Legal

Privacy Policy

Last updated: June 2026

1. Who we are

Meulenbase is an independent reporting platform currently in its Early Access phase. It is developed and operated by an individual developer. Questions about this policy can be directed to [email protected].

2. What data we collect

  • Account information — your email address and, optionally, your name when you register.
  • Session data — a signed session token stored in a cookie to keep you logged in. This token references a session record in our database and expires automatically.
  • Server logs — standard web server logs including IP addresses and request timestamps, retained for a short period for security and debugging purposes.

3. How we use your data

  • To create and manage your account.
  • To authenticate you when you sign in.
  • To improve the platform based on how it is used.
  • To respond to support requests or enquiries.

4. How we store and protect your data

Your data is stored in a PostgreSQL database. Passwords are hashed using bcrypt and are never stored in plaintext — we cannot recover your password, only reset it. Session tokens are HMAC-signed and expire automatically.

We take reasonable technical measures to protect your data from unauthorised access. During Early Access, the platform is hosted on infrastructure that follows standard security practices.

5. What we do not do

  • We do not sell your data to third parties.
  • We do not use advertising or tracking cookies.
  • We do not share your data with marketing platforms.
  • We do not use your data to train machine learning models.

6. Cookies

We use one functional cookie: better-auth.session_token. This cookie is required for authentication and cannot be disabled while using the platform. It contains no personal information — only a signed session reference. We do not use any analytics, advertising, or tracking cookies.

7. Your rights (GDPR)

If you are located in the European Union or EEA, you have the following rights regarding your personal data:

  • The right to access the data we hold about you.
  • The right to correct inaccurate data.
  • The right to request deletion of your data.
  • The right to data portability.
  • The right to withdraw consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Data retention

Account data is retained for as long as your account is active. Expired session records are periodically deleted. If you request account deletion, your personal data will be removed within 30 days of the request.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated via the platform or email. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, please contact us at [email protected].