v0.1.0  · early access
meet·ping
sign in ↗Download for Mac$24.90
§01/03 / Legal

Privacy policy.

The legal version of how we handle your data. For the technical breakdown of what the macOS app does and does not do, see the product privacy page.

Who we are

MeetPing is operated by Ogtay Huseynov as a sole proprietor based in Azerbaijan. For everything in this document, "MeetPing", "we", "us" means that one person. The data controller for the purposes of GDPR is also that one person.

Contact for any privacy question, data request, or complaint: [email protected]. We answer within five business days.

This policy covers the marketing site at meetping.app, the licensing dashboard, and the macOS app. The app collects no data and sends no requests during normal use; the details are at /privacy.

What data we collect

Marketing site. When you visit meetping.app we receive your IP address, user agent, and the page you landed on through Cloudflare access logs. Google Analytics 4 records aggregate page views, country, and device type. Microsoft Clarity records anonymised session replays — Clarity is configured to mask all input fields and never replay password or payment fields.

Account and licensing. When you buy a license we store your email address, license key, country (from Stripe), the Stripe customer and payment intent IDs, and a hardware fingerprint for each Mac you activate. The fingerprint is a one-way hash of CPU model, board ID, and a random per-install salt; it cannot be used to identify a person, only to count seats.

The macOS app. The app collects no analytics, no telemetry, no crash reports, and no transcripts. It contacts our server only to validate your license key on first activation and to fetch the Sparkle update feed. See /privacy for the full list of network calls.

Why we process this data (lawful basis)

  • Contract performance (Art. 6(1)(b) GDPR) — your email and license records exist so we can deliver and support the software you paid for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — aggregate analytics so we can understand which pages help people decide to buy.
  • Consent (Art. 6(1)(a) GDPR) — if and when we add a marketing newsletter, only after you opt in. Unsubscribe at any time.
  • Legal obligation (Art. 6(1)(c) GDPR) — Stripe records and our invoices are kept to satisfy tax law.

Where data is stored

  • Supabase — auth and license database. EU region (Frankfurt). TODO: confirm and update if region changes.
  • Hetzner — application server in Nuremberg, Germany. Hosts the API and Redis queue.
  • Stripe — payment data and customer records. Stripe is in the United States; transfers rely on Stripe's Standard Contractual Clauses.
  • Google Analytics 4 and Microsoft Clarity — analytics scripts loaded on the marketing site only. Data flows to Google and Microsoft servers under their respective EU data-processing addenda.
  • Cloudflare — CDN, DNS, and bot mitigation in front of the site. Edge logs are retained briefly.

Third parties (sub-processors)

  • Stripe Payments Europe — payment processing and chargebacks.
  • Supabase Inc. — Postgres database and email-OTP auth.
  • Hetzner Online GmbH — server hosting (EU).
  • Cloudflare, Inc. — CDN and DNS.
  • Google Ireland Ltd. — Google Analytics 4 on the site.
  • Microsoft Ireland Ops Ltd. — Clarity session replay on the site.

We do not sell your data and we do not share it for advertising. The only people who see your account record are the founder and the named sub-processors above, each acting under their own DPA.

How long we keep it

  • License records, activated devices, and the email tied to your account: kept for the duration of the license plus 7 years to comply with tax law.
  • Stripe payment records: 7 years (legal retention).
  • Google Analytics user-level data: 14 months (default GA4 retention).
  • Microsoft Clarity session recordings: 30 days.
  • Cloudflare access logs: 7 days.

Your rights

Under GDPR and the equivalent California (CCPA) provisions, you can ask us to:

  • Confirm what data we hold about you (right of access).
  • Correct inaccurate records (rectification).
  • Delete your account and associated data (erasure / right to be forgotten).
  • Export your records in a machine-readable form (portability).
  • Object to processing based on legitimate interest, including analytics.
  • Lodge a complaint with your local supervisory authority — for EU residents, that is your national data-protection authority.

Email [email protected] from the address on your license. We complete requests within 30 days and never charge for them.

Cookies and similar technology

  • _ga, _ga_* — Google Analytics, 13 months.
  • _clck, _clsk — Microsoft Clarity, 1 year and 1 day respectively.
  • sb-* — Supabase auth session, only set after you sign in to the dashboard.
  • __cf_bm — Cloudflare bot management, 30 minutes rolling.

Strictly necessary cookies (auth, anti-bot) are set without consent. Analytics cookies on the marketing site can be blocked at the browser level today; we will add an explicit consent banner before scaling ads.

Transfers outside the EU

Hetzner and Supabase store your records inside the EU. Stripe, Google Analytics, Microsoft Clarity, and Cloudflare may transfer data to the United States. Each of those vendors operates under the EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. We rely on those contracts; we do not perform our own transfer-impact assessment beyond what those vendors publish.

Children

MeetPing is not directed at children under 16. If you believe a minor has bought a license or signed up, email [email protected] and we will refund and delete the account.

Changes to this policy

When we change this document in a way that affects you — new sub-processor, new category of data, longer retention — we notify active license holders by email and post a banner inside the dashboard. Cosmetic changes are made silently.

Contact

Ogtay Huseynov, sole proprietor, Baku, Azerbaijan. [email protected]