Privacy Policy

What we collect

From you (the Customer): business name, email, billing details (if applicable), training data you upload.

From your customers (end users): messages they send via the channels you connect, plus the metadata each channel exposes (email address, phone number, page user ID).

Where it lives

All data is stored in UK-hosted Supabase (eu-west-2). AI inference runs on UK GPU hardware that we own and operate. No data is sent to OpenAI, Anthropic, Google, or any other external AI provider.

Tenant isolation

Each Customer business has its own workspace. Postgres row-level security enforces that no Customer can access another's data.

Training

We don't train our AI models on your customer conversations or your training data. Your data is yours.

Sub-processors

• Supabase — database hosting (UK)
• Resend — outbound email delivery (optional, Customer's own key supported)
• Stripe — payment processing (when paid plans launch)
• Cloudflare — DNS + CDN for our public site

Retention

Active accounts: conversations + training data retained indefinitely until you delete them. Cancelled accounts: 30-day export window, then permanent deletion.

Your rights (UK GDPR)

You can request access, correction, deletion, or export of any data we hold via hello@meshx.uk. We'll respond within 30 days.

Data protection contact: hello@meshx.uk