Privacy Policy

1. Overview

Meop Inc. (“Meop,” “we,” “our,” or “us”) operates the Meop platform at meop.live. This Privacy Policy explains how we collect, use, and protect your information when you use our services, including our integrations with third-party services such as Google Gmail.

2. Information We Collect

We collect information you provide directly and information from connected services:

• Account information: Name, email address, and authentication credentials.
• Gmail data (when connected): Email metadata (sender, recipient, subject, date), email body content, and labels. This data is used solely to display your inbox within the Meop platform and to send emails on your behalf.
• Usage data: How you interact with the platform (page views, feature usage) to improve the product.

3. How We Use Google User Data

Meop integrates with Google Gmail to enable you to read and send emails from within the platform. Our use of Google user data is limited to the following:

• Displaying your Gmail inbox within the Meop dashboard
• Sending emails from your Gmail account at your explicit direction
• Marking emails as read when you open them in the platform
• Applying AI triage labels (Urgent / FYI / Ignore) to help you prioritize your inbox

We do not: sell, share, or transfer your Gmail data to third parties. We do not use Gmail data to serve advertisements. We do not store email content beyond what is necessary to display it in your current session. OAuth tokens are stored securely and used only to authenticate requests on your behalf.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage and Security

Your data is stored on Supabase-managed infrastructure with row-level security enabled. OAuth tokens for Gmail are stored encrypted and scoped to your user account. We use industry-standard encryption in transit (TLS) and at rest. Only you can access your connected Gmail data within the platform.

5. Revoking Access

You can revoke Meop's access to your Gmail at any time by visiting your Google Account permissions page and removing Meop. This immediately invalidates our access tokens and we will delete your stored token data upon your next login.

6. Data Retention

We retain your account data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Gmail OAuth tokens are deleted immediately upon revocation or account deletion.

7. Instagram and Meta Data

Meop integrates with Instagram and Meta platforms via the Instagram Graph API to enable you to manage your Instagram presence from within the platform.

• Instagram account information: Basic profile data (username, account ID, profile picture) used to identify and connect your Instagram account.
• Instagram media and posts: Your Instagram posts and associated metadata, used to display your content within the platform.
• Instagram comments: Comments on your Instagram posts, used to display and enable replies from within the Meop dashboard.

How we use this data: Instagram data is used solely to display your content and enable you to respond to comments from within the Meop platform. We do not sell, share, or transfer your Instagram data to third parties. We do not use Instagram data for advertising purposes.

Revoking Instagram access: You can disconnect your Instagram account at any time from within the Meop dashboard or via your Instagram account settings. Disconnecting will immediately invalidate our access tokens and we will cease access to your Instagram data.

8. Third-Party Services

Meop uses the following third-party services to operate the platform:

• Supabase: Database and authentication infrastructure
• Google APIs: Gmail integration (when connected by user)
• Meta / Instagram Graph API: Instagram account and comment management (when connected by user)
• Anthropic: AI features and email triage
• Stripe: Payment processing (when applicable)

9. Data Transfers

Meop is operated from the United States. Your data is stored and processed on US-based infrastructure (Supabase, hosted on AWS). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. Where required by law (including GDPR), we ensure appropriate safeguards are in place for international data transfers.

10. GDPR — Your Rights

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (“right to be forgotten”).
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a machine-readable export of your data.
• Objection: Object to processing of your data for certain purposes.
• Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact our Data Protection contact at [email protected]. We will respond to requests within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by emailing the address associated with your account or by displaying a notice within the platform. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact