MEing is a presence app. It exists to bring you back to yourself — quietly, a few times a day. We built it to hold your moments, not to harvest them. This policy explains exactly what we collect, why, where it lives, and the control you have over it. We collect only what the app needs to work. We do not track you, we do not sell your data, and we do not use advertising.
1. Who we are
MEing (“MEing,” “we,” “us,” “our”) is operated by Ilia Grace & Co. Inc., a company incorporated in Ontario, Canada. We are the data controller responsible for the personal information described in this policy.
For any privacy question, request, or complaint, contact us at hello@meing.org.
2. What we collect
This table is the complete and authoritative list of what MEing collects. If something is not listed here, MEing does not collect it.
| Data | Where it's stored | Linked to you | Used for tracking | Third parties |
|---|---|---|---|---|
| Email address | Supabase (auth) + on-device cache (AsyncStorage) | Yes | No | Postmark (OTP delivery only) |
| Auth session token | iOS Keychain (expo-secure-store) | Yes | No | No |
| Auth provider type | On-device (AsyncStorage) | Yes | No | No |
| Premium status | Supabase (profiles) + on-device cache | Yes | No | No |
| Notification rhythm + reminder window | Supabase (profiles) + on-device cache | Yes | No | No |
| Check-in records (timestamp, shimmer index, sphere type, color index, golden flag) | Supabase (check_ins) + on-device cache | Yes (user ID) | No | No |
| Earned milestones & constellations | On-device only (AsyncStorage) — derived | No (derived) | No | No |
| Accelerometer readings (for the visual “shimmer”) | Device RAM only — never stored, never transmitted | No | No | No |
A note on your check-ins: a check-in is not a journal entry or free text. It is a small set of values — when you checked in and which feeling/visual you chose. We store these so your “universe” can be rebuilt across your devices. We never read them as content about your life, and we never share them.
3. What we don't collect
To be unambiguous, MEing does not collect or access any of the following:
- Health or fitness data
- Location (precise or approximate)
- Contacts or address book
- Photos, camera, or microphone
- Advertising identifiers (IDFA) or any advertising data
- Web browsing or search history
MEing contains no third-party tracking, analytics, or advertising SDKs. Specifically, there is no PostHog, Mixpanel, Amplitude, Sentry, Firebase Analytics, Google Analytics, Segment, Crashlytics, or any social-media SDK. There are no ads in MEing, and we do not sell or rent your data to anyone.
4. Why we collect what we collect
- Email address — to create and secure your account and to deliver your one-time sign-in code (OTP). Legal basis: performance of our contract with you.
- Auth session token & provider type — to keep you signed in securely without re-entering a code each time.
- Premium status — to unlock the features you've purchased and restore them across your devices.
- Notification rhythm & reminder window — to send the local reminders you asked for, at the cadence you set.
- Check-in records — to build and sync your personal “universe” across devices, which is the core function of the app.
- Accelerometer — read only in the moment to animate the on-screen visual. It is used in RAM and immediately discarded; it is never saved or sent anywhere.
We practice data minimization: we ask only for what the core experience requires, in line with Apple's guidelines and the principles of PIPEDA and GDPR.
5. Apple App Store privacy declarations
For transparency, these are the declarations we make on our App Store “privacy nutrition label.” They match what's described above.
| Data type | Linked to you | Purpose | Tracking |
|---|---|---|---|
| Contact Info — Email Address | Yes | App Functionality & Account Management | No |
| User Content — check-ins | Yes | App Functionality | No |
| Identifiers — User ID | Yes | App Functionality | No |
| Purchases — Purchase History | Yes | App Functionality (premium, v1.1) | No |
6. Service providers we use
We use a small number of vendors strictly as processors acting on our instructions. They are contractually bound to protect your data and may not use it for their own purposes.
- Supabase — authentication and database (stores your account, profile, premium status, and check-in records).
- Postmark — transactional email. Postmark delivers your one-time sign-in code only. It receives your email address solely to send that code.
- Apple StoreKit — processes in-app purchases and subscriptions (premium tier, v1.1). Apple handles payment; we never see your full payment details.
- expo-notifications — schedules local notifications on your device. There is no remote push server; reminders are generated on-device.
7. International data transfers
MEing is offered globally. Your account data and check-in records are stored in our Supabase project, which is hosted in a North American (United States) region. If you use MEing from outside that region — for example, in the EU/EEA, the UK, or Canada — your information will be transferred to and processed in the United States. Where required (e.g., for EU/EEA/UK users), such transfers rely on appropriate safeguards such as Standard Contractual Clauses. By using MEing you understand that your information will be processed as described here.
8. Data retention & deletion
We keep your personal information only for as long as your account is active.
- In-app deletion. You can delete your account at any time from within the app (Settings → Account → Delete account). This is a permanent action.
- What happens on deletion. When you delete your account, we erase your email, profile, premium status, and check-in records from our systems, and your on-device cache is cleared. We complete deletion within 30 days of your request.
- By email. You can also request deletion at hello@meing.org and we will action it within 30 days.
- Limited exceptions. We may retain minimal records where required by law (for example, transaction records Apple requires us to keep), but never your check-in content.
9. Your rights (everyone)
Regardless of where you live, you can:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and data (see above)
- Export your check-in data in a portable format
- Withdraw consent or object to certain processing
To exercise any right, email hello@meing.org. We will respond within the timeframe required by your local law. We will not discriminate against you for exercising your rights.
10. Canada — PIPEDA
As an Ontario company, we handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We collect personal information only for the identified purposes above, with your knowledge and consent; we limit collection to what is necessary; and we protect it with appropriate safeguards. You may direct any PIPEDA inquiry or complaint to hello@meing.org. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
11. EU / EEA / UK — GDPR
If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies. For the purposes of the GDPR, Ilia Grace & Co. Inc. is the data controller.
Lawful bases. We rely on: (a) performance of a contract for account creation, sign-in, syncing your check-ins, and delivering premium features; (b) legitimate interests for keeping the service secure and functioning; and (c) consent where you opt in to reminders, which you can withdraw at any time.
Your rights. You have the right to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, and the right not to be subject to solely automated decision-making (we do none). You may lodge a complaint with your local supervisory authority. Given the limited scope of our processing, we are not required to appoint a Data Protection Officer, but you can reach our privacy contact at hello@meing.org.
12. California — CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of its “sale” or “sharing.”
The categories we collect are identifiers (email, user ID), commercial information (purchase history), and your check-in content — all as described in Section 2, all for the business purpose of operating the app. To exercise your California rights, email hello@meing.org.
13. Children
MEing is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 (consistent with the U.S. Children's Online Privacy Protection Act, COPPA). The app is rated for a general audience and requires sign-in. If you believe a child under 13 has provided us personal information, contact hello@meing.org and we will delete it promptly.
14. How we protect your data
All data transmitted between the app and our backend is encrypted in transit (HTTPS/TLS). Your sign-in session token is stored in the iOS Keychain via secure storage. We use one-time codes (OTP) instead of passwords, so there is no password for an attacker to steal. Access to our backend is restricted and authenticated. No system is perfectly secure, but we take reasonable, industry-standard measures to safeguard your information.
15. Changes to this policy
We may update this policy as the app evolves or as the law requires. When we make a material change, we will update the “Last updated” date above and, where appropriate, notify you in the app. Your continued use of MEing after an update means you accept the revised policy.
16. Contact us
Questions, requests, or concerns about your privacy:
Ilia Grace & Co Incorporated
3080 Yonge St, Suite 6060, Toronto ON M4N 3N1
hello@meing.org