Privacy Policy

Last updated: April 14, 2026

This policy explains what personal data Milton collects, why we collect it, and what we do with it. Milton is operated by Pierre Jacquel, an individual based at 78 avenue de Paris, 94800 Villejuif, France ("we", "us", "our"). We're the data controller for the personal data described below.

The short version: Milton is local-first, so the notes, references, PDFs and other content you create live on your device, not on our servers. The only personal data we hold is what we strictly need to run your account, take payments, and keep the product working.

1. What data we collect

Here's everything we touch, in plain English:

Account data

  • Your email address (so you can sign in and we can reach you).
  • An authentication token issued when you sign in (so we know it's you on the next request).
  • Optional profile fields you choose to add.

Billing data

  • Your subscription tier and status, the amount you paid, and the date.
  • We do not see or store your full card number — payment details are handled directly by our payment processor (Polar).

Product analytics

  • Anonymous or pseudonymous usage events (which features are opened, error reports, app version, OS) so we can fix bugs and prioritise what to build next.
  • We don't track the contents of your notes or references — just product interactions.
  • You can disable analytics from the Milton settings at any time.

Website data

  • Standard server logs (IP address, browser, page visited, timestamp) for security and debugging.
  • Limited analytics on visits to milton.so, used for the same product-improvement reasons.

Support emails

  • If you email us, we keep the message and your address so we can reply and find context later.

What we don't collect

Your notes, references, PDFs, tags, projects, collections and other Milton content stay on your device, in a local SQLite database. We don't see them and can't access them. If we ever add an opt-in sync feature, we'll update this policy and let you know before turning it on.

2. Why we use your data

  • To run your account — sign-in, password resets, plan management.
  • To take and manage payments, issue receipts, and handle refunds.
  • To support you when you contact us.
  • To improve Milton — fix bugs, understand which features are useful, and decide what to build next.
  • To keep things secure — detect abuse, prevent fraud, comply with the law.

3. Legal basis (GDPR)

If you're in the EU/UK, here's what we rely on under GDPR:

  • Contract — to provide you with Milton (account, billing, support).
  • Legitimate interests — to improve the product, keep it secure, and prevent abuse, in a way that doesn't override your rights.
  • Consent — for optional analytics, where you can opt in or out.
  • Legal obligation — for things like keeping invoices for tax purposes.

4. Who we share data with

We don't sell your data — ever. We share the minimum necessary with a small number of trusted sub-processors who help us run the service:

  • Supabase — authentication and account data.
  • Polar — payment processing and subscription management.
  • PostHog — product analytics.
  • Our hosting provider — to serve the website and any back-end services.
  • Email provider — for transactional and support emails.

Each of these has its own privacy policy and is bound by data-processing agreements with us. We may update this list as the product evolves; we'll keep this page current.

We may also disclose personal data if we're legally required to (court order, valid law-enforcement request, etc.).

5. International transfers

Some of our sub-processors are based outside the EU/EEA (for example in the United States). When personal data is transferred internationally, we rely on safeguards approved by the European Commission — typically Standard Contractual Clauses — to make sure your data stays protected.

6. How long we keep your data

  • Account data — for as long as your account is active. If you delete your account, we remove it within 30 days, except where law requires longer retention.
  • Billing records — kept for up to 10 years to comply with French tax and accounting law.
  • Analytics events — typically retained for up to 24 months in pseudonymous form, then deleted or aggregated.
  • Support emails — kept for up to 3 years so we can give you context if you write back.

7. Your rights

If you're in the EU/UK (and in many other places), you have the right to:

  • Access — get a copy of the personal data we hold about you.
  • Rectify — correct anything that's wrong or incomplete.
  • Erase — ask us to delete your data ("right to be forgotten").
  • Restrict or object to processing in certain cases.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent at any time, where we rely on consent.
  • Lodge a complaint with your local data-protection authority. In France, that's the CNIL.

To exercise any of these rights, email us at hello@milton.so. We'll respond within one month.

8. Cookies & similar technologies

The Milton website uses a small number of cookies and similar technologies — essential ones to make the site work (e.g. remembering your session), and optional ones for analytics. You can refuse non-essential cookies through your browser settings, and we'll add a clear cookie banner if and when we deploy any non-essential trackers.

The Milton desktop app stores its data locally on your device using standard OS storage (SQLite database, application support folder). It does not set cookies in the traditional web sense.

9. Data security

We take security seriously. We use encryption in transit (HTTPS) for all communication with our servers, encrypted storage on the back-end, and we limit access to personal data to the few people who actually need it. No system is 100% secure — but we do our best, and we'll tell you promptly if a breach affects you.

10. Children

Milton is not designed for children under 13. We don't knowingly collect data from anyone under 13, and if we discover we have, we'll delete it.

11. Changes to this policy

We may update this policy from time to time as the product evolves or the law changes. When we do, we'll update the "Last updated" date at the top of this page, and for material changes we'll notify you by email or in the app before they take effect.

12. Contact

Questions about your data, this policy, or anything privacy-related? Email us at hello@milton.so. A real human will answer.

Pierre Jacquel
78 avenue de Paris
94800 Villejuif
France

For researchers.

We believed that people who help us to understand the world and to build a better future deserve incredible tools.

Built with love from Paris.

Product

Resources

Others

Milton