Sign in

Privacy Policy

Effective May 9, 2026

Maelon ("we", "us") builds a productivity workspace — tasks, notes, and calendar — at app.maelon.co. This policy explains what we collect, why we collect it, and the choices you have. If anything here is unclear, email us at hello@maelon.co.

What we collect

Account information

When you sign up we receive your email address and (if you sign in with Google) your name and profile photo. We use these to authenticate you and personalize the app.

Content you create

Tasks, notes, workspace names, calendar events you create inside Maelon, and any text you submit through Capture. This content is yours; we store it on your behalf so the app works.

Onboarding answers

When you first sign up we ask optional questions about your role, team size, intended use cases, and where you heard about us. Most fields are skippable. We use the answers to tailor the product and improve our marketing.

Google data (only if you sign in with Google)

With your consent, we request access to your Google Calendar so Maelon can read and write your events on your behalf. We store an access token and refresh token server-side, encrypted at rest, so we can refresh access without prompting you again. We never sell Google data, never use it to train AI models, and never share it with third parties beyond what's required to run our app.

You can revoke this access at any time from your Google Account permissions page. Revoking immediately stops Maelon from accessing your calendar.

Usage and device data

Standard server logs (IP address, request path, timestamps, user-agent) so we can debug, monitor performance, and prevent abuse. We do not run third-party analytics or advertising trackers on the app.

How we use your data

  • To provide and improve the Maelon product
  • To authenticate you and keep your account secure
  • To send transactional email (sign-in links, account notices)
  • To send occasional product updates by email — you can opt out anytime
  • To respond when you contact us
  • To prevent fraud, abuse, and security incidents

How we share your data

We do not sell your data. We share data only with service providers we use to run Maelon, and only to the extent they need it:

  • Supabase — managed Postgres + authentication
  • Vercel — application hosting
  • Anthropic — AI-powered Capture and daily briefing (your input is sent server-side; not used for training per Anthropic's API terms)
  • Google — Calendar integration when you opt in
  • Resend — transactional email delivery
  • UptimeRobot — external uptime monitoring (no user data)
  • Mapbox — address autocomplete in the calendar (only the partial address you type)

Each of these providers has its own privacy policy and security practices. We'll only ever add new processors for things that improve the product, and we'll update this list when we do.

We may also disclose information if required by law, to protect our rights, or to protect the safety of users.

Where we store data

Application data is stored on Supabase (US region) and Vercel (global edge cache for non-sensitive content). Provider tokens for third-party services (e.g. Google) are encrypted at rest in Supabase.

Your rights

You can access, edit, or delete most of your data directly inside the app. To request a full export or to delete your account entirely, email hello@maelon.co and we'll action it within 30 days. Depending on where you live (e.g. the EU / UK / California) you may have additional rights such as data portability and the right to object — those rights apply.

Cookies and similar technologies

We use first-party cookies strictly for authentication (keeping you signed in) and a small number of preferences (e.g. right-rail width, mute toggle for the welcome animation). We don't use cross-site tracking or advertising cookies.

Children

Maelon is not directed at children under 13 (or under 16 in the EU). If we learn we've collected data from a child, we'll delete it.

Security

We use TLS in transit, encrypted storage at rest, row-level security (RLS) policies in Postgres so users can only see their own data, and short-lived auth tokens. No system is perfect — if you spot a security issue, please email us at hello@maelon.co.

Changes

When we make material changes to this policy we'll update the effective date above and notify signed-in users by email or in-app notice. Continued use after a change means you accept the updated policy.

Contact

Questions, requests, or anything else: hello@maelon.co.

Maelon is operated by Tinsly Co.