Introduction

"MeantToSay" ("MeantToSay.com," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our memoir creation service.

Contact Information:
Email: hello@MeantToSay.com
Website: MeantToSay.com

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Email address (required for account creation and login)
• Name (forename and surname)
• Account preferences and settings

Memoir Content:

• Text conversations with our AI assistant
• Voice recordings (if you choose to use voice input as part of your conversation with our AI assistant)
• Photos and images you uploads
• Written stories and memories
• Topics and subjects you choose to document

Personal data:

• The nature of memoir capture implies that personal data can be volunteered to add context:
• Forename of you and your subject of choice
• Age of you and your subject of choice
• Relationship type between you and your subject of choice
• Gender identification of you and your subject of choice
• All information is purely voluntary. None of it is enforced.
• We do not verify personal data passed to us.

Payment Information:

• Shipping address (for printed book orders)
• Payment details are processed securely through Stripe and are not stored on our servers

1.2 Information Collected Automatically

Usage Data (via Umami Analytics):

• Pages visited and features used (anonymous, no personal data)
• Browser type and device type (general categories only)
• Referral source (which website you came from)
• Country/region (approximate location, not precise)
• Note: Umami does NOT collect IP addresses, cookies, or any personally identifiable information

Cookies and Similar Technologies:

• Essential cookies for authentication and session management
• We do NOT use tracking cookies (Umami is cookie-free)
• We do NOT use advertising or remarketing cookies

2. How We Use Your Information

We use your personal information ONLY for the following purposes:

2.1 Service Provision

• Creating and managing your account
• Enabling conversations with our AI assistant
• Generating memoir content from your input
• Creating PDF versions of your memoirs
• Processing and fulfilling print book orders
• Sending order confirmations and shipping notifications

2.2 AI Processing

• Processing your conversations through AI to generate memoir text
• Transcribing voice recordings (if applicable)
• Generating illustrations for your memoirs
• ALL AI processing is done with privacy safeguards (see Section 4)

2.3 What We DON'T Do

3. Data Storage and Security

3.1 Where Your Data is Stored

• Your account information and memoir content are stored in secure databases
• Images, voice recordings, and PDFs are stored on encrypted object storage
• Servers may be located in the United States or European Union
• We are committed to complying with GDPR requirements

3.2 Security Measures

Encryption:

• All data transmission uses HTTPS/TLS encryption
• Database connections are encrypted
• Stored files are encrypted where supported by our infrastructure providers.

Access Controls:

• Strong password requirements
• Magic link authentication (passwordless option) using secure, time constrained hyperlinks
• Role-based access controls in our database
• Staff access to user data is strictly limited and logged

3.3 Data Retention

• Active Accounts: Your data is retained as long as your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Backups: Backup copies are automatically purged after 30 days

4. Third-Party Services and AI Processing

4.1 AI Processing

What Happens:

• Your conversation text and memoir content is submitted to AI for processing
• Voice recordings are transcribed using AI services
• Images may be processed for memoir illustration generation

Privacy Safeguards:

• We use external AI APIs with enterprise privacy settings
• Your data is NOT used to train general AI models
• AI processing occurs only when you actively use memoir capture and generation features

4.2 Payment Processing (Stripe)

• Payment and shipping information is processed through Stripe (PCI-DSS compliant)
• We never see or store your full credit card details
• Privacy Policy: stripe.com/privacy

4.3 File Storage

• Images, voice notes, and PDFs are stored on Cloudflare's R2 service (private bucket)
• Files are encrypted and access-controlled
• Privacy Policy: cloudflare.com/privacypolicy

5. Your Data Rights (GDPR & Privacy Laws)

You have the following rights regarding your personal data:

5.1 Right to Access

Request a copy of all personal data we hold about you (free of charge)

5.2 Right to Erasure ("Right to be Forgotten")

Request deletion of your account and all associated data

5.3 Right to Data Portability

Receive your memoir content in a machine-readable format (PDF, JSON export)

5.4 Right to Restrict Processing

Limit how we use your data (e.g., pause AI processing while keeping your account)

5.5 How to Exercise Your Rights

Email us at: hello@MeantToSay.com
Response Time: We will respond within 30 days (GDPR requirement)

6. Sharing Your Memoirs

6.1 Public Sharing Features

Share Links:

• You can generate secure share links for your memoirs (HTML or PDF)
• Shared memoirs are accessible to anyone with the link
• Share links expire after 30 days (you can revoke them manually at any time)
• Shared content is marked with "noindex" meta tags to prevent search engine indexing

6.2 Screenshot Protection

For shared memoirs, we implement technical measures to discourage screenshotting and printing.

Important: These are deterrents, not foolproof security. Do not share highly sensitive content via share links.

7. Children's Privacy (COPPA Compliance)

• MeantToSay is intended for users aged 18 and older
• We do not knowingly collect data from children under 13
• If we discover a child's account, we will immediately delete it

8. International Users and Data Transfers

8.1 GDPR Compliance (EU/EEA/UK)

We are committed to complying with GDPR requirements:

• Legal basis for processing: Contract performance, legitimate interest, consent
• Data Protection Officer: hello@MeantToSay.com

8.2 Data Transfers

If you are located outside the United States:

• Your data may be transferred to and processed in the United States
• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• Our Third-party services are GDPR compliant

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information, so there is nothing to opt out of

To exercise CCPA rights: Email hello@MeantToSay.com with subject line "CCPA Request"

10. Cookies and Tracking

10.1 Essential Cookies (Required)

We use minimal cookies necessary for the service to function:

• Session authentication cookies
• User preference cookies

10.2 Privacy-Friendly Analytics (Umami)

We use Umami Analytics to understand how our service is used and improve user experience:

• ✅ No cookies - Umami does not use cookies or local storage
• ✅ No personal data - No IP addresses, user IDs, or personal information collected
• ✅ Anonymous tracking - Visitors cannot be identified or tracked across sites
• ✅ GDPR compliant - No cookie consent required
• ✅ Privacy-first - Open source and transparent

What Umami collects: Page views, referral sources, browser type, device type (all anonymous and aggregated)

Learn more: Umami Privacy Policy

10.3 What We DON'T Use

• ❌ Tracking cookies (Google Analytics, Facebook Pixel, etc.)
• ❌ Advertising cookies or remarketing
• ❌ Social media tracking pixels
• ❌ Cross-site tracking or fingerprinting
• ❌ Third-party behavioral tracking

11. Data Breach Notification

In the unlikely event of a data breach:

• Affected users will be notified within 72 hours (GDPR requirement)
• We will investigate immediately and remedy the breach
• Notification will include: nature of breach, data affected, steps taken, mitigation advice

12. Changes to This Privacy Policy

• We may update this policy to reflect new features or legal requirements
• Material changes will be communicated via email at least 30 days before taking effect
• Continued use after updates constitutes acceptance

13. Contact Us

For any questions about this Privacy Policy or our data practices:

Email: hello@MeantToSay.com
Subject Line: "Privacy Inquiry"

14. Transparency Commitments

Acknowledgment

By using MeantToSay, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Updated: 7th February 2026