Meishi← Back

Privacy Policy

Last updated: March 14, 2026

1. Overview

Meishi ("we", "us", "our") operates meishi-ai.com (the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights. By using the Service you agree to this policy. If you do not agree, do not use the Service.

2. Data We Collect

  • Account data: email address and name, collected via Clerk authentication.
  • Context data: all text you enter into your context fields. This data is encrypted at rest with AES-256 before being stored in our database.
  • Usage data: API access logs, audit logs, IP address hashes (not full IPs), and timestamps associated with read/write operations.
  • API keys: we store only a bcrypt hash of each key. The plaintext key is shown once and never stored.

3. How We Use Your Data

  • To provide, operate, and maintain the Service.
  • To authenticate you and secure your account.
  • To generate audit logs for your own review.
  • To respond to support requests submitted via our contact form.

We do not sell your data. We do not use your context data to train AI models. We do not share your data with third parties except as required to operate the Service (e.g., database hosting, authentication provider).

4. Data Security

Context data is encrypted using AES-256 with a unique data encryption key per user. That key is itself encrypted by a master key stored in a separate secrets management system and never written to the database. We implement industry-standard security practices. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security and accept no liability for security breaches beyond our reasonable control.

5. Third-Party Services

We use the following third-party services to operate Meishi:

  • Clerk — authentication and user management.
  • Neon / PostgreSQL — encrypted database storage.
  • Vercel — hosting and deployment.
  • Resend — transactional email for contact form submissions.

Each third-party service has its own privacy policy. We are not responsible for their data practices.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at revivo87@gmail.com. Audit logs may be retained for up to 90 days after account deletion for security and compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at revivo87@gmail.com. We will respond within 30 days.

8. Cookies

We use only strictly necessary cookies for authentication session management (via Clerk). We do not use tracking cookies or analytics cookies.

9. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy at any time. Continued use of the Service after changes constitutes acceptance of the updated policy. We will update the "Last updated" date at the top of this page.

11. Contact

Questions about this policy?