MethangGet the app
Privacy

Privacy Policy

Methang is built for shop owners running retail commerce. This page explains exactly what we collect, why, and the choices you have — in plain English, no Latin.

Last updated · 13 May 2026
On this page
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Who we share data with
  5. Where your data is stored
  6. How long we keep it
  7. Your rights (NDPR)
  8. Children’s privacy
  9. International transfers
  10. Security
  11. Cookies & analytics
  12. Contact & complaints
  13. Updates to this policy

Who we are

“Methang” (we, us, our) is the operator of the Methang app — a commerce platform that helps small businesses run their shops: track sales, customers, stock, and receipts from a phone. We also operate this website at methang.com, which hosts share links for invoices, receipts, and public catalogues.

If you’re reading this it usually means you’re a shop owner using our app, or a customer who received a Methang receipt or invoice link. Either way, this policy applies.

What data we collect

We try to collect as little as possible — only what we actually need to make the app work. Concretely:

Account information

  • Your email and/or phone number, your name, and a password (we never see the password in plain text — it’s hashed by our auth provider).
  • Optional business profile details: shop name, logo, address, currency, and contact info that appears on receipts.

Sales & stock records

  • Items you add (name, price, photo, stock count, barcode/QR data).
  • Sales you record — the items sold, prices, discounts, payment method, optional proof-of-payment photo, and any notes you wrote.
  • Customer details you enter yourself, e.g. a customer’s name and phone number so you can find them next time. You are the controller of that customer data; we’re the processor.

Device & diagnostic data

  • Crash reports and basic performance traces (device model, OS version, app version, anonymous user ID). Personal info is scrubbed before this leaves your phone.
  • Logs we write when something fails server-side — e.g. a failed sync — so we can fix bugs.

What we do not collect

  • We don’t track your location, contacts, or photos beyond the specific photos you choose to attach to a sale or item.
  • We don’t run advertising trackers in the app. There are no Meta Pixel, Google Ads, or TikTok SDKs inside Methang.

How we use your data

We use the data above for four things, and only four things:

  1. Run the service. Show you your sales, sync data across your phones, generate invoice + receipt links, etc.
  2. Keep it working. Use crash reports and logs to find and fix bugs.
  3. Support. When you write to us at hello@methang.com we’ll look at your account to help — we don’t browse around otherwise.
  4. Improve the product. We look at anonymous usage patterns (e.g. “how many shops use the catalogue feature”) to decide what to build next. We never look at individual sales for product research.

We do not sell your data, share it with data brokers, or use it to train AI models.

Who we share data with

To run a modern app we have to use a handful of trusted tools. Here’s the full list — there are no others:

  • Supabase — our database and login system. They host your sales, items, and account in a managed Postgres database in their European data centre (see “Where your data is stored” below).
  • Cloudinary — stores images you upload: item photos, your shop logo, and proof-of-payment screenshots. Images are served from res.cloudinary.com/dygpxs39i.
  • Sentry — receives crash reports and performance traces. Personal data is scrubbed (we strip emails, phone numbers, and customer names before sending).
  • Apple — handles App Store distribution, authentication when you use “Sign in with Apple”, and all subscription billing. Apple receives your purchase, not us — we just receive a confirmation that the subscription is active.
  • OneSignal — delivers push notifications you opted into (e.g. low-stock alerts, sale receipts). OneSignal sees the device push token and a Methang-generated identifier, not your name, email, or sales.

We have processor agreements with each of the above. None of them may use your data for their own purposes.

Where your data is stored

Our Supabase project is hosted in AWS Europe (London, eu-west-2). Images are stored on Cloudinary’s global CDN, with the primary origin in Europe. Crash reports go to Sentry’s European cluster.

We chose Europe because it gives strong, well-tested data-protection law and good network performance to the markets we serve. If we ever move regions we’ll update this page first.

How long we keep your data

When you tap Delete my account inside the app:

  • Immediately — your account is disabled. You can’t log back in, your shareable invoice / receipt / catalogue links stop working, and we unsubscribe you from any push notifications.
  • Within 1 year — our nightly job replaces your personal identifiers (name, email, phone, addresses, photos, free-text notes) with placeholders. We chose a year because it aligns with standard commercial-record retention expectations and gives time to resolve any chargeback or tax enquiry tied to your historic sales.
  • Retained anonymised — your business-record figures (sale amounts, invoice numbers, transaction totals, tax calculations) stay in our database without your identity attached. This is what regulators and your own accountant would expect a commerce platform to keep.
  • Backups — encrypted backups that contain your data are rotated out within 30 days, so anonymisation propagates fully within ~13 months in total.

We don’t offer a “restore my deleted account” path because the 1-year window is for compliance, not soft-delete. If you change your mind before tapping Delete, that’s the moment to export — see Portability below.

Your rights over your data

Modern data-protection laws (including the EU’s GDPR and equivalent regulations in the markets we serve) give you a set of rights over your data. Methang honours them globally — you don’t need to live in a specific country to exercise them.

  • Access. Ask us for a copy of the data we hold about you.
  • Correction. If something is wrong, you can fix most of it inside the app. For anything you can’t edit, write to us and we’ll correct it.
  • Deletion. Ask us to delete your account and the data associated with it.
  • Portability. Ask for a CSV export of your sales, items, and customers so you can take them elsewhere.
  • Objection. Tell us to stop processing your data for a specific purpose (e.g. product analytics).
  • Withdraw consent. Where we relied on your consent (e.g. optional crash reporting on iOS), you can turn it off at any time.

To exercise any of these, email hello@methang.com from the address on your account. We aim to respond within 30 days. There’s no fee unless your request is clearly excessive or repeated.

Children’s privacy

Methang is a tool for running a business and is not intended for anyone under 18. We don’t knowingly collect data from minors. If we learn that an account belongs to a person under 18 we’ll delete it.

International transfers

Because our infrastructure is in Europe, your data may leave your country when you use Methang. We rely on the providers’ standard contractual clauses and recognised adequacy frameworks to make that transfer lawful. If you’d like more detail, write to us — we’re happy to share the specific clauses.

Security

We secure your data with a defence-in-depth approach, including:

  • TLS encryption on every connection between the app and our servers.
  • Encryption at rest for both the database and image storage.
  • Row-level security inside Supabase so one shop owner can never see another shop’s data, even if they tried.
  • Short-lived auth tokens and password hashing on the server.
  • Least-privilege access for our small team — most of us have no production data access at all.

If you spot a security issue, please email hello@methang.com with the subject “Security report”. We’ll get back to you fast.

Cookies & analytics

On methang.com we use only a small amount of first-party analytics to count visitors and understand which pages help. We do not use third-party advertising cookies, and there is no cross-site tracking. The mobile app itself contains no advertising SDKs at all.

Strictly necessary cookies (e.g. to remember whether you’ve dismissed a banner) may be set without consent because the site can’t work properly without them.

Contact & complaints

The fastest way to reach us is email: hello@methang.com. We answer all privacy questions ourselves — there’s no chatbot gatekeeping.

If you’re not happy with our response, you can also lodge a complaint with your local data-protection authority. You can see our support page for other help options.

Updates to this policy

When we change this policy we update the “Last updated” date at the top. If a change materially affects your rights (e.g. we add a new processor or change what we collect) we’ll let you know inside the app and by email before it takes effect.

TL;DR. We collect what we need to run a sales notebook. Your data lives in Europe. When you delete your account: access ends immediately, personal data is anonymised within 1 year, and we keep anonymised business figures for compliance. We never sell your data. Email hello@methang.com for anything.