Our Privacy Policy

Effective Date: September 20, 2025
Last Modified: October 27, 2025

PLEASE READ THIS PRIVACY POLICY CAREFULLY.

This Privacy Policy explains how MeetYu LLC collects, uses, discloses, and safeguards your personal information when you interact with us. This Policy applies to all our services, websites, and applications, whether you’re using MeetYu Life Coach for personal journaling or MeetYu Intelligent Workplace for organizational productivity.

KEY INFORMATION:

• Data Controller or Processor: We act as a data controller when you use our services directly as an individual. We act as a data processor when you use our services through your organization.
• Your Rights: You have comprehensive rights regarding your personal information, including access, correction, deletion, and portability rights, regardless of your location.
• International Transfers: Your data may be transferred internationally with appropriate safeguards such as Standard Contractual Clauses and comprehensive technical and organizational measures. We are certified under the EU-U.S. Data Privacy Framework.
• Contact Us: For privacy inquiries, email [email protected] or see Section 18 for complete contact information.
• Updates: We may update this Policy with advance notice for material changes. See Section 16 for details.

TABLE OF CONTENTS

1. Definitions
2. Our Fundamental Principles
3. Introduction and Scope
4. Our Relationship With You
5. Information We Collect About You
6. How We Use Your Information
7. Disclosure of Your Information
8. Data Retention
9. Data Security
10. International Data Transfers and Data Privacy Framework
11. Your Privacy Rights and Choices
12. Cookies and Similar Technologies
13. Automated Decision-Making and AI Processing
14. Information About Children
15. Third-Party Links and Services
16. Changes to Our Privacy Policy
17. Additional Rights and Disclosures
18. Data Protection Contacts
19. Additional Important Information

1. DEFINITIONS

“AI-Generated Content” means content, insights, suggestions, and responses generated by our artificial intelligence systems based on your data and interactions.

“Account Information” means information associated with your MeetYu account, including registration details, preferences, and authentication credentials.

“Customer Content” means journal entries, workplace notes, documents, and other content you create or upload to our Services.

“Data Controller” means the entity that determines the purposes and means of processing personal data.

“Data Processor” means the entity that processes personal data on behalf of the data controller.

“Data Privacy Framework” or “DPF” means the EU-U.S. Data Privacy Framework mechanism for international data transfers.

“EEA” means the European Economic Area.

“GDPR” means the General Data Protection Regulation (EU) 2016/679.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person.

“Services” means MeetYu’s products and services, including MeetYu Life Coach, MeetYu Intelligent Workplace, our websites, mobile applications, and APIs.

“Site” means our website at meetyu.app and any other websites where we display this Privacy Policy.

“Standard Contractual Clauses” means the contractual clauses approved by the European Commission for international data transfers.

“Telemetric Data” means technical data about how you access and use our Services, collected for security and performance purposes.

“Third-Party Services” means services, applications, or websites operated by entities other than MeetYu.

“Usage Data” means information about your interactions with our Services, including features used, session duration, and performance metrics.

2. OUR FUNDAMENTAL PRINCIPLES

At MeetYu LLC, your privacy is critically important to us. We have established several fundamental principles that guide everything we do:

We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our Services. We believe in data minimization and only collect what is necessary to provide you with exceptional AI-powered journaling and workplace productivity services. We store personal information for only as long as we have a documented reason to keep it, and we regularly review our retention practices to ensure we’re not holding data longer than necessary. We aim to make it as simple as possible for you to control what information in your account is shared, how it’s processed by our AI systems, and when it should be permanently deleted. We help protect you from overreaching government demands for your personal information and will notify you of legal requests unless prohibited by law. We aim for full transparency on how we gather, use, and share your personal information while maintaining the security and confidentiality of your data.

3. INTRODUCTION AND SCOPE

MeetYu LLC, a Delaware limited liability company (“MeetYu,” “we,” “us,” or “our”), is committed to protecting your privacy and has established comprehensive business procedures and security safeguards to protect Personal Information under our control. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered journaling and workplace productivity services, including MeetYu Life Coach and MeetYu Intelligent Workplace (collectively, the “Services”), visit our website at meetyu.app (the “Site”), or otherwise interact with us.

This Privacy Policy is intended to establish responsible and transparent practices for the management of Personal Information and to satisfy applicable legal requirements including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other U.S. state privacy laws, and international data protection frameworks. This Policy sets out the standards, responsibilities and obligations of MeetYu in respect of any Personal Information collected, accessed or processed by MeetYu in the course of its business operations, and specifies MeetYu’s obligations arising from the Customer Terms of Service entered into between MeetYu and its customers, whereby MeetYu might process or have access to Personal Information.

This Privacy Policy applies to all information we collect through our Services, Site, mobile applications, APIs, and communications with you through written or oral means, such as email or phone. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the policies and practices described in this Privacy Policy and our Terms of Service. If you do not agree with our policies and practices, you must not access or use our Services or Site.

4. OUR RELATIONSHIP WITH YOU

4.1 When MeetYu is the Data Controller

When you create an account for personal, non-commercial use, purchase our Services as an individual consumer with billing directed to you personally, sign up for a Free Plan for individual purposes, or interact with us directly outside of an organizational context, MeetYu acts as the data controller. This means we determine the purposes and means of processing your personal data and are directly responsible for ensuring your privacy rights are protected. In these situations, this Privacy Policy fully describes our practices and your rights regarding your personal information.

4.2 When MeetYu is the Data Processor

When you use MeetYu through your company, educational institution, or organization that has entered into our Terms of Service or another service agreement, your organization is the data controller and MeetYu acts as the data processor or service provider. This means we process personal data on behalf of and at the direction of your organization. This applies when billing and invoices are issued to a business or organization, when you are invited to join by an organizational administrator, or when you access the Services as an employee or member rather than as the account owner.

In these cases, your organization’s own administrator is responsible for the accounts associated with that organization and controls important aspects of your data processing. The administrator of your organization can: restrict, suspend, or terminate your access to or ability to use the Services; access comprehensive information about you and your use of the Services; access or retain information stored with us including your workspace content and detailed log data about your use of MeetYu; implement organizational policies regarding data retention, security, and sharing; restrict your ability to edit, restrict, modify, or delete information associated with your use of our Services; and export or transfer your data to other systems or services. If you have questions about how your organization handles your data, you should contact your organization’s administrator or privacy team directly, as they control these decisions.

4.3 Determining Your Relationship

The nature of our relationship is determined by the context of your use and billing arrangement. If an organization pays for your access, if billing information and invoices are directed to a business entity, or if you were invited to join MeetYu by an organizational administrator, your organization is typically the data controller. If you pay personally as an individual consumer and maintain sole control of your account, MeetYu is typically the data controller. Once an organization assumes payment or administrative control of your account, transfer to a personal account may no longer be possible due to organizational data governance requirements. We strongly advise maintaining separate personal and organizational accounts if you wish to maintain individual control over certain data while also using MeetYu in an organizational context.

5. INFORMATION WE COLLECT ABOUT YOU

We collect several types of information from and about users of our Services to operate our business effectively and provide our Services in accordance with our contractual and legal obligations. The information we collect depends on the ways you interact with MeetYu and the choices you make, including your privacy settings, the products and features you use, your location, and applicable law. We collect this information through three primary methods: directly from you when you provide it to us through various interactions, automatically as you navigate through our Services using technical means, and from third parties such as our business partners and service providers who share information in accordance with applicable law.

It is important to note that we do not sell, rent, or trade your personal information to third parties for their promotional purposes, nor do we engage in the “sale” of personal information as defined under applicable privacy laws including the California Consumer Privacy Act and similar legislation. Personal Information that cannot be associated with an identifiable individual, for instance through aggregation or anonymization using industry-standard techniques, is no longer considered Personal Information and may be used for analytical and business improvement purposes.

5.1 Information You Provide to Us

When you interact with our Services or communicate with us, you provide us with Personal Information through various means. We collect only the information necessary to provide our Services and fulfill our legitimate business purposes. The types of information you may provide include:

5.1.1 Account and Registration Information

When you create an account or otherwise use the Services, we collect information necessary to establish and maintain your account and provide our Services according to our contractual obligations. This comprehensive account information includes your name for identification and personalization purposes; email address for account authentication and essential communications; password stored in encrypted format using industry-standard hashing algorithms for secure account access; role within your team or enterprise for organizational accounts to facilitate appropriate workflows and permissions; optional profile photo if you choose to personalize your account experience; account preferences to enhance your experience such as language settings for localized content, timezone information for scheduling and time-based features, and notification preferences you configure to control how we communicate with you; and information about reporting relationships if applicable for organizational accounts to facilitate appropriate workflows and approval chains. We implement data minimization principles and do not require unnecessary personal information for account creation beyond what is essential for Service provision and legal compliance.

