Mirrolabs is a technology lab that designs, builds and operates its own digital platforms with multi-agent AI systems. It operates as a commercial brand under Yonathan Avendaño as a natural person, based in Ibagué, Colombia.

Is Mirrolabs a development agency?

No. Mirrolabs is primarily a lab that builds and operates its own products — not a services agency. External proposals are evaluated selectively when the project contributes to the lab or has strategic interest. Reach out at hola@mirrolabs.com to discuss.

Does Mirrolabs take on external projects?

Selectively, yes. It is not the main activity — Mirrolabs is an operating lab, not a consultancy. When we take on an external project, it is because it contributes to the lab, fits the stack, or has strategic interest. Proposals are evaluated case by case at hola@mirrolabs.com.

Where does Mirrolabs operate?

Mirrolabs maintains platforms in production across more than eleven countries in Latin America, with operational headquarters in Ibagué, Tolima, Colombia.

What does Mirrolabs do?

It designs, builds and operates digital platforms for global markets: applied AI integration, process automation, multichannel chatbots on WhatsApp and Web, AI-powered customer service systems, and Android applications.

Who founded Mirrolabs?

Yonathan Avendaño, an independent full-stack developer, is the founder and operator of the Mirrolabs commercial brand.

Is Mirrolabs registered as a legal entity?

No. Mirrolabs is a commercial brand operated by Yonathan Avendaño as a natural person under Colombian law. Legal responsibility for the services and products rests directly with him.

How do I contact Mirrolabs?

By email at hola@mirrolabs.com or via LinkedIn at https://www.linkedin.com/in/yonathanavenda.

← Back to home

/ privacy /

Privacy Policy

Last updated: June 1, 2026

1. Identity of the data controller

Mirrolabs is the commercial brand under which digital platforms are designed, built and operated. Mirrolabs is operated by Yonathan Avendaño, an independent developer with residence in Ibagué, Tolima, Colombia. In this policy, "Mirrolabs", "we", or "our" refers to Yonathan Avendaño acting as the data controller under Colombian Law 1581 of 2012 and, where applicable, the EU General Data Protection Regulation (GDPR).

Mirrolabs is not yet incorporated as a legal entity. Once it is, this policy will be updated and legal responsibility will transfer to the resulting legal entity.

Contact: [email protected]

2. Scope of this policy

This policy applies to all websites, mobile applications, platforms and services operated under the Mirrolabs brand, present and future (the "Services"). When a specific Service requires additional considerations, it will indicate so in its own supplementary policy.

3. Personal data we collect

We collect only the data necessary to operate and improve the Services:

Account data: name, email address, password (stored hashed).
Usage data: pages visited, features used, device type, browser, approximate IP address, date and time of access.
Payment data: when applicable, processed directly by third parties (e.g., Stripe, Wompi or equivalents). Mirrolabs does not store card information.
User-generated content: material you upload, create or save in our platforms (text, images, audio, configurations).
Communications: emails, support messages and contact form submissions.

We do not collect sensitive data (racial or ethnic origin, biometric data, health, sexual orientation, political opinions) unless a specific Service requires it and obtains your explicit prior consent.

4. Purposes of processing

We use your personal data to:

Operate, maintain and improve the Services.
Authenticate you and keep your session secure.
Respond to your support requests and communications.
Send you operational service notifications (no marketing unless you opt in).
Perform aggregate and anonymous internal analytics to improve products.
Comply with applicable legal obligations.

We do not sell your data. We do not use it for third-party targeted advertising.

5. Use of artificial intelligence

Some Mirrolabs Services integrate artificial intelligence systems. In those cases:

Your data may be processed by third-party AI providers (e.g., Anthropic, OpenAI, Google, or similar) under their respective privacy policies.
When that option is available, we configure those services so your data is not used to train their models.
AI-generated outputs are subject to human supervision, direction and final validation before being put into production.
Artificial intelligence is an operational tool, not a replacement for human responsibility over the Services.

6. Who we share your data with

We share personal data only with:

Infrastructure providers: hosting, CDN, storage, monitoring (e.g., Cloudflare, OVH, DigitalOcean, Vercel, AWS or similar).
Payment processors: Stripe, Wompi, PayU or others, exclusively to process transactions.
Communication providers: transactional email and notification services.
AI providers: per Service, as described in section 5.
Competent authorities: when there is a valid judicial or administrative requirement in applicable jurisdiction.

All providers are subject to data processing agreements that limit the use of your information to the contracted service.

7. Data retention

We retain your personal data for as long as your account remains active or as needed to provide you the Service. If you request deletion of your account, we delete your personal data within a maximum of 30 days, except in cases where the law requires us to retain specific records (e.g., accounting or tax records).

8. Your rights as a data subject

Under Colombian Law 1581 of 2012 and, where applicable, the EU GDPR, you have the right to:

Know, update and rectify your personal data.
Request proof of the authorisation granted for processing.
Be informed of the use given to your data.
Withdraw authorisation and/or request the deletion of your data.
Access for free the personal data that has been processed.
Data portability: receive your data in a common, structured format.
File complaints with the Colombian Superintendence of Industry and Commerce (SIC) or equivalent authority.

To exercise any of these rights, write to [email protected]. We respond within a maximum of fifteen (15) business days.

9. Cookies and similar technologies

We use cookies and browser local storage for:

Keeping your session active after login.
Remembering your preferences (language, theme, settings).
Collecting anonymous, aggregate usage analytics.

We do not use third-party advertising cookies. You can disable cookies from your browser settings; in that case, some features may not work correctly.

10. Children's data

Mirrolabs Services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If we discover that we have collected data from a minor without parental consent, we will delete it promptly. For users between 13 and 18, parental or legal guardian authorisation is required.

11. Security

We apply reasonable technical and organisational measures to protect your data: encryption in transit (TLS), encryption at rest where applicable, password hashing using modern functions (bcrypt or equivalent), role-based access control, and audit logging of administrative access. No system is completely invulnerable; if we detect a breach affecting your personal data, we will notify you within applicable legal timeframes (72 hours under GDPR where it applies).

12. International transfers

Your data may be processed in countries other than Colombia by our infrastructure providers. Those countries meet adequate protection standards under Colombian and European frameworks, or are subject to equivalent contractual safeguards (EU Standard Contractual Clauses or analogues).

13. Changes to this policy

We may update this policy to reflect legal, technical or product changes. The "Last updated" date at the top of this document indicates when the current version was published. If changes materially affect your rights, we will notify you by email or via prominent notice in the Services before they take effect.

14. Governing law and jurisdiction

This policy is governed by Colombian Law 1581 of 2012, its implementing decrees, and related regulations. For users residing in jurisdictions with additional protections (EU, California, UK, etc.), we respect the specific rights granted by those laws. Any controversy will be submitted to the courts of the Republic of Colombia.

15. Contact

For questions, exercise of rights, or security incident reports:

Email: [email protected]
Responsible: Yonathan Avendaño
Address: Ibagué, Tolima, Colombia