Last Updated
February 19, 2026
My Commitment to Your Privacy
Me the Tech operates the website methe.tech (the "Service"). This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you visit the Service. By using the Service, you also agree to the <a href="/terms">Terms of Service</a>. I believe that privacy is a fundamental right, not a negotiable feature. I collect only what I need, I store only what I must, and I never sell your data to anyone. Period.
Information I Collect
I collect information that you voluntarily provide and information that is automatically collected when you use the Service.
Account Information: When you create an account, I collect your email address and a securely hashed password. Your name is optional and only collected if you choose to provide it. If you sign in with Google, I receive your name, email, and profile picture from Google's OAuth service.
Booking Information: When you schedule a consultation, I collect your email and the service you select. Your name and phone number are entirely optional. You can book a meeting without providing anything beyond an email address.
Contact Form Data: When you reach out through the contact form, I collect your name, email, and message content.
Usage Analytics: I use Cloudflare Web Analytics, a privacy-first analytics tool that does not use cookies, does not track individual users, and does not collect personal information. It only provides aggregated traffic metrics.
Technical Data: The servers automatically log standard technical information including IP addresses (anonymized), browser type, operating system, and referring URLs. This data is used exclusively for security monitoring and service optimization.
Cookies & Local Storage
I use cookies and local storage minimally and only for functional purposes. For a complete breakdown of every cookie and storage mechanism in use, see the <a href="/cookie-policy">Cookie Policy</a>.
Authentication Cookie (auth_token): A secure, HttpOnly cookie that maintains your login session. It expires after 7 days and cannot be accessed by client-side JavaScript.
Language Preference: Stored in localStorage and a cookie to remember your language selection (English or Turkish) across visits.
Service Worker Cache: The Progressive Web App (PWA) caches static assets locally for faster loading and offline capability. No personal data is cached.
I do NOT use advertising cookies, tracking pixels, or any third-party tracking cookies. I do not place ads on this site. Cloudflare Web Analytics is entirely cookie-free.
How I Use Your Information
Your information is used strictly for the purposes you provided it for.
To provide, maintain, and improve the Service
To create and manage your account
To process and manage your consultation bookings, including creating Google Calendar events and Google Meet links
To send you booking confirmations, reminders, and service-related communications via email (Brevo/Sendinblue)
To respond to your inquiries submitted through the contact form
To detect, prevent, and address security threats and abuse
To comply with legal obligations
Third-Party Services
I integrate with a limited number of trusted third-party services, each chosen for their privacy practices and reliability.
Cloudflare: Provides the CDN, DDoS protection, DNS, and privacy-first analytics. Cloudflare processes requests to deliver the content securely.
Google OAuth: Used for optional Google Sign-In. I receive only your name, email, and profile picture. I do not access your Google contacts, calendar, or any other Google service data through your login.
Google Calendar API: Used exclusively to create consultation events on the business calendar. I use OAuth with a service-level refresh token. Your personal Google account is never accessed.
Brevo (Sendinblue): The email service provider for transactional emails (booking confirmations, password resets, email verification). Brevo processes your email address and name solely to deliver these communications.
Cloudflare Turnstile: A privacy-preserving CAPTCHA alternative used to protect forms from automated abuse. Unlike traditional CAPTCHAs, it does not track users.
Google API Services User Data Policy
Me the Tech's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically regarding Google OAuth data:
Data Accessed: When you sign in with Google, I request access to your primary email address, your name, and your profile picture. I do not request access to your Google contacts, drive, calendar events, or any other private Google data.
Data Usage: The accessed data (email, name, profile picture) is strictly used to create your account, identify you within the system, and allow you to book consultations seamlessly.
Data Sharing: I do not share, sell, or transfer your Google user data to any third parties for advertising, marketing, or any other purpose.
Data Storage & Protection: Your Google account data is stored in a secure database protected by industry-standard encryption (TLS 1.3 in transit, encrypted at rest) and strict access controls via Cloudflare's security infrastructure.
Data Retention & Deletion: Your Google user data is retained only as long as your account remains active. You may request the deletion of your account and all associated data at any time by contacting me, and I will securely purge it within 30 days.
Data Security
I implement industry-standard security measures to protect your data.
All data in transit is encrypted via TLS 1.3 (HTTPS enforced via HSTS with a 1-year max-age)
Passwords are cryptographically hashed using bcrypt before storage. I never store plaintext passwords
Authentication tokens are signed with HS256 (HMAC-SHA256) and transmitted only via secure, HttpOnly cookies
The Content Security Policy (CSP) strictly limits which domains can serve scripts, styles, and other resources to the site
Session tokens are stored as SHA-256 hashes in the database, ensuring even database access cannot compromise active sessions
The infrastructure runs on Cloudflare's edge network with built-in DDoS protection and Web Application Firewall (WAF)
Data Retention
I retain your data only as long as necessary for the purposes described in this policy.
Account data is retained while your account is active. You may request deletion at any time.
Booking records are retained for 2 years for business and legal compliance purposes.
Contact form submissions are retained for 1 year.
Server logs are automatically rotated and deleted after 30 days.
Authentication sessions expire after 7 days and expired session records are periodically purged.
Your Rights
Regardless of where you are located, I respect and uphold the following rights for all users.
Right to Access: You can request a copy of all personal data I hold about you.
Right to Rectification: You can update or correct your personal information through your profile settings or by contacting me.
Right to Deletion: You can request complete deletion of your account and associated data. I will process this within 30 days.
Right to Data Portability: You can request your data in a structured, machine-readable format.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Object: You can object to processing of your personal data for specific purposes.
Children's Privacy
The Service is not directed to individuals under the age of 16. I do not knowingly collect personal information from children. If I become aware that I have collected data from a child without parental consent, I will take immediate steps to delete that information.
Changes to This Policy
I may update this Privacy Policy from time to time to reflect changes in practices, technology, or legal requirements. When I make material changes, I will update the "Last Updated" date at the top of this page. I encourage you to review this policy periodically.
Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or data practices, please reach out.
Email: dev@methe.tech
Website: https://methe.tech/contact