Skip to content
Myellin

Legal

Data Processing Addendum

Last updated: June 27, 2026

This page summarizes Myellin data processing practices for customers and vendor-review teams. A signed data processing addendum can be requested from privacy@myellin.com.

Roles

For customer workspace content, notebook data, uploaded files, prompt libraries, chat history, Learn data, and organization administration records, the customer is the controller and Myellin acts as processor. Myellin acts as controller for account administration, security, abuse prevention, billing/support communications where applicable, and product operations metadata.

Customer data

Customer data may include account details, notebook content, flashcards, prompt templates, AI run metadata, uploaded files, and support communications. Organization records may include membership, invitations, roles, policies, audit events, public-link inventory, and integration token metadata.

Processing purposes

Myellin processes customer data to provide the product, maintain security, support account administration, troubleshoot issues, and operate user-initiated AI workflows.

Locations

Myellin is hosted through Vercel and Supabase. Data location depends on the production deployment configuration and the subprocessors used for enabled features. Optional AI providers may process selected content in the regions described by their own service terms. Customers with a region requirement should request confirmation before enabling optional providers.

Subprocessors

Current infrastructure and AI subprocessors are listed on the Subprocessors page. Provider use can vary by feature and customer configuration.

Retention

Customer content remains in Myellin until deleted by the user, removed through account deletion, or handled through a verified data subject request. Audit and security records may be retained according to the configured organization retention policy. Backups and subprocessor logs may continue to retain data for their normal retention windows.

Deletion and export

Users can export account data from the product and delete content or request account-level deletion. Account export intentionally omits secret ciphertext, token hashes, and raw provider keys. Organization-wide self-service export is not available yet. Data requests can be sent to privacy@myellin.com.

Current enterprise scope

Myellin currently supports organization membership administration, audit logs, public-link inventory, AI provider policy, Clipper/MCP token inventory, BYOK encryption, account export, and signed Windows desktop deployment through managed package releases. SSO/SAML/OIDC, SCIM, organization-enforced MFA, and remote device/session revocation are not implemented yet.