Trust & Security
How MeSquared protects your personal data
π 256-bit SSLπ‘οΈ OAuth 2.0π Read-Only Accessπ« We Never Sell Dataπ No Passwords Stored
Our Data Promise
MeSquared exists to simplify your life β not to monetize your data. We access only what's needed to power your dashboard, we never share it with third parties, and you can delete everything at any time.
What We Access & Why
| Integration | What We Access | Permission | What We Can't Do |
|---|
| Google Calendar | Event titles, times, locations | Read Only | Create, edit, or delete events |
| iCloud Calendar | Event titles, times, locations | Read Only | Modify any calendar data |
| Spotify | Playlists, podcasts, now playing | Read Only | Delete playlists or modify your library |
| Google Maps | Location search, nearby places | API Only | Track your location or movements |
How We Protect Your Data
π
Encryption
- βAll data transmitted over HTTPS with TLS 1.3
- βOAuth tokens encrypted before database storage
- βPasswords hashed with bcrypt β we cannot read them
- βAPI keys stored server-side only, never in browser
π
Authentication
- βOAuth 2.0 for all integrations β your credentials go directly to Google/Spotify, not through us
- βTokens auto-rotate β expired tokens refreshed, old ones invalidated
- βRevoke access any time from your integration settings
π‘οΈ
Infrastructure
- βHosted on Vercel with automatic SSL certificates
- βSupabase PostgreSQL with Row Level Security
- βRate limiting on all endpoints
- βNo personal data in browser storage
π
Audit Trail
- βAll data access logged with timestamp and action type
- βAudit logs available upon request
- βNo employee accesses your raw integration data
What We Never Do
- βNever sell your data β to anyone, for any reason
- βNever share your data with advertisers or third parties β
- βNever store payment information β Stripe handles all billing
- βNever track your location β we use event locations, not GPS
- βNever access more than we need β all scopes are read-only
- βNever use your data to train AI models β your profile is yours
- βNever retain data after deletion β when you delete, it's gone
Your Rights
- βAccess: Request a copy of all data we have about you
- βDelete: Request complete deletion of your account and all data
- βExport: Download your profile, preferences, and connected data
- βRevoke: Disconnect any integration instantly from settings
- βAudit: Request a log of when and how your data was accessed
To exercise any of these rights, email privacy@me-squared.ai
AI & Your Energy Profile
- βYour Energy Profile is generated by AI using birth data you provide
- βBirth data is used only during generation β it is not stored in plaintext
- βYour reading is saved to your account only β no one else can see it
- βThe shareable Energy Type card shows only your type name β no personal details
- βAI recommendations include safety classifiers for wellness content
Questions?
If you have any questions about how we handle your data:
Email: privacy@me-squared.ai