mysecretary

Privacy

How we handle your data.

Short version: we don't want it. Long version below.

Effective April 16, 2026. This is the privacy policy for mysecretary, a tool that turns rough meeting notes into properly formatted board minutes.

The short version

You paste notes. We send them to the language model, format the result, and return it to your browser. We don’t keep the notes. We don’t keep the minutes. We don’t make you sign up for an account to use the free tier. We don’t sell anything to anyone.

What we don’t collect

  • Your name, email, phone, address, or any other contact information (on the free tier).
  • Your meeting notes. They go to the model, the model returns a formatted document, and both are forgotten.
  • Your generated minutes. They’re returned to your browser and never saved on our side.
  • Analytics about what you clicked or how long you stayed. No tracking pixels, no third-party scripts, no session recording.

What we do collect, and why

A hashed fingerprint, for rate limiting

To enforce the two-free-documents-per-thirty-days limit, we take your IP address and browser user-agent string, hash them together with SHA-256, and store the 32-character result in Supabase along with a counter. The hash is one-way: we can’t turn it back into your IP. The counter resets after 30 days of inactivity and the row is removed on the next write.

We don’t use the IP for anything else. No geolocation, no cross-referencing with other services, no ad targeting.

Your notes go to Anthropic’s API for processing

The formatting is done by Claude, Anthropic’s language model. To format your notes, we send them to Anthropic’s API. We configure the API request so that Anthropic does not use your content to train its models. Anthropic’s own retention policies apply during the brief period they process the request.

We do not train any AI model on your data. We don’t have a model to train. We’re a formatter.

Payment information, if you subscribe

Paid subscriptions are processed through Stripe. Stripe handles your card details — we never see them. When you complete checkout, we receive your Stripe customer ID and the email you gave Stripe, and we store those in Supabase so we can recognize your subscription and keep your access unlocked. We use the email only to deliver receipts and let you reach us.

Cookies and how your subscription follows your browser

We set one cookie, called ms_session. After you pay, we generate a random 48-character token, store it in Supabase alongside your customer ID, and write the token into the cookie. When you come back to mysecretary, your browser sends the cookie, we look up the token, and we confirm your subscription is active. That’s the whole login flow — no password, no account page.

The cookie is httpOnly (JavaScript can’t read it), secure (only sent over HTTPS), and sameSite=lax (not sent on cross-site requests). It lasts one year. Clear your cookies and you’ll need to re-link the browser to your subscription.

No advertising cookies, no third-party analytics, no heatmaps, no session replay. We don’t sell anything about you because there’s nothing to sell.

If you want your data back, or gone

On the free tier there’s nothing to return — we don’t keep it. On the paid tier, write to hello@mysecretary.app and we’ll export or delete whatever’s tied to your account, usually within a week.

Changes to this policy

If we change anything meaningful, we’ll update this page and note the new effective date at the top. If you’re a paid subscriber, we’ll email you.

Contact

For any data question — requests, deletions, or just “how does this work” — email hello@mysecretary.app. A human reads every message.