Privacy Policy

Last updated: January 1, 2026

This policy explains what data we collect, why we collect it, and how you can control it. We keep things simple: we collect only what we need to run the service.

What we collect

Account data

When you sign up, we collect your email address and name. If you use OAuth (Google or GitHub), we receive only the profile data you authorize: name, email, and profile photo.

Workspace data

Documents, tables, tasks, and other content you create is stored in our database (Neon PostgreSQL) and synchronized to your browser's local storage (IndexedDB). We do not read, analyze, or share your workspace content.

Usage data

We collect basic server logs (IP address, request timestamps, user agent) for security and debugging. We do not use third-party analytics or tracking scripts.

Cookies

We use a single session cookie to keep you signed in. No advertising cookies, no third-party trackers.

How we use it

We use your data exclusively to operate the service:

  • Authenticate your identity and maintain your session
  • Sync your workspace data across devices
  • Send transactional emails (password reset, invite notifications)
  • Diagnose errors and improve reliability

We never sell your data. We never use your content to train AI models.

Data storage

Location

Your data is stored on servers in the United States (Neon PostgreSQL, US East region). If you require data residency in another region, contact us about enterprise options.

Retention

Account and workspace data is retained for the lifetime of your account. Deleted resources are soft-deleted for 30 days before permanent removal. Server logs are retained for 90 days.

Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database access is restricted to authenticated backend services. We conduct periodic security reviews. See our security page for details.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access all personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, email privacy@meow.app. We respond within 30 days.

Third parties

We use a small set of sub-processors to run the service:

  • Neon — serverless PostgreSQL database
  • Vercel — application hosting and edge network
  • Resend — transactional email delivery

Each sub-processor is bound by a data processing agreement. We do not share data with any other third party.

Changes

We may update this policy when our practices change. Material changes will be communicated by email to registered users at least 14 days before taking effect. The "last updated" date at the top of this page always reflects the current version.

Contact

Questions about this policy: privacy@meow.app
General inquiries: contact page