5.1.2 Customer Content

When you use our Services, you create and store various types of content that constitute Customer Content under our Terms of Service. This includes journal entries containing your personal thoughts, reflections, and experiences which form the core of your MeetYu experience; workplace notes, documentation, and collaborative content for productivity enhancement; task lists, project information, and goal-setting data for organizational and personal management; documents and files you upload to enrich your entries and enhance functionality; AI prompts and your interactions with our AI-powered features including queries, requests, and generated responses; voice recordings if you choose to use voice-to-text features for convenience; images, videos, and other multimedia content you incorporate into your journals or workspaces; metadata associated with your entries including mood indicators, tags, locations, and weather information; and any other materials you create, upload, or generate while using our Services. We process this Customer Content using appropriate technical and organizational measures to provide the Services while you retain full ownership and control as described in our Terms of Service. Your Customer Content is processed solely as necessary to provide the Services, including rendering it within the application, enabling AI-powered analysis and suggestions, creating secure backups for disaster recovery, and facilitating any collaboration features you choose to use.

5.1.3 Payment and Billing Information

When you purchase a subscription to the Services, we collect payment and billing information strictly necessary to process your subscription and comply with financial regulations. This includes billing name and address for invoice generation and tax compliance; billing contact information for payment-related communications and account verification; payment method details processed through our PCI DSS-compliant payment processors for secure transaction handling; tax identification information where required by law for regulatory compliance; subscription plan details and pricing information for account management; and where required for payment verification or comprehensive fraud prevention, limited background information through trusted verification services. We use secure third-party payment processors that maintain current compliance with Payment Card Industry Data Security Standards (PCI DSS) to handle payment transactions with bank-level security. We do not directly store, process, or have any access to complete payment card information on our systems, implementing tokenization for all payment processing and retaining only the minimum information necessary for subscription management and regulatory compliance.

5.1.4 Communications and Support Information

We collect information from you when you interact with us through various channels. This includes the contents of messages or attachments when you submit web forms for inquiries or requests, interact with our websites including through chat features, subscribe to our blog or newsletter with appropriate consent, engage with our support team for assistance, sign up for webinars or educational content about journaling or productivity, request information about our Services or pricing, participate in surveys or beta testing programs to help us improve, report a problem or security issue for investigation, or otherwise communicate with us through any channel. We also collect transcripts of conversations with our support team for quality assurance and training purposes, feedback about our products and services including suggestions for improvement, and any free text responses in forms or communications that may contain personal details you choose to share. We limit the collection of such information to what is reasonably necessary to respond to your inquiries and provide requested services.

5.1.5 Event and Marketing Information

When you register for events, workshops, webinars, conferences, or other MeetYu-sponsored activities, we collect information necessary for event administration and to ensure your participation is smooth and comfortable. This includes your name for identification and registration purposes; contact information for event updates and logistics; emergency contact information where necessary for safety purposes; dietary preferences and accessibility requirements to ensure appropriate accommodations; professional information such as your title or organization for networking purposes; and any other information you choose to provide in connection with event participation. We use this information solely to facilitate your participation and may share it only with trusted event service providers as strictly necessary, who are contractually required to protect your information.

5.1.6 Research and Feedback Information

If you choose to participate in user research, beta testing, or provide feedback about our Services, we may collect additional information with your explicit consent. This includes responses to surveys and questionnaires about your experience; usability testing data and session recordings if you participate in research; feedback about specific features including effectiveness ratings; suggestions and ideas for product improvement which you agree we may use freely; demographic information you voluntarily provide for research purposes; and in some cases, with your explicit consent and in accordance with applicable law, sentiment analysis or biometric information associated with research sessions. Participation in research activities is always voluntary and subject to additional consent requirements.

5.2 Information Collected Automatically

As you navigate through and interact with our Services, we use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns for legitimate business purposes including security monitoring, fraud prevention, performance optimization, and Service improvement. This automatic collection helps us understand how our Services are used and continuously improve them while respecting your privacy preferences.

5.2.1 Usage and Interaction Data

We collect detailed usage data when you or your users interact with the Services to understand how our Services are used and to continuously improve them through data-driven insights. This comprehensive usage information includes which product features you use most frequently for product development priorities; when items such as journal entries or tasks are created, modified, archived, or deleted for activity monitoring and backup purposes; how often certain features like AI coaching responses or mood tracking are triggered for feature optimization; response times and latency metrics for performance monitoring and infrastructure planning; detailed feature usage patterns including click paths and navigation flows for user experience improvement; error rates, crash reports, and failure modes for reliability enhancement and bug fixing; query types and search patterns within the Services for relevance improvement and AI training; session duration, frequency of use, and engagement metrics for user satisfaction analysis; and comprehensive performance metrics for infrastructure planning and scaling decisions. This telemetric data is essential to improve our AI models through aggregated learning, identify and fix bugs before they impact users, prevent abuse and maintain Service integrity, assess capacity requirements, and provide better service through predictive support.

5.2.2 Device and Technical Information

We automatically collect technical information about your devices and how you access our Services to ensure compatibility, security, and optimal performance. This includes your IP address for security monitoring and approximate geographic location; device type, model, and unique device identifiers for compatibility and security; operating system and version for ensuring proper functionality; browser type, version, and configuration for rendering optimization; screen resolution and display settings for responsive design; language preferences for content localization; mobile network information when using mobile apps; and system performance data to optimize Service delivery. For mobile applications specifically, we collect additional information including app version and build number for update management; push notification tokens if you enable notifications; mobile carrier information for connectivity optimization; available storage space for offline functionality; and crash logs and diagnostic data for troubleshooting.

5.2.3 Cookies and Tracking Technologies

We use cookies, pixel tags, local storage, and similar tracking technologies to automatically collect information through our Services while respecting your privacy choices. These technologies help us recognize you when you return for personalization; maintain your session for seamless functionality; remember your preferences and settings for convenience; analyze usage patterns for Service improvement; provide security through session management; and deliver relevant content based on your interests. For comprehensive information about the specific cookies and tracking technologies we use, their purposes, retention periods, and your control options, please see our separate Cookie Policy, which provides detailed information about all cookie categories and opt-out mechanisms.

5.2.4 Log Information

Like most online service providers, we automatically collect and store comprehensive information in secure log files for security, operational, and legal compliance purposes. This logged information may include your web request details and server responses; IP address for security monitoring and geographic compliance; browser type and version for compatibility tracking; internet service provider for network diagnostics; detailed file access logs for security auditing; referring and exit pages for attribution and user journey analysis; operating system information for technical support; precise timestamps for audit trails and incident investigation; session identifiers for security monitoring; clickstream data for user experience analysis; and error logs and stack traces for debugging. We retain log information for limited periods as necessary for security, legal compliance, and Service improvement purposes.

5.2.5 Communication Tracking

When we send you emails or other communications, we may collect information about your interaction with those communications using industry-standard methods. This includes whether and when you opened our emails for engagement tracking; which links you clicked for content optimization; your email client and device type for compatibility; approximate geographic location when opening emails; and whether you forwarded or printed the communication. This information helps us understand the effectiveness of our communications and ensure important messages reach you successfully.

5.3 Information from Other Sources

We may obtain information about you from other sources to supplement information provided by you, but we strictly limit such collection to what is necessary for legitimate business purposes and ensure all sources comply with applicable data protection laws. When collecting information from third parties, we verify that such parties have appropriate legal basis for sharing the information with us.

5.3.1 Third-Party Authentication and Integration

If you choose to access our Services through third-party authentication providers or connect third-party services, we may receive limited information necessary to facilitate these connections. When you use single sign-on providers like Google or Apple for authentication convenience, we receive only the minimum information necessary such as your name, email address, and basic profile information that you have made available through your privacy settings with that provider. When you connect third-party productivity tools or services to enhance functionality, we access only the specific data necessary to provide the requested integration features, with clear disclosure of what will be accessed before you authorize the connection. You maintain full control over these connections and can disconnect them at any time through your account settings, after which we immediately cease accessing data from disconnected services.

5.3.2 Business Partners and Service Providers

We may receive information about you from carefully vetted business partners through legitimate business channels with appropriate data sharing agreements. This may include information from our global network of partners where you have provided verifiable consent; companies offering complementary services where you’ve expressed interest; event co-sponsors when you register for joint events; and professional networks where you’ve made your information publicly available. All third-party data sources must comply with applicable data protection laws and demonstrate appropriate lawful basis for data sharing.

