Privacy Policy

1. Introduction

This Privacy Policy describes how Miriad ("the Service", "we", "us", "our") collects, uses, and protects your information. By using Miriad, you agree to the collection and use of information as described in this policy. Miriad is operated by an individual developer and is not a registered business entity.

2. Information We Collect

Account information: When you create an account, we collect your email address and, if you sign in with Google, your name and profile information as provided by Google. We use this information solely to authenticate you and provide the Service.

Note content: We store the notes, tasks, and other text content you create within the Service. This content is stored in a Supabase-hosted PostgreSQL database. Access to your content is restricted by row-level security policies, meaning database queries can only return data belonging to the authenticated user.

Payment information: Subscription payments are processed entirely by Stripe. We store your Stripe customer ID and subscription status to manage your account. We never receive, see, or store your credit card number, bank account details, or other payment instrument data.

Usage data: We may collect anonymous, aggregated usage analytics (such as page views and feature usage) using privacy-respecting analytics tools. This data cannot be used to identify individual users.

Local data: The Service stores a copy of your notes in your browser's local storage (IndexedDB) to enable offline access. This data remains on your device and is not transmitted to us except as part of normal cloud synchronization.

3. How We Use Your Information

We use the information we collect to: provide, maintain, and improve the Service; authenticate your identity and manage your account; process subscription payments through Stripe; send transactional emails related to your account (such as password resets and subscription confirmations); and respond to support requests.

4. Data Sharing

We do not sell, rent, or trade your personal information to any third party. We share information only with the following service providers, solely to operate the Service:

Supabase: Hosts our database and provides authentication services. Subject to Supabase's privacy policy.

Stripe: Processes subscription payments. Subject to Stripe's privacy policy.

Vercel: Hosts the web application. Subject to Vercel's privacy policy.

We may also disclose your information if required to do so by law or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights, or ensure the safety of users.

5. Data Security

We implement reasonable technical measures to protect your data, including: row-level security policies in our database ensuring users can only access their own data, encrypted connections (HTTPS/TLS) for all data in transit, Stripe's PCI-compliant payment processing, and server-side authentication validation. However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data and shall not be liable for any unauthorized access, data breaches, or data loss.

6. Data Retention

We retain your account data and note content for as long as your account is active. If you delete your account, we will delete your data from our active database. Residual copies may persist in database backups for a limited period. We do not guarantee the complete erasure of data from all backup systems.

7. Your Rights

You have the right to: access your data by using the Service or the export feature; correct your data by editing your notes directly; delete your data by using the account deletion feature in your account settings or by contacting us; and export your data using the built-in export function.

If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, please contact us at the email address below.

8. Cookies and Local Storage

Miriad uses essential cookies and browser local storage for authentication and to maintain your session. We do not use advertising cookies or tracking cookies. If we use analytics, we use privacy-respecting services that do not use cookies for cross-site tracking.

9. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

10. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to notify active users via email.

12. Contact

For questions about this privacy policy or to exercise your data rights, contact: support@miriadnotes.com