Me&AI

Privacy

Your data is yours.

Last updated May 2026 · Subject to legal review before the public DNS launch.

The short version

  • We collect what we need to run the service. We don’t sell, share, or trade your data with third parties for marketing purposes.
  • Data lives in your tenant. We don’t train foundation models on your content. Audit logs are downloadable.
  • EU residents: we operate under GDPR. You can request access, rectification, deletion, or export at any time — one email to privacy@meandai.io.
  • We use sub-processors (cloud hosting, foundation model providers, transactional email) listed below. Each is under contract with appropriate data-processing terms.

What we collect

Account data

Name, email, role, organisation, and authentication identifiers from your single-sign-on provider when you sign in. Used to provide the service and contact you about it.

Customer data (data your pods process)

Emails, contacts, documents, calendar events, and other content you connect from your tools (Gmail, Slack, LinkedIn, etc.). Used solely to perform the work you’ve instructed the pods to do. Stored encrypted at rest and in transit, scoped to your tenant.

Operational metadata

Logs of pod actions (what was done, when, by which pod, on which entity). Used for the audit log, debugging, and service quality. Retained 90 days, then aggregated into tenant-scoped statistics.

What we do with it

  • Run the service you signed up for.
  • Improve the service via aggregated, de-identified analytics. We never use your customer data to train foundation models.
  • Communicate with you about the service (billing, outages, security notices). Marketing emails only with opt-in.

Sub-processors

Hosting and platform services we rely on, current as of May 2026:

  • Railway (compute, EU regions where available)
  • Neon (Postgres, EU region)
  • Neo4j Aura (graph database, EU region)
  • Anthropic, OpenAI (foundation model inference)
  • Clerk (authentication)
  • Resend (transactional email)
  • Logfire (observability)
  • Cloudflare (DNS, edge)

We notify customers in advance of any new sub-processor via the in-app notification log and email to the billing contact.

Your rights

EU/UK GDPR rights apply: access, rectification, erasure, restriction, portability, objection. We respond within 30 days. California residents have parallel CCPA rights.

Email privacy@meandai.io with the request and a way to verify your identity (we don’t want to give your data to someone pretending to be you).

Retention & deletion

Account data is retained while your account is active and for 90 days after cancellation, then deleted. Customer data is exportable on request and deleted within 30 days of cancellation unless you ask us to delete sooner. Audit logs are retained for the regulatory minimum (currently 1 year) even after account deletion, then anonymised.

Contact

Privacy lead: privacy@meandai.io
EU representative: appointed before public launch — listed here once confirmed.