5.3.3 Enrichment and Verification Services

If you register with a business email address, we may obtain limited publicly available business information from legitimate data enrichment providers to facilitate business communications and verify organizational affiliation. Such enrichment is strictly limited to publicly available business information, excludes sensitive personal information, and is conducted in full compliance with applicable data protection laws.

5.3.4 Customer Organizations

If your organization claims your account through our organization invitation process, we may receive information from your organization about your role, permissions, and authorized access levels. This enables appropriate workspace management and ensures compliance with organizational policies.

6. HOW WE USE YOUR INFORMATION

We use information that we collect about you or that you provide to us only for specific, explicit, and legitimate purposes that we have clearly identified and in accordance with applicable law. Our use of personal information is guided by data protection principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. When we process your personal data, we do so only as necessary to provide the Services according to our contractual obligations, fulfill our legal and regulatory obligations, operate our business within the boundaries of applicable law, or as explicitly set forth in this Privacy Policy with appropriate legal basis.

6.1 To Provide and Improve Our Services

We use your information for essential service provision and continuous improvement based on our contractual obligations and legitimate interests in providing quality services. This comprehensive use includes presenting our Services and their contents to you in a customized and personalized manner while respecting your privacy and autonomy; providing you with the specific information, products, or services that you explicitly request through any channel; fulfilling any other specific purpose for which you provide information with clear disclosure and appropriate consent; providing you with important notices about your account including expiration warnings, billing notifications, security alerts, and critical service updates that require your attention; carrying out our contractual obligations and enforcing our rights including service provision, billing, collection, and terms enforcement; notifying you about material changes to our Services with appropriate advance notice to allow informed decision-making; enabling interactive and collaborative features when you choose to use them; and continuously improving our Services based on usage patterns and feedback.

We use your account information and Customer Content strictly to provide the Services according to your subscription level and our Terms of Service. This includes creating and managing your unique user account; verifying your identity through secure procedures; preventing fraudulent activities through monitoring and detection systems; enabling secure password recovery; authenticating you when you log in using secure mechanisms including optional multi-factor authentication; providing customer support with appropriate verification; resolving technical issues through systematic troubleshooting; investigating and preventing security incidents using advanced threat detection; analyzing and resolving product issues for Service improvement; and ensuring continuous compliance with our Terms of Service.

6.2 AI Model Training and Service Enhancement

We may use Customer Data to support and develop AI features and functionality within the Services, subject to comprehensive safeguards and your control. Our AI processing serves several important purposes that directly benefit you and all users:

6.2.1 Personalized AI Features

We use information about your usage patterns and interactions to power AI features that provide personalized insights, suggestions, and coaching responses tailored to your specific needs and goals. This includes generating contextually relevant prompts and suggestions; analyzing patterns in your journaling or work habits to surface meaningful insights; providing intelligent categorization and organization of your content; offering personalized productivity recommendations based on your usage patterns; and creating smart summaries and reports that highlight what matters most to you. The AI models that power these features learn from aggregated usage patterns across our user base while maintaining individual privacy through technical safeguards.

6.2.2 Service-Wide AI Improvement

We may use anonymized and aggregated information derived from your use of the Services to train, improve, and develop the AI models that power our Services. This training process involves transforming individual data into aggregated patterns that cannot be reverse-engineered to identify any individual or customer; applying industry-leading anonymization techniques including differential privacy where appropriate; using aggregated data to improve model accuracy, reduce biases, and enhance performance; developing new AI-powered features based on common usage patterns and needs; and ensuring that improvements benefit all users while maintaining individual privacy. AI models trained on properly aggregated data benefit everyone through improved accuracy, enhanced performance, better understanding of context and intent, reduced errors and biases, and new capabilities that address real user needs.

6.2.3 Your Control Over AI Processing

You have complete control over AI-related processing of your data. You may opt out of having your Customer Data used to train MeetYu models by emailing [email protected] with “AI Training Opt-Out Request” from your registered email address. Upon receiving your opt-out request, we will confirm receipt, implement your preference across all systems, and maintain permanent records of your preference. Please note that opting out may impact Service personalization, AI feature accuracy, and access to certain advanced AI-powered features, though core Service functionality remains fully available. Opting out of model training does not affect our use of your data to provide Services directly to you, as defined elsewhere, e.g. for security purposes, or for legal compliance where we have separate lawful basis.

6.3 Security and Legal Purposes

We use your information for critical security and legal compliance purposes to protect our Services, users, and business interests. This includes investigating and preventing security incidents, unauthorized access attempts, and threats through continuous monitoring and threat intelligence; detecting and preventing fraud, abuse, and violations of our Fair Use principles using automated and manual review processes; maintaining comprehensive audit logs for security, compliance, and forensic purposes with appropriate retention periods; verifying user accounts and preventing unauthorized access through secure authentication methods; investigating suspicious activities while respecting user privacy and maintaining proportionality; responding to valid legal requests and court orders according to our Law Enforcement Guidelines; protecting our rights, property, safety, and legitimate interests within legal boundaries; enforcing our Terms of Service and agreements through reasonable measures; cooperating with law enforcement and regulatory authorities as required by law with appropriate safeguards; and meeting our extensive legal and regulatory obligations including tax, financial reporting, and data protection requirements.

6.4 Marketing and Communications

We use personal data to communicate with you about our Services and related offerings, always strictly subject to your preferences, applicable law, and privacy rights. Our communication purposes include sending you essential service-related communications that are necessary for your account; providing newsletters, product updates, and educational content where you haven’t opted out; delivering targeted event invitations and webinar announcements relevant to your interests; sharing tips, best practices, and feature highlights to help you get more value from our Services; sending promotional offers and special announcements where permitted; and facilitating important security and compliance notifications regardless of marketing preferences.

You have complete control over promotional communications and may opt out at any time through multiple convenient methods including clicking unsubscribe links in emails, updating preferences in account settings, or contacting us directly. Even if you opt out of marketing, we must still send essential transactional communications about billing, security, service changes, and support responses.

6.5 Analytics and Improvement

We use usage data and analytics to understand how our Services are used and continuously improve them. This includes analyzing trends and usage patterns to identify improvement opportunities; assessing feature adoption and engagement to prioritize development; conducting A/B testing to optimize user experience; measuring Service performance and reliability; identifying technical issues before they impact users; understanding user retention and satisfaction; benchmarking our Services against industry standards; and developing data-driven product roadmaps that address real user needs.

We may publish aggregated and anonymized insights about Service usage to benefit the broader community. When sharing statistical information externally, the data is thoroughly aggregated, permanently anonymized using techniques including k-anonymity and differential privacy, and designed so it cannot be reverse-engineered to identify any individual or organization. Such insights might appear in blog posts, research papers, case studies, or industry reports that help advance the field while protecting individual privacy.

6.6 Legal Bases for Processing

For users in the European Economic Area, United Kingdom, Switzerland, and other jurisdictions requiring explicit legal bases, we process your personal data only when we have valid legal grounds:

6.6.1 Contract Performance

We process data necessary to perform our contractual obligations to you, including providing the Services you’ve subscribed to, managing your account and authentication, processing payments and billing, providing customer support, and enforcing our Terms of Service.

6.6.2 Legitimate Interests

We process data based on carefully balanced legitimate interests that don’t override your fundamental rights, including operating and improving our Services, ensuring security and preventing fraud, providing efficient customer support, marketing our Services responsibly, protecting our legal rights, and analyzing usage for Service enhancement. We conduct and document balancing tests for each legitimate interest purpose.

6.6.3 Legal Obligations

We process data necessary to comply with legal obligations including tax and financial reporting requirements, responding to valid legal process, maintaining required business records, cooperating with regulatory authorities, and meeting data protection obligations.

6.6.4 Consent

For certain processing activities, we obtain your explicit, freely-given, informed consent, including for marketing communications where required, certain cookie placements and tracking, participation in research or beta programs, and processing of special categories of data. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6.6.5 Vital Interests

In rare emergency situations, we may process data necessary to protect vital interests including preventing imminent physical harm, addressing urgent security threats, or responding to medical emergencies.

7. DISCLOSURE OF YOUR INFORMATION

We maintain strict controls over any disclosure of your personal information and have implemented comprehensive technical and organizational measures to prevent unauthorized disclosure. We will not intentionally disclose the personal data that we collect or store on the Service to third parties without appropriate lawful basis, your explicit consent where required, or as specifically described in this Privacy Policy. We do not and will never sell, rent, or trade your personal information to third parties for their promotional purposes or for monetary consideration.

