Legal
Privacy Policy
Last updated: June 27, 2026
1. Introduction
Myellin (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI-powered notebook and learning platform.
2. Information We Collect
We collect information you provide directly to us, such as your name, email address, and the content you create in your notebooks. We also collect usage data to improve our services.
3. Notebook and AI Data
Notebook content, flashcards, boards, prompt templates, uploaded files, and AI run metadata are processed to provide the Myellin product. AI workflows run only when you invoke them. Depending on your settings, selected content may be sent to configured AI providers such as OpenAI, Anthropic, Google, Moonshot, xAI, or DeepSeek.
4. API Keys
If you bring your own AI provider keys, Myellin encrypts them at rest and does not display them again after creation. Keys are used to process AI requests you initiate.
5. Data Security
We use HTTPS, Supabase authentication, database row-level security, application authorization checks, audit logs, and rate-limited API routes to protect your data. API keys you provide are encrypted at rest using AES-256-GCM. MCP and extension tokens are stored as hashes.
6. Retention and Deletion
Your content remains in Myellin until you delete it or request account-level deletion. Account export is available from product settings, but raw provider keys, token hashes, and encrypted secret payloads are intentionally omitted. Some records may be retained for security, abuse prevention, legal, audit, or backup purposes for a limited period.
7. Subprocessors
Current infrastructure and optional AI subprocessors are listed on the Subprocessors page.
8. Enterprise Controls
Organization administration, audit logs, AI provider policy, public-link inventory, Clipper/MCP token inventory, and BYOK-required mode are supported. Signed Windows desktop deployment is supported through the managed package release lane. SSO/SAML/OIDC, SCIM, organization-enforced MFA, and session/device governance are not implemented yet.
9. Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@myellin.com.