Privacy Policy
The short version: We collect only what we need to deliver one anonymous voice exchange. We never sell your data. Your voicemails are encrypted, stored briefly, and deleted on a 2-year cycle. You can request deletion at any time by writing to voice@meantfor.you.
01.Who we are
Meant ("we", "us", "our") is operated by Meant Ltd, a private limited company registered in the United Kingdom. Our service is the Meant app: an anonymous voice-message exchange platform.
For the purposes of UK GDPR and EU GDPR, we are the data controller of personal information you provide to us. You can reach our Data Protection contact at voice@meantfor.you.
02.What this policy covers
This policy describes how we handle personal data when you visit meantfor.you, join our waitlist, use the Meant mobile app, or contact us by email.
It also describes your rights under data protection law and how to exercise them.
03.What we collect
From the website (waitlist signup)
- Email address. When you join the waitlist, we collect only your email — nothing else. No name, no IP-derived profile, no marketing tracking pixels.
- Technical access logs. Standard server logs (IP address, timestamp, browser type) from our hosting provider, kept for security purposes only and rotated on a 30-day cycle.
From the Meant app (when launched)
- Authentication email. Only an email address used for sign-in via magic link. No password.
- Voice recordings. The voicemails you record and the replies you receive. Stored encrypted at rest.
- Language preference. So we can match your voicemail with a listener who speaks your language.
- Payment metadata. If you purchase credits, we receive a transaction ID from Apple/Google. We never receive your card details.
- Anonymous usage analytics. Aggregate counts of exchanges completed, retention rates, error rates. No individual tracking.
What we do NOT collect
- Real names, addresses, phone numbers, or government IDs.
- Contacts, photos, location data, calendars, or files.
- Cross-app tracking identifiers (no IDFA, no ad networks).
- Any data that links a sender to a listener.
04.How we use it
We process your data only for the following purposes:
- To deliver the service. Routing voicemails to listeners, replies back to senders, authentication.
- To communicate with you. Service emails (account confirmation, receipts, your reply has arrived). For waitlist subscribers, exactly one email when the line opens.
- For safety. If a voicemail violates our content policy (threats, child safety, self-harm crisis), we may review it under strict access controls.
- For legal compliance. Responding to lawful requests from competent authorities.
- To improve the product. Aggregate, anonymized analytics — never individual profiling.
We do not use your data for advertising, profiling, or sale to third parties.
05.Lawful basis (GDPR Article 6)
Under UK and EU GDPR, we rely on the following lawful bases:
- Contract. Processing necessary to provide you the Meant service you signed up for.
- Legitimate interest. Security logs, fraud prevention, aggregate analytics — balanced against your privacy.
- Consent. Marketing emails (the one waitlist email, future product updates if you opt in).
- Legal obligation. Responding to lawful authority requests, retaining transactional records for tax law.
06.How long we keep it
| Data type | Retention |
|---|---|
| Waitlist email | Until you unsubscribe, or 2 years from last activity |
| Voicemails (sender → listener) | 2 years from creation, then auto-deleted |
| Voicemail replies (listener → sender) | 2 years from creation, then auto-deleted |
| Account email | Until account deletion request |
| Server access logs | 30 days (rolling) |
| Transaction records (tax law) | 7 years from purchase |
| Safety review records | 3 years from review |
You can request deletion before these periods at any time (see Your rights below).
07.Who we share with
We share data only with carefully selected service providers ("processors"), each bound by data processing agreements compliant with UK and EU GDPR. We use Standard Contractual Clauses (SCCs) for transfers outside the UK/EU.
| Processor | Purpose | Location |
|---|---|---|
| Sender.net | Email delivery (waitlist + transactional) | EU (Lithuania) |
| Vercel | Website hosting | USA / global edge (SCCs) |
| Cloudflare | CDN, DDoS protection | Global (SCCs) |
| AWS S3 (EU-West) | Encrypted voicemail storage | EU (Ireland) |
| Twilio | Voice infrastructure (when app launches) | USA (SCCs) |
| Stripe | Payment processing | USA (SCCs) |
| RevenueCat | Subscription abstraction (mobile) | USA (SCCs) |
| Apple App Store | iOS distribution + payments | USA |
| Google Play Store | Android distribution + payments | USA |
| Sentry | Error monitoring (anonymized) | USA (SCCs) |
| PostHog | Aggregate product analytics | EU (Germany) |
| Resend | Backup transactional email | USA (SCCs) |
We do not sell, rent, or share your personal data with advertising networks, data brokers, or marketing partners.
08.Voicemail anonymity
Voicemails are matched between sender and listener via random allocation. Neither party ever receives identifying information about the other:
- No name, no email, no profile.
- No metadata that could de-anonymize (timing patterns are obfuscated).
- No way to reply to the listener after their reply has been received.
- No way for a listener to receive multiple voicemails from the same sender.
Internally, we maintain a strict separation: the sender's account, the listener's account, and the voicemail content live in different database namespaces with cryptographic boundaries. No single staff query can reveal the identity of either party in a given exchange.
09.Security
We protect your data with industry-standard technical and organizational measures:
- Encryption in transit: TLS 1.3 for all network traffic.
- Encryption at rest: AES-256 for voicemails and database fields containing personal data.
- Access controls: Role-based access, multi-factor authentication for staff, audit logs.
- Backups: Encrypted, tested quarterly, retained 90 days.
- Vulnerability management: Regular dependency updates, annual third-party security review.
- Breach response: 72-hour notification to authorities and affected users where required by GDPR.
10.Your rights
Under UK and EU GDPR, you have the following rights regarding your personal data:
- Access. Request a copy of all data we hold about you.
- Rectification. Correct inaccurate data.
- Erasure ("right to be forgotten"). Request deletion of your data.
- Restriction. Limit how we process your data.
- Portability. Receive your data in a machine-readable format.
- Objection. Object to processing based on legitimate interest.
- Withdraw consent. Where processing is based on consent.
- Lodge a complaint. With the UK ICO (ico.org.uk) or your local EU data protection authority.
To exercise any of these rights, write to voice@meantfor.you. We will respond within 30 days. There is no charge for these requests.
11.International transfers
Some of our processors are based outside the UK and EU. For these transfers, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO.
- Adequacy decisions where applicable (e.g., UK-EU adequacy).
- Supplementary technical measures (encryption, access controls) where required.
12.Cookies
We use the bare minimum:
- One essential session cookie for the app (so you stay signed in).
- One preference cookie for language.
We do not use marketing cookies, advertising trackers, or third-party analytics cookies.
13.Children
Meant is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a minor has signed up, contact us immediately at voice@meantfor.you and we will delete their account.
14.Crisis content
If a voicemail contains content suggesting active self-harm, suicidal crisis, or imminent danger, our content policy may trigger a review. In rare cases where required by law, we may share information with appropriate emergency services. We will never proactively share information for any other purpose.
15.Changes to this policy
If we make material changes to this policy, we will notify you by email (for waitlist subscribers and users) at least 30 days before the changes take effect. The current version is always available at meantfor.you/privacy.html.
16.Automated decision-making
We do not engage in any automated decision-making or profiling that produces legal or significantly affecting effects on individuals. Voicemail-to-listener matching is randomized and does not constitute profiling under GDPR Article 22.
17.Contact
For any question about this policy, your data, or to exercise your rights:
Email: voice@meantfor.you
Subject line: "Privacy" (so we route it correctly)
Postal: Meant Ltd, United Kingdom (full address provided on request)
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or the data protection authority of your EU member state.