7.1 Service Providers

We disclose information only to carefully vetted third-party service providers who act as data processors and perform essential functions on our behalf under strict contractual obligations. We conduct thorough due diligence including security assessments before engaging any service provider. Our service providers are used exclusively for limited purposes including:

7.1.1 Infrastructure and Technical Services

We work with leading cloud infrastructure providers who maintain industry security certifications such as SOC 2, ISO 27001, and other recognized standards to host our Services and store data securely. These providers operate secure data centers with comprehensive physical and technical safeguards, implement encryption at rest and in transit, maintain detailed audit logs and monitoring systems, and are contractually bound to protect your data with the highest standards.

7.1.2 Payment Processing

We use PCI DSS-compliant payment processors to handle all financial transactions securely. These processors handle payment card data directly so we never have access to complete payment information, implement bank-level encryption and fraud detection, comply with financial regulations globally, and maintain appropriate licenses and certifications for payment processing.

7.1.3 Communication and Support Services

We utilize specialized providers for customer communication and support who help us deliver emails and notifications reliably, provide chat and helpdesk functionality for customer support, facilitate SMS notifications where you’ve opted in, and enable video conferencing for support sessions. These providers are selected based on their security practices and compliance certifications.

7.1.4 Analytics and Monitoring

We employ analytics providers to understand Service usage and performance. These providers help us track aggregated usage patterns, monitor Service performance and availability, identify and diagnose technical issues, and provide insights for Service improvement without accessing personal content.

7.1.5 Professional Services

We engage qualified professional service providers including legal advisors bound by attorney-client privilege, accounting firms bound by professional standards, security auditors and penetration testers, and compliance consultants who help ensure we meet our obligations.

All service providers are contractually required through comprehensive data processing agreements to maintain strict confidentiality using appropriate measures, implement technical and organizational security meeting industry standards, process data only according to our documented instructions, promptly notify us of any security incidents, maintain appropriate insurance coverage for data protection liabilities, submit to regular audits and assessments, delete or return data upon termination of services, and comply with applicable data protection laws including GDPR where relevant.

7.2 Partners and Affiliates

We may share your information with trusted partners and affiliates under strict conditions:

7.2.1 Channel Partners

We work with authorized resellers and implementation partners who help distribute and support our Services. These partners may receive limited account information necessary to provide sales support and identify optimization opportunities, facilitate training and onboarding, provide localized support in your region, and assist with technical implementation. Partners are bound by confidentiality agreements and can only use your information to support your use of MeetYu Services.

7.2.2 Corporate Affiliates

We may share information within the MeetYu family of companies for operational purposes including coordinating service delivery across entities, maintaining consistent security standards, facilitating customer support, and enabling consolidated reporting and compliance. All affiliates must adhere to this Privacy Policy or equivalent protections.

7.2.3 Integration Partners

When you choose to connect third-party services to MeetYu, we share only the minimum information necessary to enable the integration functionality you’ve requested. You maintain full control over these connections and can revoke access at any time through your account settings.

7.3 Legal and Safety Disclosures

We may disclose your information when legally required or necessary for safety:

7.3.1 Legal Process

We may disclose information to comply with valid legal process including subpoenas, court orders, and warrants that meet our internal law enforcement guideline standards. We will notify you of legal demands unless prohibited by law or court order, where notification would create risk of harm to identifiable individuals, or where notification would compromise an active investigation. We may challenge overbroad or inappropriate requests and seek protective orders where appropriate.

7.3.2 Emergency Situations

We may disclose information without prior notice to prevent imminent and serious bodily harm to a person, address urgent security threats to our Services or users, prevent significant property damage where lives may be at risk, or respond to emergency requests from law enforcement regarding immediate threats. Such emergency disclosures are limited to the minimum information necessary to address the specific threat.

7.3.3 Legal Rights and Compliance

We may disclose information to protect and enforce our legal rights including defending against claims and litigation, protecting our intellectual property and confidential information, enforcing our Terms of Service and agreements, preventing fraud and recovering debts, and complying with regulatory requirements and audits. We may also disclose information to comply with applicable laws and regulations including tax and financial reporting obligations, data protection and privacy requirements, export control and sanctions compliance, and industry-specific regulations where applicable.

7.4 Business Transfers

In the event of a significant business transaction or corporate restructuring, your information may be transferred as part of that transaction:

7.4.1 Mergers and Acquisitions

If MeetYu is involved in a merger, acquisition, asset sale, or similar transaction, your personal information may be transferred to the acquiring entity. We will ensure the acquiring entity agrees to protect your information consistent with this Privacy Policy, provide advance notice of the transfer where feasible (at least 30 days), explain any changes to data handling practices, offer you the option to close your account and delete your data before transfer where legally required, and ensure continued protection during the transition period.

7.4.2 Corporate Restructuring

If MeetYu undergoes corporate restructuring, including conversion from a limited liability company to a corporation or other entity type, reorganization, or change in ownership structure, your personal information will remain subject to this Privacy Policy unless you are notified of changes. We will maintain consistent data protection standards throughout any such restructuring and provide notice of any material changes to data handling practices resulting from the new corporate structure.

7.4.3 Bankruptcy or Insolvency

In the unlikely event of bankruptcy, insolvency, or similar proceedings, user information may be transferred as part of our assets. Such transfer would be subject to applicable bankruptcy laws and court oversight with appropriate protections for affected users.

7.5 Workspace and Organization Sharing

When you use MeetYu as part of an organization, limited information may be shared within that organizational context:

7.5.1 Within Your Organization

Workspace administrators designated by your organization may access account details and subscription status, usage statistics and feature adoption metrics, security logs for compliance monitoring, workspace content as authorized by organizational policies, and audit trails for administrative purposes. This enables organizations to manage their MeetYu deployment effectively, ensure policy compliance, and maintain security standards.

7.5.2 Collaboration Features

When you use collaboration features, other authorized users in your workspace may see your name and profile information, shared content and contributions, activity status and presence indicators, and comments or feedback you provide. You can control much of this sharing through privacy settings in your account.

7.5.3 Organizational Invitations

When an organization invites you to join their MeetYu workspace, accepting the invitation grants that organization’s administrators access to your account information and usage data within the organizational context. If you have an existing personal account and accept an organizational invitation, you may maintain separate personal and organizational workspaces, though certain account information may become visible to your organization’s administrators. Once you accept an organizational invitation and your account becomes part of an organizational deployment, removal from that organization may require administrator action, and certain data may be retained by the organization in accordance with their policies and applicable law. We strongly advise using distinct accounts for personal and organizational use if you wish to maintain complete separation of your data.

7.6 Public Forums and Shared Content

7.6.1 Community Forums

If you participate in public forums or communities we may provide, your posts and profile information may be publicly visible and indexed by search engines. Any information you share publicly is outside our control once posted and may be copied, shared, or archived by others. We recommend avoiding sharing personal or sensitive information in public forums.

7.6.2 Published Content

If you choose to publish or share journal entries or other content publicly (a feature that requires explicit action, if it becomes available to you), such content becomes accessible according to your sharing settings and may be viewed by other users or the public, shared on social media or other platforms, indexed by search engines, and retained by third parties beyond our control.

7.7 Aggregated and De-identified Data

We may share aggregated and de-identified data without restriction for business and research purposes:

7.7.1 Industry Insights

We may publish aggregated statistics about how our Services are used to provide valuable insights to the community through blog posts, research papers, case studies, industry reports, and conference presentations. This data is irreversibly anonymized using techniques including k-anonymity, l-diversity, t-closeness, differential privacy, and noise injection to prevent any possibility of re-identification.

7.7.2 Business Intelligence

We may share aggregated data with partners and investors to demonstrate Service adoption and growth, identify market trends and opportunities, benchmark performance against industry standards, and support strategic business decisions. Such data never identifies individual users or organizations.

8. DATA RETENTION

We retain personal information only for as long as specifically necessary to fulfill the explicit purposes outlined in this Privacy Policy and in accordance with our documented retention schedules. We implement comprehensive data minimization principles and regularly review our retention practices through systematic processes to ensure we do not keep personal data longer than necessary.

8.1 Active Account Retention

While your account remains active, we retain your information as necessary to provide Services and meet our obligations:

8.1.1 Account Information

We retain core account data including registration details, authentication credentials, and preferences for the duration of your active subscription plus up to ninety (90) days following account closure to allow for reactivation and support account recovery. After this period, account information is securely deleted or irreversibly anonymized using certified destruction methods.

8.1.2 Customer Content

Your journal entries, workspace content, and related materials are retained throughout your active subscription to provide continuous Service access. We maintain secure backups according to our disaster recovery procedures, with backups rotated and old versions deleted according to documented schedules. Content you delete is removed from active systems promptly and from backup systems within 180 days maximum.

