Legal

Privacy Policy

Effective: 28 April 2026 · Last updated: 28 April 2026

This Privacy Policy explains how M3XI (“we”, “us”, “our”) collects, uses, and shares personal data when you use our mobile applications (StartUp, Note Taker — often listed as NoteTaker, and CinemaToon where offered) and the M3XI website. By using our services, you agree to this policy.

Scope Some details apply only to certain apps—where relevant, we name the product. Features may vary by platform and version.

1. Who we are

Controller: M3XI, operating in England and Wales.

Privacy & GDPR requests: support@m3xi.com

Mailing address: Available on written request sent to the email above.

2. What our apps & website are

StartUp — skill-based matching to job opportunities and collaboration: swipe-discover postings, applicant profiles including skills and demo media, employer or collaborator identities as provided, AI-assisted skill matching and dictation coaching, in-app messaging (including direct messages when enabled), subscriptions where offered.
Note Taker (stores: NoteTaker) — lecture recording, transcription, and notes organised using the Cornell note-taking method (structured cues, main notes, summaries), optional images from camera or gallery, titles and text notes, account sync.
CinemaToon — creative and narrative workflows (e.g. manga-style sequencing, narration, drafts and assets you submit); specifics depend on the build you use.
m3xi.co website — marketing pages, privacy/terms, contact.

3. Data we collect (by category)

Account and identity

Email address, name, avatar or profile basics from your sign-in provider.
An internal user ID tied to your account.

User content

Note Taker / NoteTaker: audio recordings; generated transcripts; images you capture or choose; note text, titles, tags; timestamps and ordering metadata.
StartUp: skills lists, demos and portfolio uploads, bios and application materials, swipe actions and preference signals for matching, in-app conversations (including employment or collaboration enquiries), organisational pages or role listings you create, verification data when you enable optional connectors (such as LinkedIn), and moderation or safety tooling metadata.

Device / app telemetry

We may collect device type, operating system, app version, and coarse diagnostic data (such as stability information) via platform or third-party tooling where enabled to operate and secure the apps. Use of dedicated crash or analytics SDKs follows their privacy notices—we do not sell personal data.

Payments

Payments are handled by Stripe. We do not collect or store full card numbers. We receive identifiers and status needed to administer subscriptions—such as customer ID, plan, and billing state—from Stripe.

4. Purposes

Provide the service—sync, storage, transcription, messaging, recruitment and collaboration workflows, ranking and relevance (including AI-assisted skill matching).
Authentication, security, anti-abuse, and fraud prevention.
Billing and plan status.
Support and enforcement of rules and legal obligations.
StartUp-specific: surfacing roles and applicants, swipe-based interaction, coaching and feedback features for dictation, optional third-party verification when you enable it.

5. Legal bases (UK / EU / UK GDPR)

Contract — delivering the apps and requested features.
Legitimate interests — security, debugging, preventing abuse, and improving products (balanced against your rights).
Consent — where required (e.g. non-essential website cookies where applicable).

6. Third parties (subprocessors)

We share data only as needed:

Supabase — authentication, Postgres database, and object storage hosting for accounts and Your content.
OpenAI (or successor AI processors we configure) — text, structured profile or skills data, and audio you provide for coaching may be processed for skill matching, dictation coaching, and related assistance in StartUp; on Note Taker (NoteTaker) for transcription and optional image understanding. Processing follows the provider’s API terms for business use.
Google — Google Sign-In OAuth; identity tokens/profile fields required to authenticate you. Processing is governed by Google’s agreements and policies alongside this policy.
LinkedIn — only if you initiate optional verification in StartUp; OAuth profile subset for verification.
Stripe — payment processing and billing records as described above.
Infrastructure/CDN/hosting (e.g. Vercel or similar)—operational delivery of the website and APIs; routing and HTTPS.

We use each provider under written terms appropriate to processors; we don’t sell your personal data.

7. AI / cloud versus on-device

For StartUp, matching and coaching features typically involve cloud processing of profile, skills, and voice or text you submit to the coach. For Note Taker, certain workflows run in the cloud (including transmission to transcription/AI APIs). Depending on implementation and settings, other steps may occur on your device first (recording, offline caching). Exact routing can vary by OS build and toggle—consult in-app disclosures where provided.

Retention by AI vendors is governed by OpenAI (OpenAI policies) plus our deletion requests and account workflows. Where you delete content or your account per section 10, we remove copies we control subject to lawful retention.

8. Location, storage, security, retention

Locations: Data may reside in regions where Supabase, Stripe, AI providers, and hosting operate (possibly including the United Kingdom, European Economic Area, and United States).

Transfers: Where personal data transfers outside your country occur, we use appropriate safeguards (including Standard Contractual Clauses where applicable).

Security: Encryption in transit (HTTPS/TLS), access controls aligned to principle of least privilege, and hardened cloud configuration. No online service is flawless—please avoid sharing sensitive secrets in notes not intended for that purpose.

Retention: Active accounts retain profile and content unless you delete items or terminate the account—then we erase or anonymise within a reasonable operational window (typically within 30 days of deletion), except mandatory legal, taxation, dispute, or fraud-prevention records.

9. App permissions

Microphone	Record voice notes and dictation.
Camera / photos	Attach images you choose to capture or import for notes/posts.
Storage / media	Pick or export files locally when the feature permits.
Internet	Sync, sign-in, cloud transcription, backups, subscriptions, and telemetry.

10. Children

Note Taker is not aimed at children under 13; we don’t knowingly collect children’s personal data outside permitted contexts.

StartUp is intended for adults (18+).

11. User rights

Depending on jurisdiction, you may exercise access, correction, deletion, portability, restriction, objection or complaint rights. Requests: support@m3xi.com from your registered email where feasible. ICO complaints guidance (UK users): ico.org.uk.

12. Cookies (website)

Our apps do not rely on HTTP cookies while running natively where applicable. On this marketing site, we may use strictly necessary operational cookies plus optional analytics aligned with banner/consent tooling if deployed.

13. Moderation / messaging (StartUp)

You retain rights in your own skills descriptions, demos, and materials you upload, subject to licences you grant us to operate the service. Direct messages may be machine-supported for safety and deliverability. We combine automated and human moderation: reports, blocking, sanctions, and takedowns for harassment, fraud, or illegal content. We are not a traditional employer and do not guarantee hiring outcomes; employment terms are between you and counterparties.

14. Changes

We may update this policy; we will post the revision date at the top and, if material, notify through the app or email.

15. More help

All privacy and app enquiries: support@m3xi.com