Privacy Policy
Last updated: March 2026 · Version 1.0
This policy describes how mdmin (“we”, “us”) collects, uses, and protects your information when you use mdmin.dev and related services. We take your privacy seriously and only collect what is necessary to provide the service.
1. What We Collect
Account information
Your email address and name are collected by Clerk (our authentication provider) when you sign up. We store a user ID linked to your Clerk account in our database.
Compression metadata
When you use the API, CLI, or browser extension with an API key, we log compression events: token counts, reduction percentage, compression mode, a short text preview (up to 80 characters), and the source (web, extension, API, CLI, or MCP). This is used to show you your compression history and statistics.
Saved inputs (opt-in only)
If you choose to save text to your Library, we store the full input text, a character count, an optional label you provide, and timestamps. You must explicitly save text — we never store input content automatically. Free accounts may save up to 20 items.
Prompt Analyzer submissions
If you share a prompt via the Prompt Analyzer, the prompt text is stored with a public slug. You control whether prompts are public or private.
2. How We Use Your Information
- To provide the mdmin service and show you compression history and statistics
- To authenticate you and secure your account
- To enforce usage limits (e.g. free tier limits)
- To improve the service based on aggregate, anonymised usage patterns
We do not sell your data, share it with advertisers, use it to train AI models, or disclose it to third parties except as described in this policy.
3. Data Retention
- Compression history: Kept while your account is active. Deleted when you delete your account.
- Saved inputs: Kept until you delete them, or automatically deleted after 365 days of no access (“last used” inactivity). You can delete them at any time from Settings.
- Account data: Deleted when you delete your account, including all associated compressions, saved inputs, and API keys.
4. Data Security
Your data is stored in Supabase (PostgreSQL), which encrypts data at rest and in transit. Our service-role database key is never exposed to browsers — all database access is server-side only. Every read or write to saved inputs is verified against your authenticated user ID; no user can access another user's data.
5. Your Rights
You have the following rights regarding your personal data:
- Access: Export all your data as JSON from Settings → Account & Data → Export my data.
- Deletion: Delete your account and all associated data from Settings → Account & Data → Delete account. This is immediate and irreversible.
- Correction: Update your profile information via your account settings. Contact us to correct other data.
- Portability: The data export feature provides your data in a machine-readable JSON format.
For GDPR requests or any privacy concerns, contact us at privacy@mdmin.dev.
6. Third-Party Services
Clerk (authentication)
Handles sign-up, login, and session management. Stores your email address and authentication credentials. Clerk is GDPR compliant. See Clerk's privacy policy.
Supabase (database & storage)
Stores your compression history, saved inputs, and account metadata. Supabase is SOC 2 Type II certified and GDPR compliant. Data is hosted in the EU. See Supabase's privacy policy.
7. Cookies & Local Storage
We use cookies strictly necessary for authentication (managed by Clerk). We do not use tracking or advertising cookies. The browser extension stores your API key and preferences in chrome.storage.local on your device — this data never leaves your browser unless you explicitly use the API.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the website. Continued use of the service after changes constitutes acceptance of the updated policy.
9. Contact
Questions about this policy? privacy@mdmin.dev