Miwa.lol Privacy Policy
We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our services at https://miwa.lol.
Effective Date: June 4, 2026
This Privacy Policy outlines the collection, use, and protection of personal information collected when you use the services provided by Miwa.lol ("we," "our," or "us") through our platform at https://miwa.lol. By using our services, you agree to the practices described in this policy.
We collect the following types of personal data:
When you create an account on our platform, we collect your email address, username, and password (stored in hashed form). This information is used to provide you with access to your account and our services.
If you choose to sign in or connect third-party accounts - such as Discord, Google, or Apple - we receive a unique identifier from that provider to link it to your account. If you register a passkey (WebAuthn), we store the associated credential data needed to authenticate you. We do not receive or store your passwords for third-party accounts.
We collect the content you create or upload to our platform, such as profile information, links, cards, assets uploaded (for example avatars, backgrounds, and audio), and other content created on the platform.
To operate and secure the Service, we collect technical information including your IP address, browser and device information (such as the user agent), and approximate location and ISP information derived from your IP address. IP addresses are stored in hashed and/or encrypted form. We may also generate a device fingerprint to help prevent fraud and abuse.
We collect limited, privacy-friendly usage data such as profile page views, link clicks, likes, referrers, device type, and country. This helps us understand how the Service is used and improve it. See the Analytics section for more details.
When you make a purchase, payment is handled by our third-party payment processors (see Service Providers). We do not store your full card details or cryptocurrency wallet information. We retain limited records related to your purchases, such as transaction and subscription status, to provide the Service and comply with legal obligations.
You can enhance your profile with cards and widgets that connect to third-party services - such as Discord, Spotify, Steam, GitHub, and others. When you choose to add such an integration, we and your visitors may retrieve information from that service (for example, your username, status, or activity) to display it on your profile. These integrations are optional, are enabled only at your request, and are subject to the respective third party's terms and privacy practices.
We only send you transactional emails that are necessary to operate the Service, such as email verification, password reset, login notifications, and purchase receipts. We do not send marketing or promotional emails without your consent.
If you are located in the European Economic Area (EEA), we process your personal data based on one of the following legal grounds:
We process data necessary to provide you with the services you requested, such as account creation and access.
We may process your data based on your consent, for example, when you explicitly agree to our terms.
We process data based on legitimate interests, such as maintaining platform security, fraud prevention, and service improvements.
We process your data when required to comply with legal obligations.
We use essential cookies to operate the website, including a cookie that stores your session information when you log in and a cookie that remembers your language preference. The session cookie is deleted when you log out or when your session expires. We do not use cookies for tracking or advertising purposes.
We use a self-hosted version of Plausible Analytics (Community Edition) to gather privacy-friendly usage statistics. This setup does not use cookies, does not collect personally identifiable information, and does not transfer data to third parties. All data remains on our infrastructure, fully under our control, and compliant with the General Data Protection Regulation (GDPR).
We do not share your personal data with 3rd-parties except in the following circumstances:
We use the following trusted third-party service providers to operate and improve our services. These providers may process personal data strictly on our behalf and in accordance with this Privacy Policy and applicable laws:
- Cloudflare (USA) - CDN, DNS, WAF, DDoS protection, email obfuscation. View privacy policy
- Plausible Analytics (Self-hosted, EU) - Privacy-first analytics. See the Analytics section for more details. View privacy policy
- Stripe (USA/EU) - Payment processor. View privacy policy If you're located in Europe, your payment information is processed by Stripe Payments Europe, Ltd. However, for the rest of the world, your payment information is processed by Stripe Payments, Inc.
- Coinbase Commerce (USA) - Cryptocurrency payment processor for purchases paid with crypto. View privacy policy
- Sentry (USA) - Application error monitoring. View privacy policy
- Cloudflare R2 (USA, Western North America region) - Object storage for user-generated content such as avatars, backgrounds, audios, custom badges, and others. View privacy policy
- AWS SES (USA, us-east-1 region) - Email sending service for transactional emails such as email verification, password reset, and login notifications. View privacy policy
All providers are bound by data processing agreements (DPAs) and comply with data protection regulations, including the GDPR where applicable.
We may disclose your information if required by law or to protect our rights or the safety of others.
Miwa.lol is a platform for building public profile pages. Information you add to your profile - such as your username, display name, description, links, cards, badges, and uploaded media - is publicly visible to anyone who views your profile and may be indexed by search engines. Please do not include any information on your public profile that you do not wish to be public.
Some of our service providers are located outside the European Economic Area, including in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to ensure your data receives an adequate level of protection.
You have several rights concerning your personal data, including:
You can request access to the data we hold about you.
You may update or correct your personal information.
You have the right to request that we delete your account and data, subject to certain legal obligations.
You may object to or request that we restrict certain processing of your personal data.
Where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.
If you are located in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority.
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Where we use automated measures for security and fraud prevention, these do not replace human judgment in decisions that materially affect you.
Miwa.lol is not intended for children under the age of 13, and we do not knowingly collect personal data from them. If you are under the age of majority in your country, you may only use Miwa.lol with the consent and supervision of a parent or legal guardian. If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete it.
We take data security seriously and use industry-standard measures to protect your information. This includes encryption, secure servers, and access controls. However, while we strive to protect your data, no system is completely immune to security risks. We recommend that you also take precautions, such as using strong passwords and enabling two-factor authentication where possible.
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When your data is no longer needed, we will securely delete or anonymize it.
Our website may include links to external websites or services. Please note that we are not responsible for how these third parties handle your data. We encourage you to review their privacy policies before sharing any personal information with them.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and the effective date will be revised accordingly. Continued use of our services after changes are made constitutes acceptance of the updated policy.
If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us at [email protected].