8.1.3 Usage and Analytics Data

We retain usage data and telemetry for up to twenty-four (24) months for service improvement, security analysis, and performance optimization. After this period, data is either deleted or aggregated in a way that prevents identification. Some aggregated analytics may be retained indefinitely for historical trending and service evolution tracking.

8.1.4 Communication Records

Support tickets, email communications, and chat transcripts are retained for three (3) years after the last interaction for quality assurance, training, and potential dispute resolution. Marketing communication history and preferences are retained until you withdraw consent plus a suppression period to ensure we honor your preferences permanently.

8.1.5 Financial Records

Payment and billing information is retained for seven (7) years after the last transaction to meet tax, accounting, audit, and financial reporting obligations. This includes invoices, payment records, and related financial documentation required by law.

8.1.6 Security Logs

Comprehensive security logs and audit trails are retained for twelve (12) months minimum for security monitoring and incident investigation, with longer retention where required for active investigations, legal proceedings, or specific regulatory requirements.

8.2 Post-Termination Retention

Following account termination, we provide graduated deletion periods based on account type:

8.2.1 Paid Subscriptions

We retain your personal information with appropriate security for up to ninety (90) days following termination to allow for account reactivation, data export requests, and transition assistance. During this period, you may retrieve your data using our standard export tools. After ninety days, all personal information is permanently deleted using certified destruction methods.

8.2.2 Free Plans

For voluntarily terminated Free Plan accounts, data may be deleted immediately upon termination. For inactive Free Plan accounts (no login or API access for 180 consecutive days), we may delete all data after this inactivity period with email notification where possible. This ensures efficient resource management while giving users opportunity to preserve their data.

8.2.3 Immediate Deletion Option

Upon account termination, you may request immediate deletion of all your personal data, which we will process within 30 days except where retention is legally required. Such requests bypass the standard retention periods but cannot override legal obligations.

8.3 Legal and Legitimate Retention

We retain information where necessary for specific legal or legitimate business purposes beyond standard periods:

8.3.1 Legal Obligations

We retain data as required by applicable laws including court orders, legal holds, tax and financial regulations (typically 7-10 years), regulatory audits and investigations, and statutory retention requirements varying by jurisdiction. The specific period depends on the applicable legal requirement, with the longest applicable period governing.

8.3.2 Legitimate Business Purposes

We may retain limited information for fraud prevention and security threat intelligence as long as the risk remains relevant, defending against legal claims through applicable limitation periods, investigating violations of our Terms of Service until resolved, audit trails for compliance demonstration, and protecting against identified security threats while active.

8.3.3 Backup and Archive Systems

Deleted information may persist in encrypted backup systems for up to 180 days maximum according to our rotation schedule. Backup copies are isolated from active processing, protected with comprehensive security measures, and permanently deleted according to documented schedules.

8.4 Right to Deletion

You have the right to request deletion of your personal information at any time. When you make a deletion request:

8.4.1 Processing Timeline

We acknowledge your request and complete deletion within 30 days for active systems. Backup systems may retain encrypted copies for up to 180 days according to rotation schedules, after which permanent deletion is verified.

8.4.2 Exceptions to Deletion

We may be unable to delete certain information where necessary to comply with legal obligations including active legal holds, complete transactions you’ve initiated, detect security incidents and protect against malicious activity, debug and repair Service errors, exercise free speech or other legal rights, or comply with specific legal retention requirements. We may inform you of any limitations when responding to your request.

8.4.3 Verification Requirements

To protect against unauthorized deletion, we verify your identity through methods appropriate to the sensitivity of the data including email verification, account authentication, or additional identity confirmation for sensitive requests.

9. DATA SECURITY

We have implemented and continuously maintain reasonable and comprehensive administrative, technical, and physical security measures designed to protect your personal data from unauthorized access, use, disclosure, alteration, and destruction. This multi-layered security program undergoes regular review and enhancement to address evolving threats taking the risks involved in processing and the nature of the personal information we handle into account.

9.1 Administrative Safeguards

Our administrative security measures establish the organizational foundation for data protection:

9.1.1 Security Governance

We maintain security practices appropriate for our operations and the nature of the data we process. Our approach includes documented security procedures that we review periodically, designated personnel responsible for security matters, incident response procedures to address potential security events, and vendor management practices for our service providers. Administrative operations, including email communications and account management, are conducted using commercially reasonable security practices.

9.1.2 Access Management

Access to personal data is restricted based on business need and role requirements. We implement access controls for both our AWS infrastructure and administrative systems that are granted based on job responsibilities, reviewed periodically to ensure continued appropriateness, and promptly modified or revoked upon personnel changes. Our personnel who may access personal data through administrative functions or customer support are subject to confidentiality obligations.

9.1.3 Security Awareness

We maintain security awareness practices for all personnel including guidance on data protection principles, recognition of potential security threats, secure handling of administrative communications, password and authentication best practices, and incident reporting procedures. Personnel conducting administrative functions use security measures appropriate for their role.

9.2 Technical Safeguards

Our technical security measures leverage AWS infrastructure capabilities and maintain security for administrative operations:

9.2.1 Infrastructure Security

We host our Services and customer data exclusively on Amazon Web Services (AWS) infrastructure in the Frankfurt region data center in Germany. This infrastructure benefits from AWS’s comprehensive security certifications including ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, PCI DSS Level 1, and the C5 (Cloud Computing Compliance Controls Catalogue) certification specific to Germany. AWS implements multiple layers of security controls including network firewalls, DDoS protection, intrusion detection systems, and automated threat monitoring. Additional information about AWS security measures and certifications is available at aws.amazon.com/compliance. Our administrative systems used for business operations implement commercially reasonable security measures appropriate for their function.

9.2.2 Encryption

We utilize encryption capabilities including encryption for customer data in transit using TLS protocols through AWS, encryption options for data at rest through AWS services, encrypted backup capabilities within AWS infrastructure, AWS Key Management Service for encryption key handling, and appropriate encryption for administrative communications and business operations.

9.2.3 Access Controls

Multi-layered access controls protect your data including multi-factor authentication for administrative access, role-based permissions to limit data access across all systems, API security measures where applicable and logging of system access for security monitoring.

9.2.4 Application Security

We maintain application security through secure development lifecycle practices including threat modeling, static and dynamic code analysis, dependency scanning for vulnerable components, regular updates to address known vulnerabilities and security measures for administrative tools and systems used in our operations.

9.3 Physical Safeguards

Physical security measures vary based on the systems involved:

9.3.1 Data Center Security

Customer data stored in AWS’s Frankfurt data center benefits from comprehensive physical security including multiple perimeter security layers with controlled access points, 24/7 security monitoring and surveillance systems, sophisticated access controls requiring multi-factor authentication, environmental controls with redundant power and cooling systems, and fire suppression and disaster protection systems. AWS maintains various compliance certifications demonstrating adherence to international security standards.

9.3.2 Administrative Operations

Personnel conducting administrative functions operate using security practices appropriate for remote work, including secure internet connections, device security measures, and physical security appropriate for their work environment. We do not maintain our own data centers, and customer data is not stored on local devices used for administrative purposes.

9.3.3 Geographic Location

Your data resides in AWS’s Frankfurt, Germany data center, ensuring data remains within the European Union. This provides the benefit of EU data protection laws, German privacy regulations, and physical separation from other geographic regions. AWS’s Frankfurt region operates multiple availability zones for redundancy and reliability.

9.4 Data Breach Response

Despite comprehensive security measures, no system is completely immune to sophisticated attacks. In the event of a data breach:

9.4.1 Incident Response Plan

We maintain incident response procedures covering both infrastructure and administrative systems including assessment of the cause, nature and scope of any incident, containment measures to prevent further unauthorized access, remediation steps to address vulnerabilities, coordination with law enforcement where appropriate, engagement of external security experts as needed, and documentation for compliance and improvement purposes.

9.4.2 Notification Procedures

We will notify affected users within legally required timeframes, provide available information about the nature and scope of the incident, explain measures taken to address the situation and offer guidance on protective steps users can take. We will also notify relevant regulatory authorities as required by law and cooperate with any investigations.

9.4.3 Continuous Improvement

Following any security incident, we conduct thorough root cause analysis, implement additional preventive measures, update security procedures based on lessons learned, and enhance monitoring for similar threats.

9.5 Your Security Responsibilities

The security of your information depends partly on your practices:

9.5.1 Account Security

You are responsible for maintaining strong, unique passwords of at least 12 characters, enabling security features such as multi-factor authentication where available, keeping your login credentials confidential and not sharing them, reviewing your account for unauthorized activity, promptly reporting suspicious activity and suspected security incidents to us within 24 hours, and keeping your devices and software updated with security patches.

