Last updated: March 23, 2026Miris, Inc., a Delaware corporation ("Miris," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website miris.com (the "Website").
Welcome to Miris’s Privacy Policy. Miris, Inc. (“Miris,” “we,” or “us”) is committed to protecting the privacy of individuals whose personal data we process. This Privacy Policy describes how we collect, use, and share personal information when we provide our B2B 3D spatial streaming services (the “Services”), as well as individuals’ rights regarding their personal data. This Policy applies to personal data processed by Miris through Customer use of our Services, through our websites (like miris.com), and in the course of our sales, marketing, and business operations.
Scope and Roles: Miris primarily provides services to business customers (our “Customers”) who, in turn, use Miris to deliver content to their end users. In this context, Miris acts as a data processor (or “service provider” under certain laws like the CCPA) on behalf of our Customers for much of the personal data processed through our Services. For example, if an end user in the EU interacts with a Miris-powered 3D stream on a Customer’s website, the Customer is the data controller determining the purposes of processing that end user’s personal data, and Miris processes it only as instructed to provide the service. However, Miris may also collect and use some data for our own purposes, such as account data for our Customers, or telemetry to improve our platform – in those cases, Miris operates as a data controller for that personal data. This Policy will clarify when Miris is acting as a controller versus a processor. If you are an end user of one of our Customers, please also refer to the privacy notice of the website or application you are using, as that will explain how the Customer (your provider) shares data with service providers like Miris.
Contact Us: If you have any questions about this Privacy Policy or Miris’s data practices, please contact us at privacy@miris.com or via mail at: Miris, Inc., Attn: Data Protection Officer.
We may collect various categories of personal data in the course of operating our business and providing our Services:
2.1 Customer Account Data: When a business or organization registers for a Miris account or engages with our sales team, we collect information about the Customer and its users. This may include the name, business email, phone number, job title, and company name of Customer contacts or administrators, as well as billing information (payment card details, billing address, etc.). We also collect any communications we receive from Customers, such as support requests or feedback. This information is used to manage the account, provide support, and communicate with Customers.
2.2 End User Usage Data (Service Data): When End Users interact with 3D content delivered via Miris (for example, a user viewing a Customer’s 3D model on a website or in an application using our SDK), Miris collects certain data about that interaction. This typically includes:
Device and Technical Information: IP address, device type, operating system, browser type, and other device identifiers.
Usage and Telemetry: Information on how the user’s device interacts with the 3D content, such as timing of asset requests, bandwidth used, error logs, and telemetry data from the Miris SDK (e.g. performance metrics, frames rendered, etc.).
Geolocation Data: An approximate location of the user derived from the IP address (to route the user to the nearest server, for example), at city or region level.
Cookies or Similar Technologies: We may use cookies or SDK tokens to uniquely identify a user session. These are generally technical and not meant to personally identify a user by name, but they could be considered personal data (e.g. if they can be linked to an individual’s profile by the Customer).
Importantly, Miris does not deliberately collect a lot of traditional personal information (like names, emails, etc.) about End Users through the Services, unless such data is included by the Customer in the content or metadata. Our Service is focused on content streaming and performance data (we do not monitor or profile End Users’ behaviors beyond what is necessary to deliver and improve the streaming experience). We also do not have the ability to directly identify individuals from the technical Signals we collect (e.g., an IP address alone is not used to identify a named individual). However, since IP addresses and device IDs can be considered personal data under laws like GDPR, we treat them accordingly.
2.3 Uploaded Content: Customers may upload 3D assets or related data to our platform for processing. These assets could potentially include personal data (for example, a Customer might upload a 3D scan of a real environment that incidentally captured a person’s likeness). It is the Customer’s responsibility to ensure they have rights to any personal data contained in content they upload. Miris processes such content on behalf of the Customer and does not use it for any purpose except as instructed (see Section 4 on Use of Data). Any personal data within Customer Content is typically incidental and not needed by Miris. We strongly encourage Customers to avoid uploading personal data as part of their 3D assets unless necessary. If a Customer’s uploaded content contains personal data, it will typically be subject to our Data Processing Addendum and Miris will handle it as a data processor.
