MMNTM — Privacy Policy

Effective Date: 27 April 2026
Last Updated: April 2026
Operator: The Accumulation Group

1. Introduction

This Privacy Policy describes how The Accumulation Group (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you use MMNTM.

We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme. This Policy should be read alongside our Terms of Service.

2. Information We Collect

2.1 Information you provide

  • Account information: name, email address, hashed password.
  • Profile information: display name, timezone, avatar (optional).
  • User content: tasks, projects, notes, focus sessions, dashboard lists, comments.
  • Payment information: card details are entered into Stripe Checkout and are never seen by our servers; we receive only the last four digits, card brand, expiry, and a Stripe customer/payment-method identifier.
  • Communications and feedback: messages you send to us, feedback or bug reports you submit.
  • Team data: workspace name, members invited, role assignments.

2.2 Information collected automatically

  • Usage data: page views and specific product events captured via PostHog. Autocapture is disabled — only events explicitly emitted by the application are recorded.
  • Device and browser information: type of device, browser, operating system, language, approximate region (derived from IP).
  • Log data: error and performance information captured via Sentry, including stack traces, request paths, and timestamps.
  • Cookies: an httpOnly authentication cookie used solely to maintain your session.

2.3 Information we do not collect

  • Biometric data.
  • GPS or precise location.
  • Social media profile data (unless you choose to connect a social account).
  • Information purchased from data brokers.
  • Screen recordings or keystrokes — session recording is disabled.

3. How We Use Your Information

We use personal information to:

  • operate, maintain, and provide the Service;
  • process payments and manage subscriptions via Stripe;
  • send transactional emails (e.g. password reset, invitation, notifications) via Resend;
  • analyse product usage and fix bugs (PostHog, Sentry);
  • detect, prevent, and address fraud, abuse, and security incidents;
  • respond to support requests and feedback;
  • comply with legal obligations;
  • produce anonymised, aggregated statistics that cannot be used to identify you.

We will not use your personal information for purposes beyond those stated above without your consent (APP 6).

4. How We Share Your Information

4.1 Service providers

We share information with the following providers strictly to operate the Service. Each is bound by contractual privacy commitments:

4.2 Team members

If you participate in a shared workspace, content you contribute is visible to other workspace members in accordance with their assigned role.

4.3 Legal requirements

We may disclose information when required by law (e.g. court orders, regulatory requests), to protect the safety of any person, or to enforce our rights or limit our liability.

4.4 Business transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring party. We will notify you by email before any such transfer takes effect.

We do not sell, rent, or trade personal information.

5. International Data Transfers

We are based in Australia. Some of our service providers process data in the United States.

We comply with APP 8 (cross-border disclosure) by ensuring overseas recipients are bound by enforceable contractual privacy obligations, by selecting providers with SOC 2 Type II controls, and by performing due diligence on the privacy regimes of each jurisdiction in which data is processed.

6. Data Retention

We retain personal information only for as long as necessary to provide the Service or to comply with legal obligations:

  • Account data: 30 days after account deletion.
  • User content: 30 days after deletion. Content shared in a workspace is managed by the workspace administrator.
  • Payment records: 7 years (Australian tax law requirements).
  • Sentry error logs: 90 days.
  • PostHog product events: 12 months.
  • Backups: 90 days.
  • Support records: 2 years.

When personal information is no longer needed for any permitted purpose, we destroy or de-identify it (APP 11.2).

7. Data Security

We implement reasonable technical and organisational safeguards to protect personal information, including:

  • TLS 1.2 or higher in transit.
  • AES-256 encryption at rest.
  • Bcrypt password hashing with per-password salt.
  • HttpOnly, Secure, and SameSite=Lax authentication cookies.
  • Need-to-know access controls and audit logging.
  • SOC 2 Type II infrastructure providers.
  • Continuous monitoring with Sentry and regular security patching.

No security measure is perfect. If you suspect a security incident, contact us at admin@accumulationgroup.com.

8. Cookies and Tracking

8.1 Essential cookies

An httpOnly authentication session cookie is required to operate the Service.

8.2 PostHog analytics

We use PostHog for product analytics. Autocapture is disabled and session recording is disabled — only specific events emitted by the application are sent.

8.3 No advertising cookies

We do not use advertising, remarketing, or cross-site tracking cookies.

8.4 Managing cookies

You can manage or delete cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

9. Your Rights Under the APPs

9.1 Access (APP 12)

You can access most of your personal information through your account settings or the data export tool. For other access requests, email us at admin@accumulationgroup.com. We aim to respond within 30 days.

9.2 Correction (APP 13)

You can correct most personal information through your account settings or by contacting us. We will respond to correction requests within 30 days.

9.3 Erasure

You can delete your account at any time. Deletion is processed within 30 days, subject to legal retention obligations, residual backups (purged within 90 days), and content shared in a workspace which is managed by the workspace administrator.

9.4 Direct marketing opt-out (APP 7)

We do not currently use personal information for direct marketing. If we do in the future, every direct-marketing communication will include a clear unsubscribe option.

9.5 Anonymity and pseudonymity (APP 2)

You may interact with us anonymously or under a pseudonym where it is lawful and practicable to do so.

9.6 Data portability

You can export your User Content in machine-readable formats (JSON, Markdown, plain text) from your account settings.

10. Notifiable Data Breaches

If a data breach is likely to result in serious harm and we cannot mitigate it, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth):

  • Contain the breach immediately.
  • Assess the breach within 30 days.
  • Notify the Office of the Australian Information Commissioner (OAIC).
  • Notify affected individuals.
  • Maintain records of all breaches and assessments.

11. Children's Privacy

MMNTM is not directed at children under 16. We do not knowingly collect personal information from children under 16.

If you become aware that a child has provided us with personal information, contact admin@accumulationgroup.com and we will delete it.

12. Do Not Track Signals

There is no uniform standard for “Do Not Track” (DNT) signals. The Service does not currently respond to DNT signals. However, we do not engage in cross-site tracking regardless of any signal.

13. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date will reflect the most recent revision. For material changes, we will provide email notice at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.

14. Complaints

If you have a privacy complaint, contact admin@accumulationgroup.com. We aim to respond within 30 days.

If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC):

15. Contact Us

The Accumulation Group

Email: admin@accumulationgroup.com

Website: https://getmmntm.app

See also our Terms of Service.