9.5.2 Data Classification

Consider carefully what information you store in our Services. We strongly advise against storing extremely sensitive information such as unencrypted passwords, payment card numbers, government identification numbers, Social Security numbers, or cryptocurrency private keys in your content.

9.5.3 Security Awareness

Remain vigilant against phishing attempts, verify the authenticity of emails claiming to be from MeetYu, verify email sender addresses before clicking links, use secure and trusted networks when accessing Services, log out when using shared or public devices, and report security concerns to [email protected].

10. INTERNATIONAL DATA TRANSFERS AND DATA PRIVACY FRAMEWORK

Your information, including personal information, may be transferred to and processed in countries other than your country of residence as part of our global service delivery. These countries may have data protection laws that differ from those in your jurisdiction. However, we have implemented comprehensive safeguards to ensure your personal data remains protected in accordance with this Privacy Policy and applicable law wherever it is transferred.

10.1 Our International Transfer Commitments

MeetYu LLC is committed to protecting your personal data when it is transferred internationally. We adhere to core data protection principles for all international transfers including:

– Notice: We provide clear information about our data practices through this Privacy Policy
 – Choice: We respect your rights to access, correct, delete, and control your personal data
 – Accountability for Onward Transfer: We ensure third parties who receive your data provide adequate protection through contractual obligations
 – Security: We implement comprehensive technical and organizational security measures
 – Data Integrity and Purpose Limitation: We collect only necessary data and use it only for disclosed purposes
 – Access: We provide mechanisms for you to access and correct your personal information
 – Recourse, Enforcement and Liability: We maintain accountability for compliance and provide dispute resolution mechanisms

10.2 Data Privacy Framework Certification

MeetYu LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. MeetYu LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit Data Privacy Framework.

The EU-U.S. DPF Principles include Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. These principles govern our processing of all personal data received from the European Union in reliance on the EU-U.S. DPF.

The U.S. Federal Trade Commission has jurisdiction over MeetYu’s compliance with the EU-U.S. DPF. Under the EU-U.S. DPF, MeetYu may be liable for onward transfers to third parties that process personal data in a manner inconsistent with the EU-U.S. DPF Principles, unless we prove we are not responsible for the event giving rise to the damage.

10.3 DPF Dispute Resolution

10.3.1 Initial Contact

In compliance with the DPF Principles, MeetYu commits to resolve complaints about our collection and use of your personal data. Individuals from the European Union with DPF-related concerns should first contact MeetYu at [email protected] and [email protected]. We will acknowledge receipt within 5 business days and respond substantively within 45 days.

10.3.2 Human Resources Data Complaints

In compliance with the EU-U.S. DPF, MeetYu LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

10.3.3 Alternative Dispute Resolution

In compliance with the EU-U.S. DPF, MeetYu LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS (Judicial Arbitration and Mediation Services), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS DPF Dispute Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

10.3.4 Binding Arbitration

Under certain conditions, you may invoke binding arbitration for residual claims regarding EU-U.S. DPF compliance not resolved by other means. MeetYu LLC is obligated to arbitrate claims and follow the terms as set forth in Annex I of the EU-U.S. DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to MeetYu LLC and following the procedures and subject to conditions set forth in Annex I of the EU-U.S. DPF Principles. Further information can be found at DPF Annex I Principles.

10.4 Other Transfer Mechanisms

For transfers not covered by the DPF or where additional safeguards are required, we implement:

10.4.1 Standard Contractual Clauses

We execute the European Commission’s Standard Contractual Clauses for transfers from the EEA, the UK Addendum for UK transfers, and appropriate clauses for other jurisdictions requiring them. We conduct transfer impact assessments and implement supplementary measures where necessary to ensure adequate protection.

10.4.2 Technical and Organizational Measures

All international transfers are protected through comprehensive security measures which may include encryption in transit and at rest, access controls and monitoring, contractual confidentiality obligations, and regular security assessments.

10.4.3 Onward Transfer Accountability

When we transfer personal data to service providers, we ensure they are contractually bound to process data only on our instructions, implement appropriate security measures, notify us of any breaches, and comply with applicable data protection laws. We remain liable for onward transfers under the DPF unless we prove we are not responsible for any non-compliance.

Please contact us if you need information about the specific legal mechanisms we rely on for transfers from your jurisdiction.

11. YOUR PRIVACY RIGHTS AND CHOICES

Regardless of your location, we respect your ability to know, access, correct, export, restrict processing of, and delete your information. We have extended these rights globally and will not discriminate against you for exercising them. The availability and extent of specific rights may vary based on applicable law in your jurisdiction.

11.1 Your Privacy Rights

Depending on your location and applicable law, you may have the following rights:

11.1.1 Access and Portability

You have the right to request access to personal information we hold about you and receive a copy in a structured, commonly used, machine-readable format (such as CSV or JSON). We will provide information about whether we hold any of your personal information upon request.

11.1.2 Correction and Accuracy

You have the right to correct inaccurate or incomplete personal information. You can update most information directly through your account settings, or contact us for assistance.

11.1.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions such as legal obligations or legitimate business needs. When you request deletion, we will delete information from active systems within 30 days and from backups within 180 days.

11.1.4 Objection and Restriction

You have the right to object to processing based on legitimate interests or for direct marketing, and to request restriction of processing in certain circumstances such as while accuracy disputes are resolved.

11.1.5 Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing or processing based on other legal grounds.

11.1.6 Automated Decision-Making

You have the right not to be subject to purely automated decision-making with legal or significant effects, and to request human review of any automated decisions affecting you.

11.2 Exercising Your Rights

To exercise your privacy rights:

11.2.1 Self-Service Options

You can access, update, or delete most personal information directly through your account settings. This is the fastest method for common requests.

11.2.2 Contacting Us

For requests you cannot complete yourself, email [email protected] with “Privacy Rights Request” in the subject line. Include sufficient information for us to identify you and specify which rights you wish to exercise.

11.2.3 Verification

We will verify your identity through methods appropriate to the request sensitivity, which may include email verification, account authentication, or additional identity confirmation for sensitive requests. This protects against unauthorized access to your information.

11.2.4 Authorized Agents

You may designate an authorized agent to make requests on your behalf. Agents must provide written authorization from you, and we may require identity verification of both you and your agent.

11.2.5 Response Timeline

We will acknowledge requests within 5 business days and respond substantively within 30 days for standard requests or 45 days for complex requests with notice of extension. Certain jurisdictions may require faster response times which we will honor.

11.2.6 Limitations

Certain information may be exempt from requests where we need to retain it for legal obligations, legitimate interests that override your rights, defense of legal claims, or other lawful purposes. We will explain any limitations when responding.

11.2.7 No Discrimination

We will not discriminate against you for exercising privacy rights by denying services, charging different prices, or providing different service levels.

11.3 Appeals Process

If we deny your privacy rights request:

11.3.1 Initial Appeal

You may appeal by responding to our denial email within 30 days stating you wish to appeal. Appeals are reviewed by personnel not involved in the original decision.

11.3.2 Appeal Response

We will respond to appeals within 30 days with a final decision. If your appeal is denied, we will explain why and inform you of any additional rights.

11.3.3 External Review

Depending on your location, you may have the right to lodge a complaint with your data protection authority or state attorney general if you believe our denial violates applicable law.

11.4 Marketing and Communication Preferences

You control how we communicate with you:

11.4.1 Marketing Opt-Out

Unsubscribe from marketing emails using the link in each email, update preferences in account settings, or email [email protected]. We will process opt-outs immediately.

11.4.2 Essential Communications

You cannot opt out of essential transactional emails about billing, security, legal notices, and service changes necessary for your account.

11.4.3 Communication Methods

You can specify preferred communication channels (email, in-app, SMS where available) through account settings.

11.4.4 Cookie Preferences

Manage cookie preferences through our Cookie Policy preference center or browser settings. Note that disabling certain cookies may impact Service functionality.

11.5 Jurisdiction-Specific Rights

11.5.1 California Residents

Under the California Consumer Privacy Act (CCPA), you have additional rights including:

• Right to know categories of information collected, sources, purposes, and disclosures
• Right to delete personal information with specific exceptions
• Right to opt out of “sale” or “sharing” (we do not sell personal information)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising rights
• Right to correct inaccurate information

We respond to California requests within 45 days and maintain records for 24 months as required.

11.5.2 EEA, UK, and Swiss Residents

Under GDPR and similar laws, you have comprehensive rights including:

• Right to transparent information about our processing
• Right to lodge complaints with supervisory authorities
• Right to know our legal basis for processing
• Enhanced rights regarding automated decision-making
• Right to data portability between services
• Right to restriction of processing

You may contact your local data protection authority if you believe we’ve violated your rights.

