Privacy Policy

Last updated: April 23, 2026

Overview

MESS is a tool for indexing the accounts you have across SaaS products — Supabase, Vercel, Stripe, and the like. This policy explains what we collect, why, and the rights you have over it.

By using MESS you agree to the terms below. If you don't, please don't use it.

What we collect

From you directly

  • Email address (for login and billing)
  • Payment details, handled entirely by Stripe — we never see full card numbers
  • The content you put into MESS: account labels, emails you note per account, URLs, plans, tiers, and the brain-dump text you type or paste
  • If you connect GitHub, the names of the repos you choose to scan and their config files (package.json, .env examples, vercel.json, etc.) — we do not read source code

Automatically

  • Standard web logs: IP address, user agent, pages visited, timing
  • A short-lived rate-limit record tied to your IP, to prevent abuse of our pre-auth demo

How we use it

  • Run the product: parse your ramble, save your index, let you search it
  • Send transactional email (login links, billing notices)
  • Keep the service up and safe from abuse
  • Comply with legal obligations

We don't sell your data. We don't use your brain-dump content to train models.

Third parties we rely on

  • Supabase — database, auth, hosting of your data
  • Anthropic — AI that parses your ramble into structured rows; they do not retain inputs for training under their API terms
  • Stripe — payments and subscription management
  • Vercel — hosting of the application
  • Loops — transactional email
  • GitHub — only if you connect it to scan your own repos

Security

Data is encrypted in transit (TLS) and at rest via our hosting providers. Access is scoped per user at the database layer (row-level security). No system is perfectly secure, but we take reasonable care with yours.

Your rights

You can:

  • Access and export the data you've stored in MESS
  • Edit or delete any row in your index at any time
  • Delete your account, which removes your workspace and its data
  • Unsubscribe from any non-essential email

For account deletion or data requests, email hello@mess.fyi.

Retention

We keep your data for as long as your account is active. When you delete your account, we remove it within 30 days (some backups may persist longer for operational reasons, then age out).

Cookies

We use a session cookie for auth and basic analytics. We do not run ad-tracking cookies.

Children

MESS is not intended for anyone under 13. We don't knowingly collect data from children. If you believe we have, email us and we'll remove it.

Changes

We may update this policy. Material changes will be posted here with a new "Last updated" date.

Contact

Questions? Email hello@mess.fyi.