Privacy Policy
Last updated: 27 April 2026
Meet Me At Work (the “Service”) is a meeting room booking system operated by Puresoft Ltd, registered in Northern Ireland. This policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. If you have questions, email support@meetmeat.work.
The short version
- We collect the minimum we need to make bookings work: email address, the bookings you make, and a device push-notification token if you install our mobile app.
- We don’t sell your data, share it with advertisers, or use it for advertising profiling.
- We don’t use third-party analytics or tracking SDKs.
- You can delete your account and your organisation’s data at any time from the customer portal.
- Card payments are processed by Stripe; we don’t see or store card numbers.
What we collect, and why
| Data | Why | Retention |
|---|---|---|
| Email address | Magic-link sign-in, booking confirmations, attendee invitations, and admin notifications. | For the life of your account; deleted within 90 days of account closure. |
| Bookings (room, time, title, description, attendee emails, recurrence rule) | Running the calendar, sending iCal attachments, conflict resolution. | For the life of the booking. Past bookings retained for 12 months for usage statistics, then deleted. |
| Organisation details (name, address, billing email, currency) | Generating invoices and processing payments. | Retained for 7 years to satisfy UK / EU bookkeeping obligations. |
| Device push-notification token (mobile app only) | Sending booking confirmation, update, cancellation, and start-time reminder pushes. | Until you sign out of the app or revoke the device. We delete tokens that the platform reports as expired. |
| Camera (mobile app only) | Used solely to scan QR codes on meeting room signs. We never read or upload images, and the camera is only active when the user opens the Scan screen. | Not stored. |
| IP address and basic request logs | Abuse prevention, debugging, and rate-limiting (Cloudflare). | 30 days. |
| Stripe customer and subscription identifiers (paid customers only) | Recurring billing, refunds, payment-failure recovery. | Retained per UK / EU bookkeeping obligations; can be deleted on closure of the account, subject to those obligations. |
Where the data is stored
The Service runs on Cloudflare’s global infrastructure. Operational data (D1 database, KV session store, R2 object storage) is stored in Cloudflare’s European Union (EU) regions where available. Cloudflare may replicate read-only copies elsewhere for performance; the authoritative copy stays in the EU.
Email is delivered through Cloudflare Email Sending. Card payments are processed by Stripe; we transmit your email and organisation details to Stripe so it can send you receipts and statements.
What we don’t do
- We don’t use Google Analytics, Mixpanel, Segment, or any third-party analytics SDK.
- We don’t use advertising IDs (IDFA / GAID) or run ad-targeting cookies.
- We don’t share your data with data brokers or third-party marketing platforms.
Push notifications
The mobile app uses Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to deliver booking notifications. The push payloads contain only the data needed to render the notification — typically a room name, start time, and a deep link. Apple and Google handle delivery; neither sees your booking detail beyond what we put in the payload.
You can disable notifications system-wide in your device settings, or selectively in the app’s Account screen. Revoking your device from the app immediately deletes its push token from our database.
Cookies
The web Service uses one cookie: a session cookie (__session) that keeps you signed in. It expires after 7 days of inactivity. We don’t use tracking, advertising, or analytics cookies.
Your rights
If you live in the United Kingdom, the European Union, or any jurisdiction with comparable data-protection law, you have the right to:
- Ask what personal data we hold about you.
- Have inaccurate data corrected.
- Have your data deleted (the “right to be forgotten”) — this is built into the customer portal as “Delete my organisation”.
- Export a copy of your data in a portable format (email support@meetmeat.work).
- Object to processing or restrict it.
- Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your national supervisory authority.
Children
The Service is intended for use by adults in a workplace context. We do not knowingly collect data from children under 13.
Data breaches
If we discover a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it, as required by UK GDPR Article 33.
Changes to this policy
If we change this policy in a way that affects your rights, we’ll notify users by email at least 30 days before the change takes effect. Minor wording or clarifications are made silently — check this page’s “Last updated” date to see when it was last revised.
Questions, requests, or complaints about your data:
support@meetmeat.work
Puresoft Ltd, Lisburn, United Kingdom