11.5.3 Other Jurisdictions

Residents of Colorado, Connecticut, Utah, Virginia, and other states with privacy laws have similar rights. We aim to honor all applicable rights based on your location.

11.6 Special Circumstances

11.6.1 Organizational Accounts

If you use MeetYu through an organization, your organization’s administrator controls certain aspects of your data. Direct privacy requests related to organizational data to your administrator first, though we’ll respond directly where legally required.

11.6.2 Legal Limitations

Some requests may be limited by legal requirements such as fraud prevention, security, compliance with legal obligations, or protection of others’ rights. We’ll explain any limitations clearly.

11.6.3 Data Subject Requests for Customer Data

If you’re seeking to exercise rights regarding data controlled by a MeetYu customer (where we’re the processor), contact that customer directly as they control such decisions.

12. COOKIES AND SIMILAR TECHNOLOGIES

We may use cookies and similar tracking technologies to collect information automatically when you use our Services. These technologies help us provide essential functionality, personalize your experience, understand usage patterns, maintain security, and deliver relevant content. We are committed to transparency about our use of these technologies and providing you with meaningful choices.

12.1 Types of Cookies We Use

12.1.1 Essential Cookies

These cookies are strictly necessary for Service operation and cannot be disabled. They enable core functionality including account access and authentication, security features and fraud prevention, maintaining your session and preferences, load balancing and performance, and remembering privacy choices. Without these cookies, the Services cannot function properly.

12.1.2 Functional Cookies

These enhance your experience by remembering your preferences and settings, personalizing content and features, enabling optional Service features, maintaining your viewing history within the Services, and providing accessibility features. You can disable these but may lose some functionality.

12.1.3 Analytics Cookies

Analytics cookies help us to understand how our Services are used including tracking aggregated usage patterns and trends, measuring feature adoption and engagement, identifying technical issues and errors, optimizing Service performance, and conducting A/B testing for improvements.

12.1.4 Marketing Cookies

With your consent where required, we may use marketing cookies for delivering relevant advertisements about our Services, measuring marketing campaign effectiveness, preventing repetitive ad display, understanding conversion paths, and enabling retargeting on other platforms. You can opt out of marketing cookies through our preference center.

12.2 Cookie Controls and Choices

You have several methods to control cookies:

12.2.1 Cookie Preference Center

Access our Cookie Policy to manage your preferences, opt out of non-essential categories, view detailed information about each cookie, and update your choices at any time.

12.2.2 Browser Settings

Most browsers allow you to delete existing cookies, block cookies entirely or by site, receive warnings before cookies are placed, and set exceptions for trusted sites. Note that blocking all cookies will impact Service functionality.

12.2.3 Global Privacy Control

We honor the Global Privacy Control (GPC) signal where technically feasible, automatically applying your privacy preferences when detected.

12.2.4 Mobile App Controls

Mobile apps have separate controls for analytics and advertising identifiers accessible through your device privacy settings.

12.2.5 Third-Party Opt-Outs

For third-party advertising cookies, visit Digital Advertising Alliance opt-out or Your Online Choices (EU) for additional opt-out options.

12.3 Local Storage and Similar Technologies

Beyond cookies, we may use other storage technologies:

12.3.1 Local Storage

We use browser local storage for maintaining user preferences offline, storing temporary data for performance, caching frequently accessed information, and enabling offline functionality where available. Local storage can be cleared through browser settings.

12.3.2 Session Storage

Temporary storage that expires when you close your browser, used for maintaining state during your session and storing temporary form data.

12.3.3 IndexedDB

For more complex offline functionality, we may use IndexedDB to store structured data locally with your permission.

12.4 Do Not Track Signals

Currently, no universal standard exists for Do Not Track (DNT) signals. While we don’t alter practices based on DNT signals, we provide robust cookie controls through our preference center and honor Global Privacy Control where applicable. We continue monitoring DNT standardization efforts and will implement support when standards emerge.

12.5 Updates to Cookie Practices

We may update our cookie practices as technology evolves. Significant changes will be communicated through our Cookie Policy updates, with notice provided for material changes affecting your privacy. Your continued use after notice constitutes acceptance of updated practices.

For complete details about specific cookies, retention periods, and providers, please visit our comprehensive Cookie Policy.

13. AUTOMATED DECISION-MAKING AND AI PROCESSING

Our Services incorporate advanced artificial intelligence to provide personalized experiences and intelligent features. We are committed to responsible AI use with appropriate human oversight and user control.

13.1 How We Use AI

Our AI systems serve several important functions:

13.1.1 Personalization and Insights

AI analyzes your journal entries and workplace content to provide personalized coaching responses tailored to your goals, intelligent suggestions for reflection and growth, pattern recognition to surface meaningful trends, mood and sentiment analysis for self-awareness, smart categorization and organization, and predictive text and auto-completion features.

13.1.2 Content Generation

Our AI can help generate writing prompts and journaling suggestions, summaries of your entries and activities, goal-setting recommendations based on patterns, productivity insights from workplace data, and creative inspiration when requested. All AI-generated content is clearly labeled as such.

13.1.3 Service Enhancement

AI helps us improve Services by identifying and fixing bugs before they impact users, optimizing performance and user experience, detecting and preventing abuse or security threats, understanding feature usage patterns, and developing new capabilities based on aggregated needs.

13.2 AI Safeguards and Controls

We implement comprehensive safeguards for responsible AI use:

13.2.1 Human Oversight

No significant automated decisions affecting you are made without human review. Our AI systems provide recommendations and insights, but important decisions require human judgment. You can request human review of any AI-generated assessment affecting you.

13.2.2 Transparency

We clearly identify when you’re interacting with AI, label all AI-generated content, explain AI capabilities and limitations, provide information about how AI features work, and disclose when AI processes your data.

13.2.3 Accuracy and Bias Prevention

We regularly audit AI systems for bias and fairness, test outputs for quality and appropriateness, implement filters to prevent harmful content, maintain diverse training data where possible, and continuously improve models based on feedback.

13.2.4 User Control

You maintain complete control over AI processing through the ability to disable specific AI features where applicable while keeping core functionality, review and modify AI-generated content before use, correct inaccurate AI interpretations, delete AI-generated insights you don’t want, opt out of AI model training as described in Section 6, request information about AI logic affecting you or by simply not using features or whole Services using AI.

13.3 AI Limitations and Responsibilities

13.3.1 Important Limitations

AI systems are probabilistic and may produce outputs that are inaccurate, incomplete, or inconsistent; biased despite our mitigation efforts; inappropriate for your specific context; or different each time for the same input. AI-generated content should not be relied upon as professional advice of any kind including medical, psychological, legal, or financial guidance.

13.3.2 Your Responsibilities

You remain responsible for reviewing all AI-generated content before use or reliance, making your own decisions regardless of AI suggestions, independently verifying important information, using AI features appropriately and lawfully, and not using AI features to generate harmful or illegal content.

13.3.3 No Professional Advice

Our AI features are designed to support personal reflection and productivity, not provide professional services. Always consult qualified professionals for medical, mental health, legal, financial, or other professional needs.

13.4 Opting Out of AI Features

You may have several options for controlling AI processing:

13.4.1 Feature-Level Control

Disable specific AI features through account settings while maintaining full access to core Services where applicable.

13.4.2 Model Training Opt-Out

Prevent your data from being used to train AI models by emailing [email protected] with “AI Training Opt-Out Request” as described in Section 6.

13.4.3 Complete AI Opt-Out

Disable all AI features if you prefer a completely non-AI experience, though this may limit certain Service capabilities. This feature may not be available for certain Services.

Changes to AI settings take effect immediately for new processing, though previously generated content remains unless you delete it.

14. INFORMATION ABOUT CHILDREN

Our Services are not intended for, directed to, or marketed to individuals under eighteen (18) years of age. We do not knowingly or intentionally collect personal data from children under 18.

14.1 Age Restrictions

14.1.1 Strict Age Requirement

You must be at least 18 years old to create an account or use our Services. We implement age-gating mechanisms to prevent minors from registering.

14.1.2 Age Verification

During registration, we require users to confirm they meet age requirements. We may implement additional age verification for certain features or jurisdictions.

14.1.3 Parental Responsibility

Parents and guardians are responsible for monitoring their children’s online activities and preventing unauthorized access to our Services.

14.2 If We Discover Child Data

If we learn we have collected personal information from someone under 18:

14.2.1 Immediate Action

We will immediately take steps to delete all such information from our systems within 24 hours of discovery, disable the associated account, and notify parents or guardians if we have contact information.

