Privacy Policy
Last updated: July 11, 2026
MACE ("we", "our") operates the service available at usemace.com. This policy describes what personal data we collect, how we use it, and what your rights are.
1. Data we collect
- Google Account: name, email address, and profile picture obtained via Google OAuth 2.0 with your explicit consent.
- Google access tokens: credentials required to access Google Calendar and Google Tasks on your behalf. Stored encrypted with AES-256-GCM.
- Audio content: audio files you upload directly through MACE. They're stored temporarily in encrypted cloud storage (Cloudflare R2) solely to process transcription and task extraction, then deleted; we do not permanently store them on our servers.
- Transcriptions and summaries: text generated from your audio files, stored in our database for the conversational assistant to function.
- Usage data: pipeline activity logs (processed audio files, errors) for diagnostics and technical support.
- Session cookies: an httpOnly and Secure cookie that keeps your session active. We do not use tracking or advertising cookies.
2. How we use your data
- Provide the service: transcribe audio files, create tasks in Google Tasks and events in Google Calendar.
- Operate the conversational assistant (RAG) on your notes history.
- Maintain account security and detect misuse.
- Send you critical error notifications if audio processing fails.
We do not sell, rent, or share your data with third parties for marketing purposes.
3. Third-party services and Google data usage
Our application interacts with third-party services to provide its core functions:
- Google APIs (Calendar, Tasks, OAuth 2.0) — Google Privacy Policy. MACE's use and transfer of information received from Google APIs to any other application will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Cloudflare R2: uploaded audio files are stored temporarily and privately in a dedicated Cloudflare R2 bucket while they're processed, then deleted.
- Revoking access: You can revoke MACE's access to your Google data at any time from your Google account settings under Third-party apps with account access, or by requesting account deletion through our support at mace.soporte@gmail.com.
- Google Gemini API — audio processing for transcription.
- Supabase — cloud-hosted PostgreSQL database.
- Railway — server infrastructure.
- Sentry — technical error monitoring (contains no content data).
- Lemon Squeezy — payment processing (Merchant of Record).
4. Data retention
Your data is retained while you maintain an active account. You can request complete deletion of your account and all your data at any time from the application settings or by writing to mace.soporte@gmail.com. Deletion is permanent and irreversible.
5. Your rights (GDPR / privacy)
You have the right to:
- Access: request a copy of the data we hold about you.
- Rectification: correct inaccurate data.
- Erasure (Art. 17 GDPR): permanently delete your account and all your data.
- Portability: receive your data in a structured format.
- Objection: object to processing at any time.
To exercise any of these rights, contact us at mace.soporte@gmail.com.
6. Security
We apply appropriate technical measures: AES-256-GCM encryption for Google tokens, HTTPS-only communication, httpOnly and Secure cookies, and per-user access controls (Row-Level Security in the database).
7. Minors
MACE is not directed at individuals under 16. We do not intentionally collect data from minors.
8. Changes to this policy
We will notify you by email of material changes. The "Last updated" date always reflects the current version.
9. Contact
For any privacy questions: mace.soporte@gmail.com