← Back to MyMeBoTerms of Service

Privacy Policy

Effective: April 17, 2026

This Privacy Policy explains how MyMeBo LLC (“MyMeBo,” “we,” “us”) collects, uses, stores, and shares the information you and your organization provide when you use our service at www.mymebo.com(the “Service”).

We aim for plain English. If something here is unclear, email us at support@mymebo.comand we'll explain.

1. Who we are

MyMeBo LLC is a Rhode Island limited liability company. MyMeBo is a SaaS platform for grant management, project and task coordination, compliance tracking, and an AI assistant (“Mebo”) that helps users triage work, extract action items from documents and emails, and stay on top of deadlines.

2. What we collect

We only collect what's necessary to run the Service.

2.1 Account information

  • Email address, display name, password (hashed — we never store it in plain text).
  • If you sign in with Google, your name, email, and profile picture from Google.
  • Organization name, role, and team membership.

2.2 Content you create or connect

  • Projects, tasks, grants, contacts, calendar events, timesheets, financial transactions, notes, reports, and impact metrics you enter or upload.
  • Documents you upload to the Knowledge Base or attach to grants/projects (PDFs, spreadsheets, text files, etc.).
  • Emails you label in Gmail for sync — only emails carrying the label you configure, not your whole inbox.
  • Calendar events synced from Google Calendar if you connect that integration.
  • Accounting data synced from QuickBooks or FreshBooks if you connect those integrations.

2.3 Usage data

  • Pages you visit, actions you take, approximate timing (for analytics and product improvement).
  • Device and browser information, IP address (for security + abuse prevention).
  • Focus-session timing, XP + streak counters for the gamification features.

2.4 What we do NOT collect

  • We do not collect more information than the integrations you authorize require.
  • We do not use cookies for cross-site advertising tracking.
  • We do not buy or sell data from/to data brokers.

3. How we use your data

Only these purposes:

  • Deliver the Service — save your work, sync your integrations, run the features you use.
  • AI processing — we send selected content (task titles, email bodies you labeled for sync, documents you upload, grant info) to our AI provider so Mebo can extract tasks, prioritize, suggest next steps, draft reports, and answer your questions. See Section 5 for the specific provider and limits.
  • Customer support — respond when you email us; diagnose issues you report.
  • Product improvement — aggregate, anonymized usage patterns (“X% of users use Feature Y”).
  • Security + abuse prevention — detect suspicious logins, rate-limit abuse, investigate incidents.
  • Legal compliance — if a court order requires us to retain or disclose something, we comply narrowly.

We do NOT use your content to train any third-party AI model. Our AI provider (see Section 5) is configured to not train on your inputs.

4. How we isolate your data

MyMeBo is multi-tenant. Every record (task, grant, document, email, etc.) is tagged with the owner's user ID. The database enforces row-level security policies so you can only read and modify your own records. Even our internal code paths respect this isolation.

Organizations with multiple team members share records explicitly — e.g., members of the same org see that org's grants. Individual tasks and personal data are scoped per-user.

Shared reference material (e.g., foundation documents like 2 CFR 200) is explicitly marked as such and is the same for everyone. You will never see another user's private work.

5. Third-party service providers (subprocessors)

We rely on these vendors to run the Service. Each sees only the data needed for their specific role. All data is in the United States.

  • Supabase (PostgreSQL hosting, authentication, file storage) — stores your account, content, and uploaded files. Data encrypted at rest + in transit. US region.
  • Vercel (application hosting) — runs the web app. No persistent user content stored.
  • Anthropic (AI processing via Claude models) — receives content you explicitly feed to AI features (intake extraction, email triage, document extraction, chat). Anthropic does not train models on our API inputs. US region.
  • Google (OAuth login, Gmail, Calendar integrations if connected) — only the accounts + data you authorize.
  • QuickBooks / FreshBooks (accounting sync, if connected) — only data you authorize.
  • GoDaddy (DNS + email forwarding for support@).

6. Security

  • All traffic over HTTPS (TLS).
  • Data encrypted at rest in Supabase.
  • Passwords hashed using industry-standard algorithms (Supabase Auth).
  • Row-level security on every user-scoped table.
  • Regular automatic backups via Supabase.
  • Security headers (HSTS, XSS protection, clickjacking protection, source maps disabled in production).
  • OAuth tokens encrypted in storage.

No system is perfectly secure. If you discover a vulnerability, please email support@mymebo.com. We'll respond within 72 hours.

7. Data retention

  • We retain your data for as long as your account is active.
  • If you cancel your subscription, we keep your data in read-only state for 90 days (“grace period”) so you can reactivate without losing anything.
  • After the 90-day grace period, all your content is permanently deleted from our active systems. Encrypted backups may persist up to 30 additional days before rotation.
  • You can request earlier deletion at any time — see Section 9.

8. Data export

You can export your data at any time from Settings (when that feature ships) or by emailing support@mymebo.com. We'll return a machine-readable archive (JSON + CSV) within 7 business days.

9. Your rights

You have the right to:

  • Access — see what we have on you (export covers this).
  • Correct — fix any inaccurate data directly in the app or by asking.
  • Delete — request deletion of your account and all associated data. We'll complete this within 30 days.
  • Opt out — stop using the Service at any time.
  • Object to AI processing — if you don't want specific content processed by AI, don't feed it to AI features (don't label it for sync, don't upload it, don't paste it into intake). Non-AI features work fine without AI processing.

California residents have rights under CCPA; we treat all US users the same regardless of state.

Email support@mymebo.com to exercise any of these.

10. Children

MyMeBo is not intended for users under 13. We do not knowingly collect information from children under 13. If you believe we have, email us and we'll delete it.

11. United States only

MyMeBo is currently offered only in the United States. All data is stored and processed in the US. If you use the Service from outside the US, you acknowledge your data will be transferred to and processed in the US.

12. Changes to this policy

We'll update this page when things change. Material changes (new categories of data, new subprocessors, changes to how we share data) will be flagged via email or in-app notice at least 30 days before they take effect. The “Effective” date at the top tells you the current version.

13. Contact

Questions, complaints, or requests:
support@mymebo.com
MyMeBo LLC · Rhode Island, USA