Privacy policy

What is stored, and where

m-session stores your session data, journal entries, and app preferences using your browser’s built-in storage mechanisms:

• localStorage — Session state, preferences, and settings. Stored as key-value pairs in your browser.
• IndexedDB — Journal images and larger data. Stored in your browser’s local database.

This data never leaves your device. There is no server-side storage, no cloud sync, no backup service. If you clear your browser data or uninstall the app, this data is permanently deleted.

Because everything in m-session lives in your browser, the privacy of your session also depends on which browser you use. We recommend a browser that does not collect data about your activity:

• Brave — Chromium-based with built-in tracker and ad blocking, fingerprint protection, and no telemetry.
• Firefox — Open source, with Enhanced Tracking Protection enabled by default.
• LibreWolf — A hardened fork of Firefox configured for privacy out of the box.
• Mullvad Browser — Built by the Tor Project and Mullvad, designed to minimize fingerprinting.

Chrome, Edge, and Safari will run m-session without issue, but they collect varying amounts of data about your browsing for their own purposes.

Your right to deletion

Under GDPR and similar privacy laws, you have the right to request deletion of your personal data. Here is how to exercise that right with m-session:

Clear your browser storage.

That’s it. There is no account to delete, no server to contact, no form to fill out, no 30-day waiting period, and no team of people to process your request. Everything is on your device. You are, in the most literal sense, already in full control of your data. GDPR was written for a different kind of app.

In Chrome or Brave: Settings → Privacy and security → Clear browsing data. In Safari: Settings → Safari → Clear History and Website Data. In Firefox: Settings → Privacy & Security → Clear Data.

How we collect anonymous usage counts

m-session uses Plausible Analytics — an open-source, privacy-first analytics tool — to count anonymous usage events. Plausible does not use cookies, does not track individuals across sessions or sites, and does not store IP addresses or any personal data.

In the event names below, “blog” refers to the Notes page. We use “blog” in analytics naming to keep it clearly distinct from your private journal notes — which are never tracked.

The following events are counted:

• intake-start — When a user begins the intake questionnaire
• intake-complete — When intake is finished; includes session mode (solo / partner / sitter), guidance level, session duration range, and primary focus area
• intake-saved — When a user taps Save & Exit on the intake form to resume later; includes the last intake step reached (e.g. “B-2”). Question responses are never sent.
• intake-abandoned — When a user resets the session without completing intake; includes the last intake step reached (e.g. “B-2”)
• preview-button-click — When a user taps the “Preview Activity” button on the welcome screen before beginning intake. No properties.
• preview-module-select — When a user selects an activity from the preview drawer; includes the activity’s library id (e.g. “body-scan”).
• preview-module-start — When a previewed activity actually begins; includes the activity’s library id.
• preview-module-complete — When a previewed activity is completed; includes the activity’s library id.
• session-start — When a session begins; includes a bucketed dosage range (e.g. “moderate”, “strong”) — never an exact amount
• booster-decision — Whether a booster dose was taken or skipped; if taken, includes a bucketed dose range
• phase-peak — When the peak phase begins
• phase-integration — When the integration phase begins
• session-complete — When a session ends; includes a bucketed session duration (e.g. “4–6h”)
• module-complete — When a guided activity is completed; includes the module name and session phase
• voice-selected — The voice in use when a meditation actually begins, or when a new default voice is committed in Settings. Includes the voice id (e.g. “theo”) and the source (module or settings). Cycling through voices in the picker pill is not tracked — only the voice you start with.
• tool-used — When a tool is opened from the Tools tab; includes the tool id (about, how-to-use, faq, resources, dosage, sources, settings)
• helper-category-click — When a category card is selected in the helper modal (intense feeling, trauma, resistance, grief, ego dissolution, feel good, intention, emergency contact). Simply opening the helper modal is not tracked.
• emergency-support — When an emergency support action is used (e.g. “Call Fireside Project”); includes the action label
• pwa-installed — The first time the app is opened from the device home screen (standalone mode). Fires once per device.
• launch-app — When a user clicks a launch button on the landing page; includes which button (header / menu / hero / cta / footer)
• blog-preview-click — When a blog (Notes) preview card is clicked on the landing or about page; includes the post slug and which page it was clicked from

All values are categorical. No free-text, no journal content, no session timestamps, and no personally identifiable information is ever included. Events are sent as anonymous counts only.

You can opt out of all analytics at any time in Settings → Usage Data. When disabled, no events are sent.

Third-party services

m-session uses a minimal number of third-party services:

• Vercel — Hosts the website and app. Vercel may log standard web server information (IP addresses, request timestamps) as part of their infrastructure. m-session does not access or use these logs. See Vercel’s privacy policy.
• Google Fonts — Provides the Azeret Mono and DM Serif Text typefaces. Loading fonts from Google’s CDN means your browser makes requests to Google’s servers. See Google’s privacy policy.
• Plausible Analytics — Counts anonymous usage events to help improve the app. Plausible is open-source, does not use cookies, does not store IP addresses, and does not track individuals across sessions or sites. See Plausible’s privacy policy and data policy.
• Tally — Powers our optional feedback form. Tally is a privacy-focused form builder — no tracking cookies, no advertising, GDPR-compliant. If you choose to submit feedback, your responses are stored on Tally’s servers. This is entirely optional and external to the app. See Tally’s privacy policy.

No other third-party services, APIs, or SDKs are used. There are no embedded widgets, no social sharing scripts, no chat services.

Audio content

Guided meditation audio is generated using ElevenLabs text-to-speech during development. The resulting audio files are pre-built and shipped with the app as static assets. There are no runtime API calls to ElevenLabs or any other service — all audio plays from files cached on your device.

Auditability

m-session is open source under the AGPL-3.0 license. The complete source code is available on GitHub. You do not have to take our word for any privacy claim — you can read the code and verify it yourself.

You can also use your browser’s developer tools (Network tab) to verify that the only outbound requests during a session are anonymous event counts sent to Plausible — no personal data is ever included.