Back to Home

Privacy Policy

Last Updated: April 24, 2026

1. Who We Are

MeetFika is a 1:1 management platform for managers and their direct reports. This policy explains what data we collect when you use the Service, why we collect it, who we share it with, and the choices you have. Questions about this policy can go to support@meetfika.com.

2. Data We Collect

  • Account data. Name, email, password (hashed), job title, profile photo. If you sign in with an OAuth provider, we receive the provider’s basic profile and email claims — we don’t receive your provider password.
  • Team & relationship data. Which team you belong to, who your manager is, who reports to you, dotted-line relationships, and role (direct report, manager, admin, platform admin).
  • Check-in content. Prep you submit (talking points, sentiment scores, status updates, blockers), shared notes, follow-ups, starred moments, career goals, team goals, wins, and personal tasks.
  • Manager-only content. Coaching Notes, Constructive Feedback, Performance Notes, and Development Plan a manager writes about a direct report. See §4 for how this is protected.
  • Employee-only content. Employee Private Notes a direct report keeps about themselves. See §4.
  • Billing data. Plan tier, subscription status, and the Stripe customer ID. We don’t store full card numbers.
  • Support tickets. Subject, body, attachments, and the back-and-forth on any ticket you open. Staff replies appear in the same thread you see; staff also leave internal notes attached to the ticket that are never shown to you.
  • Email preferences. Your opt-in / opt-out state for each email category (the daily digest is opt-in; security and billing notices are mandatory).
  • Technical data. IP address, browser and device type, pages visited, and actions taken — collected through server logs and first-party cookies used for authentication and basic product analytics.

We don’t knowingly collect data about anyone under 16. If you believe we have, contact us and we’ll delete it.

3. How We Use Data

  • To operate the Service — authentication, delivering check-ins to the right people, computing sentiment trends and Team Health rollups for people already authorized to see them.
  • To send operational email: check-in reminders, follow-up summaries, billing receipts, security notices, and support replies. The daily digest is opt-in, and other non-essential categories respect your email preferences. Security and billing notices are mandatory and don’t honor opt-outs.
  • To keep the Service secure and prevent abuse — rate limiting, audit logging, error tracking.
  • To improve the Service — understanding which features get used, where people get stuck. Product analytics are aggregated and not used to build individual profiles.
  • To comply with legal obligations and enforce our Terms.

We don’t sell your data. We don’t share it with advertisers. We don’t use your check-in content to train third-party AI models.

4. Confidentiality Boundaries Inside the Product

Some of the most sensitive content in MeetFika is the content employees and managers share with each other — or keep private from each other. We enforce those boundaries in the database, not just in the UI:

  • Manager Private Space (Coaching Notes, Constructive Feedback, Performance Notes, Development Plan) is visible only to the manager who wrote it. The direct report cannot see it. These four fields are encrypted at rest in our database.
  • Employee Private Notes are visible only to the employee who wrote them. The manager cannot see them.
  • Annual reviews and feedback snapshots. Annual reviews are written by the manager. A manager can choose to include in-period positive and constructive feedback in a published review; when they do, that feedback is snapshotted into the review at the moment it’s published and shown to the direct report. Edits to the original check-ins after that point do not change what the employee sees in their published review.
  • Row Level Security (RLS) policies on every table enforce that you only see content your role, your relationships, or your team membership entitle you to — including check-in history drawers and team-level sentiment rollups, which are visible only to people on the reporting line for that team.
  • Platform admins (MeetFika staff) can access data across teams only when necessary for support, billing, or investigation of abuse. The role is split: moderators handle frontline support (triage tickets, ban / unban, password resets, restoring soft-deleted rows), and super-admins handle the destructive operations on top of that (permanent purge, team deletion, gifting plans). MFA is required for both roles before any privileged action runs, and every action writes to a separate platform audit log.

Team Health and sentiment rollups aggregate check-in data and always display the denominator (the number of respondents) under every tile. We do not present rollups as “anonymous” when small sample sizes would make individuals identifiable — the denominator is shown so you can judge that yourself.

5. Processors & Sub-Processors

We use the following third parties to operate the Service. They process data only on our instructions and under written agreements:

  • Supabase — authentication, database (PostgreSQL), and file storage.
  • Vercel — application hosting, edge delivery, and scheduled background jobs.
  • Stripe — subscription billing and payment processing. We receive a customer ID and subscription status; Stripe holds the payment-method details.
  • Resend — transactional email (check-in reminders, support replies, billing notices).

We keep an up-to-date processor list and will notify customers of material changes in advance where feasible. Email support@meetfika.comif you need the current list with each sub-processor’s purpose and processing region for a security or procurement review.

6. International Transfers

Our infrastructure runs in data centers operated by the providers listed above, primarily in the United States. If you’re accessing the Service from outside the U.S., your data may be transferred to and processed in the U.S. Where required, we rely on Standard Contractual Clauses or equivalent safeguards in our agreements with processors.

7. Data Retention

  • Active accounts. We keep your data for as long as your account is active.
  • Deleted accounts and teams (45-day grace window). When you delete your account, or a team admin deletes a team, the rows are soft-deleted first. They’re hidden from the product but remain restorable by a MeetFika super-admin for 45 days. After that window an automated job permanently purges them and the deletion is irreversible. Content you created inside a team (shared check-in notes, follow-ups, team goals you authored) may remain with the team so your colleagues’ history stays intact, attributed to a deactivated user.
  • Audit & security logs. Retained for up to 24 months for security, abuse prevention, and legal compliance.
  • Billing records. Retained as long as required by tax and accounting law (typically 7 years).
  • Backups. Encrypted backups roll off on a standard cycle; deleted content is purged from backups within ~35 days of the permanent purge above.

8. Your Rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to certain uses. To exercise these rights, email support@meetfika.comfrom the address on your account. We’ll respond within 30 days.

EEA, UK, and Swiss users (GDPR). Our lawful bases for processing are contract performance (operating the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (where required, e.g. optional analytics), and legal obligation. You have the right to lodge a complaint with your local supervisory authority.

California users (CCPA/CPRA).You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of “sale” or “sharing” — MeetFika does not sell or share your personal information as those terms are defined by California law.

9. Security

We encrypt data in transit (TLS) and at rest. Sensitive manager fields (Coaching Notes, Constructive Feedback, Performance Notes, Development Plan) are additionally encrypted at the application layer so that plaintext is only available to authorized server actions. Access is enforced by Row Level Security policies on every table and is subject to audit logging. Privileged actions taken by MeetFika staff (moderators and super-admins) require multi-factor authentication (TOTP) before they can run.

No system is perfectly secure. If we become aware of a breach affecting your personal data, we’ll notify you and, where required, the relevant supervisory authority within the timeframes required by applicable law (72 hours under GDPR).

10. Cookies

We use first-party cookies for authentication (keeping you signed in) and a small number of first-party analytics cookies for product usage insights. We do not use third-party advertising cookies. You can clear or block cookies through your browser; blocking authentication cookies will sign you out.

11. Changes to This Policy

We’ll update this policy as the product changes. When we make material changes, we’ll update the “Last Updated” date and notify you by email or in-product notice before they take effect.

12. Contact

Privacy questions, data-subject requests, or anything else: support@meetfika.com.