MEISON ← Back to meison.org

Privacy Policy

Last updated: 6 July 2026

This policy explains how MEISON handles personal data, both on this website (meison.org) and within the applications we build and provide. It sets out what data is involved, why, who it is shared with, how long it is kept and the rights available to individuals under UK data protection law (the UK GDPR and the Data Protection Act 2018).

Who we are

MEISON is a software studio registered in England and Wales (company number 16234185). We can be reached about this policy or your data at support@meison.org.

Our role

Our relationship to your data depends on the context:

Individual applications may provide their own, more detailed privacy information covering how that specific product handles data.

The data we handle

On this website, we handle only what you provide when you get in touch, such as your name, email address and the content of your message.

Within our applications, and depending on the product and how our customer uses it, the data may include:

Why we handle it, and our lawful basis

We handle personal data to run this website, to respond to enquiries, and to provide and secure our applications for our customers. The lawful bases under the UK GDPR are typically performance of a contract, our legitimate interests in operating and securing our services, and, where it applies, compliance with a legal obligation. Where a customer determines the purpose of processing within an application, they are responsible for the lawful basis that applies.

Who we share it with

We do not sell personal data. We share it only with the service providers that help us run our website and applications, under contracts requiring them to protect it and use it only on our instructions. These include our hosting and infrastructure providers, Supabase (database, authentication and storage, hosted in the European Union) and Vercel (application hosting), together with any additional providers a particular application relies on, such as a messaging provider where that product sends messages.

Where your data is held

Our application data is stored in the European Union. Where a provider processes data outside the UK or EU, we rely on appropriate safeguards, such as adequacy decisions or standard contractual clauses, to protect it.

How long we keep it

We keep personal data for no longer than is required. Website enquiries are kept only for as long as needed to deal with them. Application data is kept for as long as the relevant customer account is active and requires it, and for any period we or our customers are required to retain it by law, for example employment or tax records. Once it is no longer needed for these purposes, it is deleted or anonymised.

How we protect it

Access to data is restricted so that each person and system sees only what they are entitled to. Data is encrypted in transit, sign-in tokens on mobile devices are held in secure device storage, and passwords are never stored in a readable form. We keep these measures under review.

Your rights

Under the UK GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to its use, and to receive a copy in a portable form, in each case subject to the limits the law allows. To exercise any of these, contact support@meison.org. Where the data is held within an application on behalf of a customer, we may need to pass your request to that customer as the controller, and we will help you do so.

If you are unhappy with how your data has been handled, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this policy from time to time. When we do, we will change the date at the top of this page.

Contact

For any questions about this policy or your data, email support@meison.org.