Privacy Policy

This Privacy Policy explains how myhtml(“myhtml”, “we”, “us”) collects, uses, discloses, and protects personal information when you use myhtml.io, the sites we host at *.myhtml.site, and our API, CLI, and MCP server (together, the “Service”). myhtml is operated by Vertial Holdings Pty Ltd (ABN 72 629 494 926), based in New South Wales, Australia.

We handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and — where it applies to you — the GDPR/UK GDPR. By using the Service you agree to this Policy.

1. Information we collect

Information you give us

• Account — your email address (we use passwordless magic-link sign-in), and any name or details you add.
• Content you deploy — the HTML, assets, and files you upload, and the data your sites store through mh.db and mh.files.
• Payments — handled by Stripe. We receive billing metadata (plan, status, last-4, country) but never your full card number.
• Support & communications — messages you send us.

Information we collect automatically

• Usage & logs — IP address, request metadata, deploy and moderation events, and error logs, used to run, secure, and debug the Service.
• Analytics — we use a privacy-friendly, cookieless analytics tool (self-hosted Umami at analytics.vertial.com) that records aggregate page views and referrers without tracking you across sites or building an advertising profile.

2. How we use information

• To provide, maintain, and improve the Service and your sites.
• To keep the platform safe — moderation scanning of deploys, abuse detection, and rate limiting (see our Terms).
• To process payments and manage subscriptions and AI credits.
• To send service emails (sign-in links, security and account notices).
• To respond to support requests and enforce our Terms.
• To comply with legal obligations and respond to lawful requests.

Where the GDPR applies, our legal bases are: performance of our contract with you, your consent, our legitimate interests (security, improving the Service), and legal obligation.

3. Cookies

We use a small number of essential cookies to keep you signed in and secure your session. Our analytics is cookieless. We do not use third-party advertising or cross-site tracking cookies.

4. Who we share information with

We do notsell your personal information. We share it only with service providers (“sub-processors”) who help us run the Service, under contract and only as needed:

• Vercel — hosting of myhtml.io and our control-plane API.
• Railway — application database (Postgres) and Redis.
• Cloudflare — CDN, the edge that serves *.myhtml.site, and R2 object storage for your files.
• Stripe — payment processing.
• Resend — transactional email delivery.
• Anthropic — AI used for content moderation, and (when enabled) the mh.ai feature.
• Vertial / Umami — privacy-friendly analytics.

We may also disclose information where required by law, to protect our rights or users’ safety, or in connection with a business transfer.

5. International transfers

Our providers may process data outside Australia (including in the United States and the EU). When we transfer personal information overseas we take reasonable steps to ensure it is handled consistently with the APPs and, where relevant, use appropriate safeguards such as standard contractual clauses.

6. Data you collect through your sites

If your hosted site stores data about its visitors (via mh.db, mh.files, or visitor identity), you are responsible for that data and for telling your visitors how you use it. For that data, we act as your processor and handle it on your instructions. You must have a lawful basis and your own privacy notice where required.

7. Retention

We keep personal information only as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete a site it stops being served immediately and its stored content is purged shortly after; copies in backups expire on a rolling basis. Inactive free sites may be archived with notice.

8. Security

We use industry-standard measures including encryption in transit, scoped access tokens, per-site isolation, and rate limiting. No method of transmission or storage is perfectly secure, but we work to protect your information and will notify you and any regulator as required if a notifiable data breach occurs.

9. Your rights and choices

You can manage and delete your sites and API keys from your dashboard, and access, correct, export, or delete your personal information by contacting us (we're building self-serve account deletion and export). Depending on where you live you may also have rights to object to or restrict processing, or to withdraw consent. Australian users who are not satisfied with our response can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.

11. Changes

We may update this Policy from time to time. We will post the new version here and update the date above; material changes will be notified by email or in-app.

12. Contact

Questions or requests? Email hello@myhtml.io (attn: Privacy). You can also write to our operator at the address in our Terms.