Legal

Privacy Policy

Last updated: 2026-06-13

MEing is a presence app. It exists to bring you back to yourself — quietly, a few times a day. We built it to hold your moments, not to harvest them. This policy explains exactly what we collect, why, where it lives, and the control you have over it. We collect only what the app needs to work. We do not track you, we do not sell your data, and we do not use advertising.

1. Who we are

MEing (“MEing,” “we,” “us,” “our”) is operated by Ilia Grace & Co. Inc., a company incorporated in Ontario, Canada. We are the data controller responsible for the personal information described in this policy.

For any privacy question, request, or complaint, contact us at hello@meing.org.

2. What we collect

This table is the complete and authoritative list of what MEing collects. If something is not listed here, MEing does not collect it.

DataWhere it's storedLinked to youUsed for trackingThird parties
Email addressSupabase (auth) + on-device cache (AsyncStorage)YesNoPostmark (OTP delivery only)
Auth session tokeniOS Keychain (expo-secure-store)YesNoNo
Auth provider typeOn-device (AsyncStorage)YesNoNo
Premium statusSupabase (profiles) + on-device cacheYesNoNo
Notification rhythm + reminder windowSupabase (profiles) + on-device cacheYesNoNo
Check-in records (timestamp, shimmer index, sphere type, color index, golden flag)Supabase (check_ins) + on-device cacheYes (user ID)NoNo
Earned milestones & constellationsOn-device only (AsyncStorage) — derivedNo (derived)NoNo
Accelerometer readings (for the visual “shimmer”)Device RAM only — never stored, never transmittedNoNoNo

A note on your check-ins: a check-in is not a journal entry or free text. It is a small set of values — when you checked in and which feeling/visual you chose. We store these so your “universe” can be rebuilt across your devices. We never read them as content about your life, and we never share them.

3. What we don't collect

To be unambiguous, MEing does not collect or access any of the following:

MEing contains no third-party tracking, analytics, or advertising SDKs. Specifically, there is no PostHog, Mixpanel, Amplitude, Sentry, Firebase Analytics, Google Analytics, Segment, Crashlytics, or any social-media SDK. There are no ads in MEing, and we do not sell or rent your data to anyone.

4. Why we collect what we collect

We practice data minimization: we ask only for what the core experience requires, in line with Apple's guidelines and the principles of PIPEDA and GDPR.

5. Apple App Store privacy declarations

For transparency, these are the declarations we make on our App Store “privacy nutrition label.” They match what's described above.

Data typeLinked to youPurposeTracking
Contact Info — Email AddressYesApp Functionality & Account ManagementNo
User Content — check-insYesApp FunctionalityNo
Identifiers — User IDYesApp FunctionalityNo
Purchases — Purchase HistoryYesApp Functionality (premium, v1.1)No
No data used for tracking. MEing does not link your data with third-party data for advertising or measurement, and does not share data with data brokers.

6. Service providers we use

We use a small number of vendors strictly as processors acting on our instructions. They are contractually bound to protect your data and may not use it for their own purposes.

7. International data transfers

MEing is offered globally. Your account data and check-in records are stored in our Supabase project, which is hosted in a North American (United States) region. If you use MEing from outside that region — for example, in the EU/EEA, the UK, or Canada — your information will be transferred to and processed in the United States. Where required (e.g., for EU/EEA/UK users), such transfers rely on appropriate safeguards such as Standard Contractual Clauses. By using MEing you understand that your information will be processed as described here.

8. Data retention & deletion

We keep your personal information only for as long as your account is active.

9. Your rights (everyone)

Regardless of where you live, you can:

To exercise any right, email hello@meing.org. We will respond within the timeframe required by your local law. We will not discriminate against you for exercising your rights.

10. Canada — PIPEDA

As an Ontario company, we handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We collect personal information only for the identified purposes above, with your knowledge and consent; we limit collection to what is necessary; and we protect it with appropriate safeguards. You may direct any PIPEDA inquiry or complaint to hello@meing.org. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

11. EU / EEA / UK — GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies. For the purposes of the GDPR, Ilia Grace & Co. Inc. is the data controller.

Lawful bases. We rely on: (a) performance of a contract for account creation, sign-in, syncing your check-ins, and delivering premium features; (b) legitimate interests for keeping the service secure and functioning; and (c) consent where you opt in to reminders, which you can withdraw at any time.

Your rights. You have the right to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, and the right not to be subject to solely automated decision-making (we do none). You may lodge a complaint with your local supervisory authority. Given the limited scope of our processing, we are not required to appoint a Data Protection Officer, but you can reach our privacy contact at hello@meing.org.

12. California — CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of its “sale” or “sharing.”

We do not sell or share your personal information as those terms are defined under California law, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes beyond providing the app. We will not discriminate against you for exercising your rights.

The categories we collect are identifiers (email, user ID), commercial information (purchase history), and your check-in content — all as described in Section 2, all for the business purpose of operating the app. To exercise your California rights, email hello@meing.org.

13. Children

MEing is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 (consistent with the U.S. Children's Online Privacy Protection Act, COPPA). The app is rated for a general audience and requires sign-in. If you believe a child under 13 has provided us personal information, contact hello@meing.org and we will delete it promptly.

14. How we protect your data

All data transmitted between the app and our backend is encrypted in transit (HTTPS/TLS). Your sign-in session token is stored in the iOS Keychain via secure storage. We use one-time codes (OTP) instead of passwords, so there is no password for an attacker to steal. Access to our backend is restricted and authenticated. No system is perfectly secure, but we take reasonable, industry-standard measures to safeguard your information.

15. Changes to this policy

We may update this policy as the app evolves or as the law requires. When we make a material change, we will update the “Last updated” date above and, where appropriate, notify you in the app. Your continued use of MEing after an update means you accept the revised policy.

16. Contact us

Questions, requests, or concerns about your privacy:

Ilia Grace & Co Incorporated
3080 Yonge St, Suite 6060, Toronto ON M4N 3N1
hello@meing.org