Meta-Me
Sign in

Privacy Policy

Last updated: 8 May 2026

1. Who we are

Meta-Me is a personal-tools platform operated by Joe Jarlett, a sole-trader based in the United Kingdom. The data controller for the purposes of UK GDPR is Joe Jarlett, contactable at [email protected].

2. What we collect

2.1 Information you give us

  • Account data: name, email address, profile picture (if you sign in with Google).
  • Content you create: anything you put into the apps you use (knowledge base entries, contacts, transactions, health data, journal entries, etc). The exact data category depends on which apps you use.
  • Feedback and contact form submissions: the message you send and the email address you provide.
  • Payment details: when you subscribe, payment is processed by Stripe. We never see or store your card number; we only store the Stripe customer ID and subscription status.

2.2 Information we collect automatically

  • Authentication cookies: a single session cookie scoped to .meta-me.uk, set when you sign in.
  • Analytics events: page views, navigation duration, and a small set of custom events. Visitor IDs are hashed daily, no cookies, no IP retention, no third-party trackers. The infrastructure is first-party at analytics.meta-me.uk.
  • Operational logs: request paths, status codes, and error traces for debugging. Retained for 30 days.

2.3 What we don't collect

  • No third-party advertising trackers, no Google Analytics, no Facebook pixels.
  • No cross-site cookies. Our session cookie is first-party only.
  • No location data beyond what you explicitly add to an app.

3. Where it lives

  • Application database: PostgreSQL on a self-hosted Mac mini in the UK. Daily off-site encrypted backups.
  • Stripe: payment processing, customer records, subscription state. Stripe is the data processor for payment data.
  • Cloudflare: DNS only (DNS-only mode, not proxied).
  • Email (Gmail SMTP): outbound transactional emails (feedback notifications, password resets, milestones).
  • Encrypted vaults (Keel and similar): when an app uses an end-to-end encrypted vault, the encryption key is held in your browser only. The server stores opaque ciphertext and cannot read the contents.

4. Why we use it (and the legal basis)

  • Operate the service: running the apps you signed up for. Legal basis: contract (UK GDPR Article 6(1)(b)).
  • Process payments: billing, subscription management, invoice records. Legal basis: contract.
  • Improve the service: anonymous analytics, error monitoring. Legal basis: legitimate interest (UK GDPR Article 6(1)(f)).
  • Security and fraud prevention: rate limiting, abuse detection, audit logs. Legal basis: legitimate interest.
  • Communicate with you: replying to support, sending account-critical emails. Legal basis: contract.

5. Who we share it with

Meta-Me does not sell or share your personal data for marketing. We share the minimum necessary with:

  • Stripe: for payment processing.
  • Google (Gemini API and OAuth): when you use AI features. Prompts and the necessary context are sent to Google for inference. We do not allow Google to train on your data; Gemini API requests are excluded from training per Google's terms.
  • Anthropic (Claude API): when an app uses Claude for AI features. Same terms: not used for training.
  • Law enforcement: if compelled by a valid UK legal process.

6. How long we keep it

  • Account data: for as long as your account exists, plus 30 days after deletion to allow recovery from accidental deletion.
  • App content: same as account data. Deleting your account deletes the content.
  • Stripe records: Stripe retains payment records as required by financial regulations (typically 7 years in the UK).
  • Analytics events: retained in aggregate indefinitely; per-event raw data retained for 90 days.
  • Operational logs: 30 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and the data associated with it.
  • Port your data, receiving it in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent for any processing where consent is the legal basis.

To exercise any of these, email [email protected]. We aim to respond within 14 days. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.

8. Cookies

We use the smallest possible set of cookies:

  • Session cookie: first-party, scoped to .meta-me.uk, set when you sign in. Required to use authenticated features.
  • Stripe checkout cookies: set by Stripe during the checkout flow only. See Stripe's cookies policy.

No analytics cookies. No advertising cookies. No third-party tracking.

9. Security

We take reasonable steps to protect your data: TLS for all traffic, encrypted backups, role-based access, and end-to-end encryption for the most sensitive data (where the app supports it, like Keel's document vault).

No system is completely secure. If we ever discover a breach affecting your data, we will notify you and, where required, the ICO within 72 hours.

10. International transfers

Most data stays in the UK. Some processors are based in the US (Stripe, Google, Anthropic). When data is transferred outside the UK or EU, it is covered by the UK International Data Transfer Agreement or the Standard Contractual Clauses.

11. Changes to this policy

We will update this page when our practices change. The "last updated" date at the top reflects the most recent change. For material changes, we will notify you by email.

12. Contact

Questions about privacy: [email protected].