2.4 Website Visitors and Marketing Leads: If you visit our corporate website (e.g., to read about Miris’s services) or interact with Miris’s marketing communications, we may collect data via forms or cookies. For instance, if you download a whitepaper or sign up for a webinar, we might collect your name, contact information, and any other information you choose to provide. We may also use third-party analytics cookies on our site that collect information about your device and browsing actions. You have choices to control cookies via our cookie banner. Website usage data is used for analytics and improving our site, as well as for marketing our services to potential customers.
2.5 Job Applicants: If you apply for a job at Miris, we will collect personal data such as your contact info, resume/CV details, employment history, etc. Our use of applicant data is outside the scope of this customer-focused Privacy Policy; please refer to our careers privacy notice for information on that processing.
Miris uses personal data for the following purposes, depending on the context in which it was collected:
3.1 Providing the Services (Service Delivery): We process End User usage data, device information, and Customer Content to deliver and optimize our streaming service. This includes routing content, adapting streams to network conditions, performing asynchronous processing of assets (e.g., converting file formats), and ensuring content reaches the intended End Users efficiently. We also use telemetry data for monitoring performance and ensuring the reliability and security of the Service (e.g., detecting outages or attack traffic). In doing so, Miris acts as a data processor following our Customer’s instructions (the instruction being to provide the streaming service). For EU personal data, the legal basis for this processing is typically necessity for the performance of the contract with our Customer (GDPR Art. 6(1)(b)), or Miris’s legitimate interest in providing services to our Customer (when Miris is considered a sub-processor).
3.2 Service Improvement and Development: We process Signals and telemetry to improve our Services. This involves analyzing aggregated, de-identified usage patterns and telemetry to identify bottlenecks and improve streaming performance. Miris does not use identifiable Customer Content (such as 3D assets) for improvement processing except where Customer has opted in as described in the Terms of Service. When doing so, if the data includes personal data (like IP addresses or other usage data), Miris might be considered a data controller for that specific improvement-related processing. Our legal basis in the EU for such improvement processing is our legitimate interest (Art. 6(1)(f) GDPR) in refining and developing a better service, balanced against individuals’ privacy rights. We implement measures to minimize privacy impact, such as using aggregated or anonymized data wherever possible. Customers may have the ability to opt out of certain data use for improvements (see Section 5.4 of the Terms of Service and your account settings). If a Customer opts out, we will make reasonable efforts to exclude their data from such use.
3.3 Customer Support and Communications: We use Customer Account Data (and potentially End User data, if provided by Customer in a support ticket) to provide support and respond to inquiries. For example, if a Customer opens a support case about an End User not being able to load content, we might request that user’s IP or request logs to troubleshoot. We also send administrative emails to Customers, such as notices of new features, security or privacy updates, and information about service status. These are considered part of our service communications, not marketing.
3.4 Marketing and Sales: For individuals who are prospective customers or who have signed up for marketing materials, we use their contact information to send promotional communications about Miris products, events, or resources. Recipients can opt-out of marketing emails at any time by clicking the unsubscribe link in the message or contacting us. We may also use website analytics to understand the effectiveness of our marketing and to improve our website’s user experience.
3.5 Compliance and Protection: We may process any of the above categories of personal data as necessary to comply with our legal obligations (e.g., accounting records, export control checks) or to protect our legal rights and interests. This includes using data to prevent fraud, abuse, or security incidents. For instance, we might use IP address data to block malicious actors from attacking our network, or log data to investigate a breach attempt. We also might disclose data when required by law or lawful requests (see Section 6 on data sharing).
We will not use personal data for purposes that are incompatible with those described above without updating this Privacy Policy or, if required by law, obtaining consent.
For individuals in the European Economic Area (EEA), United Kingdom, or other regions with similar laws, Miris relies on the following legal bases for processing personal data:
Contract (Art. 6(1)(b) GDPR): We process personal data as necessary to perform our contract with Customers – for example, handling data to deliver the Services that the Customer has subscribed to.
