Privacy policy

Your data stays in your browser.

Mellio analyzes your data on your own device, and is built to keep it that way. This policy explains what stays in your browser, the limited data Mellio needs to run the service, and what is stored only when you choose to turn sync on. Mellio is operated from Canada.

Effective June 22, 2026
Your dataset stays localThe data you load into the Analyzer is processed in your browser. Mellio's servers never receive or store it.
Sync is opt-inWith sync off, your saved library lives only on this device. Nothing is uploaded until you turn sync on.
No AI parsingYour data and any pasted output are not sent to an AI service to be read or interpreted.
No ad tracking or data saleMellio uses no advertising cookies and never sells your personal information.

Information you provide

  • Account information: email address, password credential handled by the authentication provider, optional display name, and whether you opted in to product emails.
  • Legal acceptance: timestamps and policy versions showing that you accepted the Terms and Privacy Policy when creating an account.
  • Research content you choose to save or sync: saved tables, figures, statistical result cards, folders, labels, notes, source metadata, and related library state. Local-only saved work stays in browser storage; synced work is stored as a cloud backup for your account.
  • Requests to server-backed features: data needed to return a requested result, such as server-side table/text/DOCX formatting. These requests are used to provide the requested feature.
  • Messages to Mellio: support requests, issue reports, or other communications you send.

Local use versus cloud sync

When sync is off, Mellio keeps your working library in browser storage on that device. Clearing browser storage, using another browser, or losing the device may remove local-only work unless you have exported or backed it up yourself.

When sync is on, Mellio stores a cloud copy of your selected library data so it can be restored or used across devices. Turning sync off stops future sync for that account/device, but you may need to delete the cloud backup from account settings if you want the existing cloud copy removed.

Signing in by itself does not mean every analysis is synced. It does mean Mellio processes account/session information and can associate product events or server-backed requests with your account where needed.

R package handoffs and provenance

The mellio R package can open supported R objects in the Mellio web app. R handoffs are designed to stay in your browser: the data is placed in the URL fragment, which is not normally sent to Mellio's server when the page loads.

The fragment can contain enough information to recreate the opened result, such as summary-oriented model/test results, full table data, plot image data, selected point-level figure data, R/package-version metadata, and data fingerprints where available. Avoid copying or sharing the full generated URL unless you intend the recipient to see that result.

By default, Mellio payloads include R/package-version metadata and data fingerprints where available. Local machine details such as user name, host name, working directory, git state, and script path are not included unless you opt in with options(mellio.provenance = "full"). Set options(mellio.provenance = FALSE) in R to omit provenance metadata.

If you save an R-sourced item in Mellio or enable cloud sync, the resulting saved item and its included metadata may be stored as part of your Mellio library.

Product events and diagnostics

Mellio collects a small set of product events for launch diagnostics and reliability: app opened, the in-browser engine becoming ready or failing, and high-level workflow completion events if emitted, such as dataset imported, analysis run, or export created. These events can include an anonymous browser identifier, session identifier, route category, app version, event name, and short metadata such as feature names or error categories.

Mellio does not use product events to record every view change, every table or figure open, raw spreadsheet contents, pasted source output, variable names, or analysis results. Product-event records are deleted or aggregated after 90 days unless they need to be kept longer for security, debugging, or legal reasons.

Mellio may also process standard technical information needed to run a web service, such as request times, IP-derived security signals, browser/device information, and error logs.

Cookies and browser storage

Mellio uses necessary cookies or browser storage for sign-in sessions, preview/staging access where applicable, anonymous product-event identifiers, local library storage, and app preferences. Mellio does not use third-party advertising cookies.

How Mellio uses information

  • To provide the app, account access, cloud sync, exports, and formatting features.
  • To preserve, restore, and display your saved library when sync is enabled.
  • To maintain security, prevent abuse, troubleshoot problems, and improve reliability.
  • To send account, security, product, or support messages. Marketing/product-update emails are optional.
  • To comply with legal obligations and enforce the Terms.

Sharing and service providers

Mellio does not sell your personal information. Mellio may use service providers for hosting, authentication, database/storage, email delivery, security, and operations. They process information only as needed to provide those services to Mellio.

Mellio may disclose information if required by law, to protect the service or users, or in connection with a business transfer such as a merger, acquisition, or reorganization.

Your choices

  • Keep work local by leaving cloud sync off.
  • Turn sync on or off in account settings.
  • Delete cloud backup from account settings where available.
  • Export your saved work before deleting local browser data or an account.
  • Unsubscribe from optional product emails.
  • Request access, correction, deletion, or export by contacting Mellio.

Retention and security

Mellio keeps account and synced library data for as long as needed to provide the service, unless you delete it or request deletion. Local-only data remains in your browser until you delete it, clear browser storage, or the browser removes it. Product-event records are kept on a shorter schedule and are deleted or aggregated after 90 days unless needed longer for security, debugging, or legal reasons.

Mellio uses reasonable technical and organizational safeguards, including HTTPS, authentication, access controls, and limited server-side processing. No system can guarantee perfect security, so do not place confidential or regulated data in Mellio unless your own policies allow it.

Children, sensitive data, and where information is processed

Mellio is intended for researchers and is not directed to children. Do not use Mellio to collect information from children or to process sensitive, regulated, or restricted data unless you have the necessary permissions and safeguards.

Mellio is operated from Canada. Service providers used for hosting, authentication, database/storage, email, security, and operations may process information in Canada, the United States, or other jurisdictions where they operate. If you use Mellio outside Canada, you are responsible for ensuring that your use complies with laws and institutional requirements that apply to you.

Changes and contact

Mellio may update this policy as the product changes. The effective date above will change when the policy is updated. Questions or requests can be sent to hello@mellioapp.com.