies & local storage. We and our providers use cookies and local storage for authentication, sessions, security, and analytics.

How we use your data

  • Provide, run, and secure the MiroShark service, including authentication and running your simulations.
  • Process payments and maintain a record of your paid runs.
  • Understand usage and improve the product through analytics.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our terms.

How we share your data & sub-processors

We do not sell your personal data. We share it with the service providers below, strictly to operate MiroShark, and where required by law. On-chain activity is shared with the public blockchain by design.

  • Privy Authentication & embedded wallet (email, Google/X sign-in, wallet)
  • PostHog Product analytics & event tracking (US region)
  • Umami Cookieless website analytics
  • Neon Database hosting (accounts & payment records)
  • Vercel Hosting, CDN, and edge geolocation
  • WalletConnect Wallet connection sessions
  • Cloudflare Bot protection (Turnstile)
  • 0x Token-swap routing for the Buy widget
  • Stripe, Coinbase, MoonPay Fiat on-ramps (buying crypto with a card or account)
  • OpenRouter LLM inference that powers your simulations
  • Base (public blockchain) Payment settlement - permanent & public

On-ramp providers (Stripe, Coinbase, MoonPay) collect any payment and identity information you give them directly, under their own privacy policies.

International data transfers

We and our providers process data in the United States and other countries, which may have different data-protection laws than yours. Where required, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses.

Data retention

We keep account and payment records for as long as your account is active and for up to 24 months afterward, then delete or anonymize them, unless a longer period is required by law. Analytics data is retained on a rolling basis by our providers. On-chain transaction records are permanent and public and cannot be deleted.

Your rights

Depending on where you live, you may have some or all of these rights. To exercise them, email aaron@aeon.fun.

EU / UK (GDPR)

Access, rectification, erasure, restriction, data portability, objection, and the right to withdraw consent at any time. You may also lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

The right to know, delete, and correct your personal information, and to opt out of “sale” or “sharing.” We do not sell your personal information or share it for cross-context behavioral advertising. We will not discriminate against you for exercising these rights.

Security

We use technical and organizational measures to protect your data, including scoped database roles, transport encryption, and bot protection. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

Children

MiroShark is not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a minor has provided us data, contact us and we will delete it.

Third-party links

Our site links to third-party services (e.g. GitHub, X, Bankr, and the providers above). Their privacy practices are governed by their own policies, not this one.

Changes to this policy

We may update this policy from time to time. When we do, we’ll revise the “last updated” date above, and for material changes we’ll provide a more prominent notice.

Governing law

This policy is governed by the laws of the British Virgin Islands, including the BVI Data Protection Act, 2021, without prejudice to any mandatory data- protection rights you have under the laws of your own country.