Legitimate Interests (Art. 6(1)(f) GDPR): We process personal data for our legitimate interests in improving our Services, securing our platform, marketing to potential business customers, and running our business (balanced against individuals’ rights). We have a legitimate interest in using Customer Account Data to maintain relationships and in using aggregated End User telemetry to enhance service performance. We ensure that our legitimate interests do not unduly override privacy rights by providing opt-outs and using data minimization and pseudonymization where possible.
Consent (Art. 6(1)(a) GDPR): In limited cases, we may rely on consent. For example, where we place non-essential cookies on our website, we seek consent via the cookie banner. Also, if a Customer configures the Service in a way that collects certain End User data, the Customer may need to obtain End User consent – in those cases, Miris relies on the Customer to have procured consent for us to process that data as a processor. If we ever were to process any sensitive personal data, we would obtain explicit consent or rely on another permitted basis.
Legal Obligation (Art. 6(1)(c) GDPR): When processing is necessary for us to comply with a law, such as retaining transactional data for tax or fulfilling data disclosure obligations upon valid government requests.
Miris does not typically process special categories of personal data (sensitive data) through the Services. We do not perform any automated decision-making that produces legal or similarly significant effects on individuals.
Miris’s Services for Customers do not directly use cookies in End User browsers, except potentially a minimal session identifier or caching token for technical purposes (which would be considered strictly necessary for the service). Our corporate website uses cookies and similar tracking technologies (like Google Analytics) to collect website visitor information. Where required by law, we present a cookie consent banner and honor user choices for non-essential cookies. Users can control cookies through their browser settings as well.
We only share personal data with third parties in the following circumstances:
6.1 Sub-processors (Service Providers): Miris uses a number of third-party service providers (sub-processors) to support our operations. These include cloud hosting providers (for data storage and processing), content delivery networks, customer support software, email service providers, and analytics tools. We share personal data with these providers only to the extent necessary for them to perform services on our behalf (for example, we share End User IP addresses with our cloud hosting/CDN providers so they can route traffic). Our DPA maintains that any sub-processor must provide at least the same level of data protection as Miris. We maintain a list of sub-processors (like AWS, CoreWeave, etc.) which we can provide to Customers or publish on our website. If we add a new sub-processor handling EU personal data, we will notify Customers and provide an opportunity for objections consistent with GDPR requirements.
6.2 Within Miris Corporate Group: If Miris has affiliates or subsidiaries (for example, an EU-based subsidiary for support), we may share data within our corporate group as needed to provide the Services and for internal administration. All entities are bound by similar privacy and security obligations.
6.3 Business Transfers: If Miris is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be disclosed to our advisors and any prospective or actual acquiring entity, and among transferred assets. We will ensure any successor handles personal data in line with this Policy or provides notice and obtains consent if required by law for any material changes.
6.4 Legal Obligations and Safety: We may disclose personal data to courts, law enforcement, governmental authorities, or authorized third parties if required by law or subpoena or if we reasonably believe such action is necessary to (a) comply with the law and lawful requests (such as in response to a court order or regulatory demand), (b) enforce our agreements or policies, (c) detect or prevent fraud, security, or technical issues, (d) protect the rights, property, or safety of Miris, our Customers, End Users, or the public. We may attempt to redirect the requesting party to seek the data directly from the Customer when feasible (since in many cases we act as a processor). If compelled to disclose personal data, we will strive to use reasonable efforts to notify the affected Customer before disclosure (unless legally prohibited).
6.5 Aggregated or De-identified Data: We may share aggregated, anonymized data or insights (that do not identify any individual or Customer) publicly or with partners. For instance, we might publish trends about 3D content usage across industries, or average bandwidth consumption, provided such information contains no personal data.
We do not sell personal data to third parties. We do not share End User personal data with advertisers or unrelated third parties for their own marketing purposes.
Miris is a U.S.-based company. Personal data that we collect may be transferred to or accessed from the United States or other countries outside of your home jurisdiction. When we transfer personal data out of the European Union/EEA, UK, or Switzerland, we ensure appropriate safeguards are in place to protect it in accordance with GDPR Chapter V.
