Privacy Policy

Overview

Mellem is a meditation app for macOS that helps you find calm moments in your workday. We designed it with privacy at the core. Your meditation history stays on your device, we never record your audio, and we only collect what we need to run the service.

What we collect

Account information. When you sign in with Google or a magic link, we store your email address and a unique account identifier. This is held in our database (hosted by Supabase) and used to manage your account and subscription.

Subscription and billing. If you subscribe, payment is handled entirely by Stripe. We never see or store your card details. We do store your Stripe customer ID, subscription status, plan type, and billing period dates so the app knows whether your subscription is active.

Analytics and usage data

What we collect. We collect anonymous usage events in the desktop app (app opens, feature usage, meditation session metadata like duration and mood category) and device info (OS, app version, architecture). On the website, we collect page views, clicks, scroll depth, and session recordings of browsing behaviour.

What we do NOT collect. We never collect calendar event titles or content, meeting participants, audio or voice data, microphone recordings, or any content from your meetings or meditations.

Why we collect it. To understand how people use Mellem so we can improve the product, identify bugs, and measure which features are valuable.

Who processes it. Analytics data is processed by PostHog. Data is hosted in the EU. PostHog privacy policy.

Identity linking. When you create an account, anonymous usage data is linked to your account to provide a continuous view of your experience. On sign-out, a new anonymous identifier is generated.

Cookieless website analytics. The mellem.work website does not use cookies or local storage for analytics. PostHog is configured in cookieless mode, meaning no data persists on your device between visits and no cross-session tracking occurs. All website analytics data is anonymous and aggregate.

Retention. Analytics event data is retained in PostHog for 12 months, after which it is automatically deleted.

Opt-out. In the desktop app, you can disable analytics at any time via the "Share usage data" toggle in Settings.

Error and crash reporting

The desktop app uses Sentry to collect crash reports and error data. When something goes wrong, Sentry receives a report that includes the error details (stack trace), your app version, operating system, and your account identifier (if signed in). This helps us identify and fix bugs quickly.

Error reports are sent automatically and cannot currently be disabled separately from app usage. No calendar data, meditation content, or meeting information is included in error reports.

Sentry data is processed and stored in the EU (Germany). Sentry privacy policy.

What stays on your device

The following data is stored locally on your Mac and never sent to our servers:

• Meditation sessions. Timestamps, durations, and mood selections from your meditations. This powers your weekly statistics.
• Preferences. Voice choice, meditation duration, ambient sound, notification settings, and other configuration.
• Calendar tokens. If you connect Google Calendar, the OAuth tokens are stored locally using Electron's safeStorage API. If you connect Apple Calendar, Mellem uses the native macOS EventKit permission. In both cases, calendar event data is processed in memory for notification timing and is never stored or transmitted.

Google Calendar access

If you choose to connect your Google Calendar, Mellem requests read-only access to your calendar events. It uses this to:

• Detect gaps between meetings where a meditation might fit
• Know when a meeting ends so it can suggest a pause at the right moment
• Show you context about your upcoming schedule

Calendar data is fetched periodically, processed locally in memory, and never stored permanently or sent to any third party. You can disconnect your calendar at any time from the account screen, which immediately deletes all stored tokens.

Apple Calendar access

If you choose to connect your Apple Calendar, Mellem requests access through the native macOS EventKit framework. It uses the same information as described above for Google Calendar: event start and end times, to detect gaps and time meditation suggestions around your meetings.

Apple Calendar data is processed locally in memory and never stored permanently or sent to any third party. You can revoke access at any time from macOS System Settings or from the account screen in Mellem.

Microphone detection

Mellem can detect whether your microphone is currently in use. This is the same indicator macOS shows as the orange privacy dot in your menu bar. It uses this to know when you're on a call, so it doesn't interrupt you mid-meeting.

No audio is ever recorded, captured, or transmitted. The app only checks a binary active/inactive status from the macOS audio system. It requires a one-time microphone permission prompt from macOS, but this permission is used solely to query the microphone's in-use state.

Third-party services

• Supabase hosts our authentication and database. Their infrastructure is hosted on AWS in the EU. Supabase privacy policy.
• Stripe handles all payment processing. They are PCI DSS Level 1 certified. Stripe privacy policy.
• Google provides OAuth sign-in and calendar access. Google privacy policy.
• Apple provides calendar access through the native macOS EventKit framework. Apple privacy policy.
• PostHog provides product analytics and session replay. Data is hosted in the EU. PostHog privacy policy.
• Sentry provides error and crash reporting for the desktop app. Data is hosted in the EU (Germany). Sentry privacy policy.

We do not use any advertising or ad-tracking services.

Data security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

• Encryption in transit. All communication between the Mellem app and our servers is encrypted using TLS (HTTPS). This includes authentication requests, subscription checks, and any interaction with third-party services like Google and Stripe.
• Encryption at rest. Account data stored in our database (hosted by Supabase on AWS) is encrypted at rest using AES-256 encryption.
• Secure token storage. Google OAuth tokens and session credentials are encrypted locally on your device using Electron's safeStorage API, which delegates to the macOS Keychain. Apple Calendar access is managed through macOS native permissions. Neither are transmitted to or stored on our servers.
• Minimal data retention. We limit the data we collect and store to the minimum necessary to operate the service. Calendar data from both Google Calendar and Apple Calendar is processed in memory only and is never persisted to disk or transmitted to any third party.
• Access controls. Access to our infrastructure and databases is restricted to authorised personnel only.

Data retention

Your account data (email, subscription status) is retained for as long as you have an account. If you sign out, your local session is cleared immediately. Local data (meditation history, preferences) remains on your device until you delete the app or its data.

Your rights

You can:

• Disconnect your Google Calendar at any time, which deletes all stored tokens
• Revoke Apple Calendar access at any time from macOS System Settings or from within the app
• Sign out, which clears your local session data
• Request deletion of your account and all associated data by contacting us at hello@mellem.work
• Export your data by contacting us at the same address

If you're in the EU or UK, you have additional rights under GDPR including the right to access, rectify, and erase your personal data. Contact us to exercise these rights.

Children

Mellem is not directed at children under 16. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we'll let you know through the app or by email. The date at the top of this page always reflects the latest version.

Contact

Questions about this policy? Reach us at hello@mellem.work.