Privacy Policy
1. Who we are
Cerberissium Pty Ltd ("we", "us", "our") operates My Meadow, a habit-tracking and personal productivity application available at my-meadow.net. We are the responsible party ("controller") for your personal data as described in this policy.
Contact us at any time: support@cerberissium.com
2. What data we collect
| Data | Why we collect it | How long we keep it |
|---|---|---|
| Email address | Account creation, login, and support communications | Until you delete your account |
| Nickname | To personalise your experience in the app | Until you delete your account |
| Habits, tasks, reminders, and lists | Core functionality โ to provide the Service to you | Until you delete them or your account |
| Habit completion history | Streak tracking, garden growth, and weekly summaries | Until you erase history or delete your account |
| Guide preference | To personalise your AI guide | Until you change it or delete your account |
| Subscription and billing status | To manage your plan and access level | Until you delete your account (billing records retained as required by law) |
| AI usage data | To enforce fair usage limits and prevent abuse | Rolling 12 months |
| Support ticket content | To respond to your enquiries | 2 years from submission |
| Basic usage logs | Security monitoring and error diagnosis | 90 days |
We do not collect location data, device identifiers, advertising IDs, or biometric data.
3. How we use your data
We use your data solely to:
- Provide, operate, and improve the My Meadow Service
- Authenticate you and secure your account
- Process your subscription and manage billing through our payment provider
- Respond to support requests you submit
- Send transactional emails (account confirmation, password reset, billing receipts)
- Enforce our Terms of Service and protect against fraud or abuse
We do not use your data for advertising, profiling, or sale to third parties.
4. AI features and your data
When you use the AI guide feature, the name of the habit you completed is sent to an AI model (Claude, operated by Anthropic) to generate a personalised message of encouragement. We do not send your full habit history, personal details, or any sensitive information to the AI model.
AI responses are generated in real time and are not stored beyond what is visible to you in the app. Anthropic's use of API data is governed by their own privacy policy available at anthropic.com/privacy.
5. Third parties we share data with
We share your data only with trusted third-party service providers, and only to the extent necessary to operate the Service. These providers fall into the following categories:
- Database and authentication provider โ stores your account data, habits, tasks, and app content securely
- Edge computing and API provider โ processes requests between the app and our AI and payment systems
- Payment processing provider (merchant of record) โ handles all billing, subscription management, and tax compliance on our behalf. This provider receives your payment details and billing information directly
- AI model provider โ generates personalised guide responses when you use the AI feature. Only minimal data is shared (see Section 4)
- Transactional email provider โ delivers account confirmation, password reset, and support emails
A full list of our current data processors is available upon request by emailing support@cerberissium.com. We do not sell, rent, or trade your personal information with any party for marketing or advertising purposes.
6. Cookies and tracking
My Meadow does not use tracking cookies, advertising cookies, or third-party analytics. We use only essential session cookies required for authentication (managed by Supabase). These are strictly necessary to keep you logged in and cannot be disabled without preventing the Service from functioning.
We do not use Google Analytics, Facebook Pixel, or any similar tracking tools.
7. Data security
We take reasonable technical and organisational measures to protect your data, including:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
- Passwords are never stored โ we use secure, passwordless email authentication via Supabase
- Database access is restricted using Row Level Security โ users can only access their own data
- API keys and secrets are stored as encrypted environment variables, never in code
- AI requests are authenticated and rate-limited per user
No system is completely secure. If you believe your account has been compromised, please contact us immediately at support@cerberissium.com.
8. Your rights
Depending on your location you may have the following rights regarding your personal data. We honour these rights for all users regardless of location:
- Access: Request a copy of the data we hold about you
- Correction: Ask us to correct inaccurate data
- Deletion: Request that we delete your account and associated data
- Portability: Request your data in a portable format
- Objection: Object to processing in certain circumstances
- Withdraw consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at support@cerberissium.com. We will respond within 30 days.
9. South African residents โ POPIA
We comply with the Protection of Personal Information Act 4 of 2013 (POPIA). As an operator processing personal information on behalf of South African residents, we are committed to the eight conditions for lawful processing set out in POPIA: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.
If you believe we have processed your personal information unlawfully or in violation of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.
10. International users โ GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. Our legal basis for processing your data is:
- Contract performance โ to provide the Service you signed up for
- Legitimate interests โ for security monitoring and Service improvement
- Legal obligation โ where required by applicable law
You may lodge a complaint with your local data protection authority if you are unsatisfied with how we handle your data.
11. Children's privacy
My Meadow is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Data retention and deletion
You may delete your account at any time from within the app. Upon deletion, your personal data and content will be removed from our active systems within 30 days. Some data may be retained in backups for up to 90 days before being permanently purged. Billing records may be retained longer where required by tax or financial law.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the date at the top of this page. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
14. Contact us
For any privacy-related questions or to exercise your rights, please contact us:
Cerberissium Pty Ltd
Email: support@cerberissium.com
Website: my-meadow.net