7.1 Standard Contractual Clauses: For transfers from the EEA, UK, or Switzerland to the U.S. (or other non-adequate countries), we rely on the European Commission’s Standard Contractual Clauses (SCCs) as our transfer mechanism. Our Data Processing Addendum includes the SCCs (Module 2 for controller-to-processor and Module 3 for processor-to-processor transfers, as applicable) which are deemed entered into between our Customers (as data exporters) and Miris (as data importer). The SCCs contractually require that the personal data transferred receives an equivalent level of protection as in Europe. We also commit to the UK International Data Transfer Addendum for UK data and adapt transfers for Swiss personal data in line with Swiss law (e.g. designating Switzerland’s FDPIC as the supervisory authority).
7.2 Data Privacy Framework: Miris may seek certification under the EU-U.S. Data Privacy Framework in the future. This Policy will be updated if and when certification is obtained.
7.3 Additional Safeguards: In addition to contractual measures, Miris implements technical and organizational measures (encryption in transit and at rest, strict access controls, etc.) to ensure transferred data remains protected. We have assessed that the nature of data we process (mostly technical data) and these safeguards mitigate the risks identified in the Schrems II decision. We also commit not to disclose EU personal data to government authorities in a way that violates the SCCs without using legally available measures to challenge it, as outlined in our DPA and SCC commitments.
Customers can request a copy of our SCCs by contacting us. If there is any conflict between this Privacy Policy and the SCCs with respect to EU personal data, the SCCs will prevail.
Individuals whose personal data we handle may have certain rights under privacy laws, particularly individuals in the EEA, UK, Switzerland (under GDPR), and California residents (under CCPA):
Your rights under GDPR (for EEA/UK/Swiss individuals) may include:
Right of Access: You can ask if we are processing your personal data and request a copy of the data.
Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure: You have the right to ask us to delete your personal data, subject to certain exceptions (for example, we might need to retain some data for legal compliance or internal business purposes).
Right to Restrict Processing: You can ask us to restrict processing of your data in certain circumstances (like while a complaint about accuracy is being resolved).
Right to Data Portability: For data you provided to us and that we process by automated means, you can request a copy in a structured, commonly used, machine-readable format, and you have the right to transmit that to another controller where feasible.
Right to Object: You can object to processing based on our legitimate interests, and we will cease processing unless we have compelling legitimate grounds or the processing is needed for legal claims. You can always object to use of your data for direct marketing and we will honor that.
Right not to be subject to Automated Decision Making: Miris does not use personal data to make automated decisions with legal or similar significant effects without human involvement.
Because Miris often acts as a processor for our Customers, if you are an End User of a Miris Customer and you wish to exercise any rights, please direct your request to the Customer (the data controller). We will facilitate our Customer in responding to data subject requests for data that we process on their behalf, to the extent required by law. For example, if an end user asks us directly for deletion of their streaming data, we will notify the relevant Customer and assist as needed to fulfill the request under the DPA terms.
If you are a Miris Customer or otherwise have a direct relationship with Miris (e.g., you’re a Customer employee or a website visitor who gave us your info), you can send any rights requests to Miris at privacy@miris.com. We will respond within the timeframes required by law (generally one month for GDPR, which can be extended if necessary). We may need to verify your identity (and authority, if you are making a request on behalf of someone else) to process certain requests.
California Residents (CCPA/CPRA): While Miris deals mainly with businesses, California law may still provide rights to individuals whose personal information we handle in a business context. California residents have the right to know what categories of personal information we collect, the purposes, and the categories of sources and third parties we share with. They can also request access to specific personal information, request deletion (with similar exceptions as GDPR), and correct inaccurate information. Miris does not sell personal information as defined by CCPA, and we do not share it for cross-context behavioral advertising. If you are a California resident and have questions or requests, you can contact us at the email above. We will not discriminate against you for exercising your rights.
Opt-Out of Marketing: Regardless of jurisdiction, anyone receiving our marketing emails can opt out at any time by clicking the unsubscribe link or contacting us. Please note transactional or account-related emails are not subject to general opt-out as they are necessary for service.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention is required or permitted by law.
