Legal

Privacy Policy

Last updated: 2 June 2025 · Applies to meedoapp.com

meeDo is operated as a sole trader in the United Kingdom. We are committed to protecting your personal information and being transparent about how we use it. This policy explains what data we collect when you use meeDo, why we collect it, how it is stored, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

By using meeDo you agree to the practices described in this policy. If you have any questions, please contact us at support@meedoapp.com.

1. Who we are

meeDo is operated as a sole trader based in the United Kingdom, trading as meeDo at meedoapp.com. For the purposes of UK GDPR, we are the data controller for the personal data you provide when using this service.

Contact: support@meedoapp.com

2. What data we collect

Account data. When you sign up or log in, we collect your email address. We use a magic-link (passwordless) authentication system — no password is ever stored.

Portfolio & financial data you enter. meeDo stores the data you manually input into the app: portfolio compositions, investment amounts, performance snapshots, and transaction records (deposits, withdrawals, and transfers). This data is entirely self-reported by you — meeDo does not connect to any brokerage, bank account, or external financial service.

This data is stored in two places. It is always saved to your browser's localStorage on your own device. If you are logged in to a meeDo account, it is also saved to our Cloudflare D1 database (cloud storage), so that your data persists across devices and browsers. If you are not logged in, your data exists only on the device you are using.

Usage data. We record basic usage counts per feature (e.g. number of AI insights generated, rebalance calculations performed, snapshots saved) to enforce free-tier limits and monitor API usage. We do not use third-party analytics trackers.

Feedback. If you submit a message via the in-app feedback form, we store that message in our database, along with your user ID if you are logged in.

Technical / session data. We store hashed session tokens and hashed authentication tokens to manage your login session. Raw tokens are never persisted. Authentication tokens expire after 15 minutes; sessions expire after 30 days.

We do not collect or store payment card details. All billing is processed by Paddle, who acts as the Merchant of Record. Paddle handles VAT compliance, payment processing, and receipts on our behalf. Please refer to Paddle's Privacy Policy for how your payment data is handled.

3. How we use your data

To provide and operate the meeDo service
To send you a login link when you request one
To save your portfolio and tracking data to the cloud when you are logged in
To enforce free-tier usage limits
To manage your subscription via Paddle
To respond to feedback or support requests
To improve the product based on aggregated, non-identifiable usage patterns

We do not use your data for advertising. We do not sell or share your personal data with third parties for marketing purposes.

4. Legal basis for processing

Contract performance — processing necessary to deliver the service you have signed up for
Legitimate interests — understanding aggregate product usage to improve the service, and managing API costs
Legal obligation — where required to comply with applicable UK law

5. Data storage & security

Your data is stored in a Cloudflare D1 database hosted on Cloudflare's global infrastructure. Cloudflare operates under appropriate data protection safeguards for data stored and processed in their network.

Authentication tokens are stored as cryptographic hashes only — the raw token is never persisted. We take reasonable technical precautions to protect your data, though no internet-based service can guarantee complete security.

6. Data retention

We retain your account and portfolio data for as long as you maintain an account with meeDo. If you delete your account via the in-app settings, your personal data is permanently removed from our database. Authentication tokens expire automatically after 15 minutes; sessions expire after 30 days and are not renewed automatically.

7. Third-party services

meeDo relies on the following third-party services, each of which processes some data on our behalf:

Cloudflare — edge compute, API hosting, and database storage (Cloudflare D1)
Paddle — subscription billing and payment processing (Merchant of Record). Paddle handles all payment data; we receive only a confirmation of subscription status.
Resend — transactional email delivery, used solely to send magic login links to the email address you provide
Anthropic — AI inference for portfolio insight generation. When you request a portfolio insight, the portfolio composition you have entered (asset labels and percentage allocations) is sent to Anthropic's API. No personal identifiers (such as your email address) are included in these requests.

8. Your rights under UK GDPR

You have the right to:

Access a copy of the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data ("right to be forgotten")
Object to certain types of processing
Data portability
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email us at support@meedoapp.com. We will respond within 30 days.

9. Cookies & local storage

meeDo uses your browser's localStorage to store your portfolio data, tracking data, and session state locally on your device. This is required for the app to function — localStorage is the primary data source during an active session.

If you are logged in, your portfolio and tracking data is also written to our Cloudflare D1 database in the cloud (as described in section 2). Usage counts (such as the number of AI insights used) are also stored in our database for logged-in users.

We do not currently use advertising or tracking cookies. We may introduce analytics in future (such as Google Analytics) to better understand how the product is used. If we do, we will update this policy and implement an appropriate cookie consent mechanism before any such cookies are set.

10. Changes to this policy

We may update this policy from time to time. Where changes are material, we will notify you by email or via a notice in the app. The "last updated" date at the top of this page will always reflect the current version.

11. Contact

For privacy-related queries, please contact us at support@meedoapp.com.