14.2.2 Reporting Concerns

If you believe we have information from someone under 18, immediately email [email protected] with “Child Privacy Concern” in the subject line. Provide sufficient information to identify the account, and we’ll investigate and take appropriate action within 24 hours.

14.3 Customer Responsibilities

While our Services shouldn’t be used by minors, our customers who are organizations may incidentally include information about children in their Customer Content. In such cases:

14.3.1 Customer as Controller

The customer organization is responsible for obtaining appropriate consents, providing required notices, and complying with laws like COPPA or GDPR provisions on children’s data.

14.3.2 MeetYu as Processor

We process such data solely on the customer’s behalf and according to their instructions, without independent access or use.

14.3.3 Tools for Compliance

We provide features enabling customers to manage data appropriately, but compliance responsibility remains with the customer.

15. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, services, and applications not owned or controlled by us. We are not responsible for the privacy practices of these third parties.

15.1 External Links and Services

15.1.1 No Endorsement

Links to third-party sites are provided for convenience only and don’t constitute endorsement, approval, or recommendation of their content or practices.

15.1.2 Independent Privacy Policies

Third parties have their own privacy policies that may differ significantly from ours. We encourage you to review their policies before providing any information.

15.1.3 No Liability

We’re not responsible for third-party privacy practices, data collection, content accuracy, security measures, or any damages arising from your interactions with third parties.

15.2 Third-Party Integrations

When you connect third-party services to MeetYu:

15.2.1 Your Control

You explicitly authorize the connection and control what data is shared. You can review connected services in account settings and disconnect them at any time.

15.2.2 Limited Access

We access only the minimum information necessary to provide the integration functionality you’ve requested, with clear disclosure before authorization.

15.2.3 Third-Party Terms

Your use of integrated services is governed by their terms and privacy policies, not ours. We’re not responsible for how third parties handle your data.

15.2.4 Data Minimization

After disconnecting an integration, we immediately stop accessing new data from that service and delete cached data according to our retention policies.

15.3 Social Media Features

Our Services may include social media features such as share buttons or embedded content:

15.3.1 Third-Party Operation

These features are operated by the social media platforms and governed by their privacy policies.

15.3.2 Data Collection

Social features may collect your IP address, set cookies, and track your interactions even if you don’t use the feature.

15.3.3 Your Choices

You can often control social media tracking through your browser settings and the platforms’ privacy controls.

16. CHANGES TO OUR PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, and other factors. We handle updates responsibly with appropriate notice.

16.1 Types of Changes

16.1.1 Minor Changes

Non-material updates such as clarifications, formatting improvements, or contact information updates may be made without advance notice but will be reflected in the “Last Modified” date.

16.1.2 Material Changes

Significant changes affecting your privacy rights or data handling require at least 30 days advance notice. Material changes include substantial modifications to data collection or use practices, changes in data sharing with third parties, material reductions in privacy rights or security measures, significant changes to retention periods, modifications to international transfer mechanisms, or changes to processing purposes incompatible with original purposes.

16.2 Notice Procedures

We will notify you of material changes by updating the “Last Modified” date at the top of this Policy, sending email notification to registered users at their registered email address, displaying prominent notice on our Site or in our Services, and maintaining a change log for significant updates available upon request.

16.3 Your Choices Regarding Changes

16.3.1 Acceptance

Your continued use of our Services after the effective date of changes constitutes acceptance of the revised Privacy Policy.

16.3.2 Rejection

If you disagree with material changes, you must stop using the Services before the effective date and may request account closure and data deletion as described in Section 11.

16.3.3 Review Responsibility

You are responsible for periodically reviewing this Privacy Policy and maintaining a current email address for notifications.

16.4 Change History

We maintain records of material changes to this Privacy Policy for at least 24 months. You may request a summary of material changes by emailing [email protected].

17. ADDITIONAL RIGHTS AND DISCLOSURES

17.1 Your California Privacy Rights

17.1.1 “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

17.1.2 CCPA Rights

California residents have comprehensive rights under the California Consumer Privacy Act as detailed in Section 11. We maintain detailed records of California privacy requests for 24 months as legally required.

17.2 Nevada Privacy Rights

Nevada residents may opt out of the sale of covered information under Nevada law. We do not sell personal information as defined by Nevada S.B. 220. To submit a preventive opt-out request, email [email protected] with “Nevada Opt-Out” in the subject line.

17.3 International Users

17.3.1 Legal Basis for Processing (EEA/UK/Swiss Users)

We process personal data only with valid legal basis including contract performance, legal obligations, legitimate interests, vital interests, or consent as detailed in Section 6.

17.3.2 Data Protection Contacts

EEA residents may contact their national data protection authority. UK residents may contact the Information Commissioner’s Office. Swiss residents may contact the Federal Data Protection and Information Commissioner.

17.4 Accessibility

We are committed to making this Privacy Policy accessible to people with disabilities. For alternative formats or accessibility assistance, email [email protected] with “Accessibility Request” in the subject line specifying your needs.

17.5 Verification of Practices

We regularly assess our privacy practices for compliance through internal audits, privacy impact assessments for new processing activities, vendor security assessments, and updates based on legal developments.

18. DATA PROTECTION CONTACTS

18.1 How to Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or wish to exercise your rights, please contact us:

MeetYu LLC
  Attn: Privacy Team
  1309 Coffeen Ave, Suite 1200
  Sheridan, Wyoming 82801
  United States of America

Phone: +1 778 508 8655
 General Inquiries: [email protected]
 Legal Inquiries: [email protected]
 Privacy Inquiries: [email protected]
 Security Issues: [email protected]

For specific requests, use these email subject lines for proper routing:

• “Privacy Rights Request” – for exercising data subject rights
• “AI Training Opt-Out Request” – for opting out of model training
• “Child Privacy Concern” – for issues related to minors’ data
• “Data Breach Inquiry” – for security incident questions
• “DPF Complaint” – for Data Privacy Framework issues
• “Accessibility Request” – for alternative format needs
• “California Privacy Rights Request” – for CCPA requests
• “Nevada Opt-Out” – for Nevada privacy rights

18.2 Response Commitments

We will acknowledge privacy inquiries within 5 business days and respond substantively to all privacy requests within legally required timeframes (typically 30 days). For complex requests, we may extend the response time to 45 days with notice explaining the delay.

18.3 GDPR Representative

For individuals in the European Economic Area, our appointed GDPR Article 27 representative for data protection matters is:

MeetYu UG (haftungsbeschränkt)
  Schwalbacher Straße 94
  60326 Frankfurt
  Germany
  Email: eu-[email protected]

This entity serves solely as our statutory GDPR representative and is not our office, branch, or affiliate. This appointment is strictly limited to GDPR Article 27 representation and does not constitute any other business relationship.

18.4 Complaints and Escalation

If you’re unsatisfied with our response to your privacy concern:

18.4.1 Internal Escalation

Request escalation to senior privacy personnel by responding to our initial response.

18.4.2 Regulatory Complaints

You may lodge a complaint with your local data protection authority or state attorney general.

18.4.3 Data Privacy Framework

For DPF-related complaints, our independent dispute resolution provider (details forthcoming upon certification) provides free dispute resolution.

We work cooperatively with regulatory authorities to resolve complaints we cannot resolve directly with you.

19. ADDITIONAL IMPORTANT INFORMATION

19.1 No Sensitive Personal Information Processing

We do not intentionally collect or process sensitive personal information (as defined under applicable laws) including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for identification, health data, or data concerning sex life or sexual orientation, except where you voluntarily include such information in your Customer Content, in which case you retain full control and we process it solely to provide Services to you.

19.2 Automated Communications

By providing your contact information, you consent to receive automated communications about your account including service messages, security alerts, and where permitted, marketing messages. You can opt out of automated marketing messages but not essential service communications.

19.3 Privacy Policy Scope

This Privacy Policy applies only to MeetYu’s Services and not to any third-party services, other MeetYu services, or offline information collection. Separate terms may apply to specific features or programs.

19.4 Relationship to Terms of Service

This Privacy Policy is incorporated into and subject to our Terms of Service. In case of conflict between this Policy and the Terms regarding privacy matters, this Policy controls.

19.5 No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Services.

19.6 Our Commitment to Privacy

Privacy is fundamental to our mission of providing secure, trustworthy journaling and productivity services. We continuously work to earn and maintain your trust through transparent practices, robust security, meaningful user control, and responsible data handling.

Thank you for trusting MeetYu with your personal information. We are committed to protecting your privacy and providing you with powerful, secure tools for personal growth and productivity.