Your data should stay legible to you.

When you create a Mesh.me account, we collect the account data needed to operate the product, such as your email address, username, display name, and password hash. Phone number verification may be required for account security.

You may also provide optional profile information such as a bio, location, website, avatar, banner image, accent color, and interest tags.

When you connect third-party platform accounts (including GitHub, Discord, Spotify, X/Twitter, Twitch, YouTube, Instagram, Facebook, LinkedIn, Reddit, TikTok, Pinterest, Snapchat, Threads, SoundCloud, Patreon, and Dribbble), we store the platform name, your platform username, and encrypted OAuth tokens required to access that service on your behalf. We only access scopes you explicitly authorize through each provider's consent flow.

We also collect product usage and technical data for service operation, security, debugging, and analytics. That can include pages visited, features used, device type, browser, operating system, and IP address.

We use account and content data to operate Mesh.me, personalize the product, support connected-platform features, process MeshPro subscriptions through Stripe, and improve the service.

We also use data to detect abuse, prevent fraud, maintain security, satisfy legal obligations, enforce age verification requirements, and power the Mesh, Feed, MeChat, Communities, Analytics, and Meshi experiences.

Mesh.me does not use your data to sell ads, build third-party advertising profiles, or participate in data-broker style monetization. We will never sell your data to third parties. This is a permanent, foundational commitment.

We do not sell personal information. Public content you intentionally publish may be visible to other users and discoverable by search engines.

When you trigger cross-platform actions through Mesh.me, those actions are sent through your authorized connection to the source platform, and that platform's privacy rules also apply.

We share data only with essential service providers: Vercel (hosting), Stripe (payment processing), and transactional email providers. All providers operate under confidentiality agreements and data processing addendums. We share data with law enforcement only when required by valid legal process.

We retain information while your account is active and as needed to provide the service. If you delete your account, we will delete or anonymize personal data within 30 days, except where legal retention is required.

Connected platform tokens are deleted immediately when you disconnect an account. Users can request full data export or deletion through product settings. Backup and cached copies may persist for up to 90 days while normal purge cycles complete.

You can review or update profile information, visibility settings, connected accounts, message permissions, notifications, and data controls from product settings.

Depending on your jurisdiction, you may also have rights to access, correct, delete, restrict, or export your information, and to object to certain processing.

California and European privacy rights are supported through the same general user request channels. Mesh.me does not discriminate against users for exercising those rights.

Mesh.me applies industry-standard safeguards including bcrypt password hashing, encrypted OAuth token storage, HTTPS transport security, secure HTTP headers, CSRF protection, rate limiting, and input validation across all endpoints.

End-to-end encryption is applied to direct messages in MeChat. Connected platform tokens are encrypted at rest. All payment processing is handled by Stripe and never touches our servers directly.

No internet service can promise absolute security. If you have privacy questions or need to exercise your rights, contact privacy@mesh.me.