Customer Content and End User Data (Processor Data): We generally retain Customer Content and associated End User streaming data for the duration of the Customer’s subscription or contract. We have routines to delete or anonymize certain telemetry logs after a defined period appropriate to Miris' current stage of development and operational needs, as set out in Miris' then-current retention policy. Upon termination of a Customer contract, we will delete or return personal data processed on Customer’s behalf in accordance with our DPA and Terms of Service (typically after a brief retention period for Customer to retrieve data, all personal data is deleted unless required to be retained).
Customer Account Data: We retain Customer account information for as long as the account is active and thereafter as needed for record-keeping (e.g., to have an accounting of transactions, or if needed for legal disputes). If a prospective customer has not engaged in a long time, we may delete or anonymize their contact info from our marketing systems.
Website Analytics: Analytics data is retained for a period appropriate to its purpose and as configured in Miris' analytics tools, and is deleted or anonymized when no longer needed.
Legal Holds: We may retain data longer if required to comply with our legal obligations or if necessary to resolve disputes or enforce agreements. For instance, if we receive a legal preservation request or if data is needed for a court case, we will keep relevant data until the issue is resolved.
When we no longer have a legitimate need to retain personal data, we will securely delete or anonymize it. If deletion is not feasible (e.g., because the data is stored in backups), we will isolate it and secure it from further processing until deletion is possible.
Miris takes security seriously and employs administrative, technical, and physical measures to protect personal data from unauthorized access, disclosure, and loss. These measures include, but are not limited to:
Encryption: We encrypt personal data in transit over public networks using TLS. We also encrypt sensitive data at rest in our databases and storage (except data that Customer chooses to make public).
Access Controls: Access to systems containing personal data is limited on a need-to-know basis to authorized personnel. We enforce strong authentication (including multi-factor authentication where feasible at Miris' current scale) and maintain access logs. Our employees and contractors are bound by confidentiality obligations.
Network Security: We use firewalls, intrusion detection systems, and DDoS protection on our platform. Our third-party infrastructure providers maintain robust security certifications (such as ISO 27001, SOC 2) – we review their compliance regularly.
Monitoring and Testing: We monitor our systems for vulnerabilities and attacks. Regular security testing (including penetration testing by qualified third parties) is performed. We promptly apply patches or mitigations for known vulnerabilities.
Incident Response: We have an incident response plan. In the event of a data breach involving personal data, we will notify affected Customers without undue delay and provide all reasonable information to support breach notifications to authorities or individuals as required by law.
Despite our efforts, no security measures are infallible and we cannot guarantee absolute security. Customers also play a role in security – for example, by securing their account credentials, using two-factor authentication, and appropriately securing any client-side integrations. If you believe your data or account with Miris has been compromised, please contact us immediately.
Miris’s Services are business-to-business and not directed to minors. We do not knowingly collect personal data from children under 16 (or the relevant age of consent in their jurisdiction). Customers are prohibited from using the Services to collect data directly from children or students in violation of applicable child data protection laws. If we become aware that we have inadvertently processed personal data of a child without proper consent or authorization, we will promptly delete such data. If you are a parent or guardian and believe Miris has been sent your child’s data improperly, please contact us so we can assist.
We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. When we update the Policy, we will post the new version on our website and update the “Last Updated” date at the top. If changes are material, we will provide a more prominent notice (e.g., by email to account owners or a notice on our dashboard) explaining the changes. We encourage you to review this Policy periodically to stay informed about our data practices. Continuing to use the Services after a revised Privacy Policy has become effective indicates your acknowledgment of the updated terms (where required by law, we will obtain your consent for substantial changes in how we use data).
If you have questions or concerns about this Privacy Policy or Miris’s data practices, or if you wish to exercise your privacy rights, please contact us:
By Email: privacy@miris.com
By Mail: Miris, Inc. – Privacy Inquiry, 10567 Jefferson Blvd., Suite C, Culver City, CA 90232.
We will address your inquiry as promptly as possible. If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (data protection regulator). For example, in the UK this is the Information Commissioner’s Office (ICO), and in the EU you can find the list of Data Protection Authorities here. We would, however, appreciate the chance to address your concerns first before you approach a regulator, so please consider reaching out to us.
