← Back to medit8

Privacy Policy

Last updated: 6 March 2026

1. Who We Are

medit8 (“we”, “us”, “our”) is an AI-powered guided meditation web application available at www.medit8.io. This Privacy Policy explains how we collect, use, and protect information when you use the service.

2. Information We Collect

2.1 Information You Provide

  • Feeling check-ins — free-text descriptions of how you feel, used solely to generate your meditation session in real time. These are not stored after the session is generated.
  • Session preferences — topic, duration, intensity, voice, and language selections.
  • Reflections — optional post-session ratings and notes you choose to save. These are stored in your browser's localStorage only.
  • API keys (BYOK mode) — if you provide your own OpenAI API key, it is stored in your browser's localStorage and transmitted only to our server-side API routes. We never persist your API key server-side.

2.2 Automatically Collected Information

  • Anonymous session ID — a cryptographically signed cookie (medit8_uid) is used for rate-limiting and abuse prevention. It contains no personal information.
  • Basic analytics — we use Vercel Analytics to collect anonymous, aggregate page-view statistics (no cookies, no personal identifiers).
  • IP address — used transiently for rate limiting and per-IP usage budgets. Not stored in logs beyond the current server instance lifetime.

3. How We Use Your Information

  • Generate and deliver personalised meditation sessions.
  • Enforce rate limits and prevent abuse.
  • Improve the quality and reliability of the service.
  • Comply with legal obligations.

We do not use your check-in text or session data to train or fine-tune AI models.

4. Third-Party Services

  • OpenAI — your feeling check-in and session parameters are sent to the OpenAI API to generate meditation plans and text-to-speech audio. OpenAI's data usage policy applies: openai.com/policies.
  • Vercel — our hosting provider. Vercel Analytics collects anonymous, aggregated usage metrics.

5. Data Storage & Retention

  • Client-side — preferences, saved meditations, presets, and reflections are stored in your browser's localStorage and IndexedDB. You can clear this data at any time via your browser settings.
  • Server-side caching — generated meditation plans and TTS audio may be cached temporarily in server memory or Redis to improve performance. Cached data expires automatically.
  • No long-term server storage — we do not maintain a database of your sessions, feelings, or personal data.

6. Cookies

We use a single, httpOnly session cookie (medit8_uid) for rate-limiting purposes. It does not contain personal data. We do not use advertising cookies, tracking pixels, or third-party cookies.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. Because we store minimal data server-side, most data is under your direct control in your browser. To exercise any data rights or make a request, contact us at privacy@medit8.io.

8. Children's Privacy

medit8 is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the application. Your continued use of medit8 after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@medit8.io.