Privacy Policy

Welcome to MeetaDev. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it.

By creating an account or using MeetaDev, you agree to the practices described in this policy. If you disagree, please discontinue use of the platform.

Account data — required to use the platform:

• Email address, first name, last name, username
• Password (stored as a bcrypt hash — never in plain text)
• OAuth data if you sign in via GitHub or Google (email, username, avatar)

Profile data — optional, provided by you:

• Avatar, banner image, bio, location, skills, profession
• Social links (GitHub, LinkedIn, Twitter, portfolio)
• Education and work experience (for developer profile)

Content & activity — created on the platform:

• Posts, blogs, comments, projects you publish
• Likes, follows, bookmarks, and other engagement
• Blog analytics: views and estimated read time

Automatically collected:

• IP address and User-Agent string (for security and geo-filtering)
• Last login and last seen timestamps
• Session tokens (JWT, stored client-side)

Cookies:

• Essential: auth token (JWT), session ID
• Functional: theme preference (dark/light)

We use your data to:

• Authenticate your account and keep it secure
• Provide core features — posts, blogs, projects, profiles
• Personalise your feed and surface relevant content
• Send verification emails, notifications, and important updates
• Prevent fraud, abuse, and security threats
• Generate anonymous platform analytics to improve the product
• Connect you with other developers in the community
• Comply with legal obligations under Kenyan law

We share data only in the following limited circumstances:

• With your consent — when you explicitly authorise it
• Public content — posts, blogs, and projects you mark as public are visible to everyone
• Service providers — Cloudinary (image storage), Brevo (email), operating strictly on our behalf under data processing agreements
• Legal requirements — court orders, subpoenas, or lawful requests from authorities

Third-party services we integrate with:

We apply multiple layers of protection to keep your data safe:

• Passwords hashed with bcrypt (10 salt rounds)
• All data in transit encrypted via TLS 1.3
• JWT authentication with short-lived access tokens and refresh token rotation
• Two-factor authentication (TOTP) available
• Rate limiting (100 req/min globally, 20 req/min on auth endpoints)
• Security headers via Helmet.js (XSS, CSRF, CSP)
• Parameterised queries on all database operations (no raw SQL)
• Encrypted daily database backups

Under the Kenya Data Protection Act, 2019, you have the following rights:

To exercise any of these rights, email privacy@meetadev.com with the subject line [DATA REQUEST]. We will respond within 30 days.

MeetaDev is not intended for users under 13 years old. Users aged 13–17 require parental or guardian consent before registering. If we discover a user is under 13, we will delete their account immediately.

Your data may be stored or processed on cloud servers outside Kenya (primarily through Cloudinary's global CDN). We ensure appropriate contractual safeguards are in place for any such transfers.

We comply with the Kenya Data Protection Act, 2019 and apply GDPR principles where applicable.

We may update this policy from time to time. When we do, we will:

• Send an email notification to your registered address
• Display an in-app banner announcing the change
• Update the "Effective" date at the top of this page

Continued use of MeetaDev after the effective date constitutes acceptance of the updated policy.