MESH

Privacy Policy

Last updated: 2026-05-19

This page describes how the MESH self-hosted instance handles personal data. MESH is operated by the team running this deployment; for any question contact the operator directly.

What we collect

  • Account data: email address and password hash (via Supabase Auth), optional full name and avatar image.
  • Project data: project titles, descriptions, client and team member names you enter, deadlines, and the whiteboard content (shapes, images you upload).
  • Activity log: changes to projects, memberships, and invites are recorded with timestamps and actor identifiers for audit purposes.
  • Telemetry: anonymous Web Vitals (LCP, INP, CLS) sent to our internal logger to monitor performance. No third-party analytics, no advertising IDs.
  • Errors: unhandled JavaScript errors and stack traces are reported to our self-hosted GlitchTip instance (if enabled in deployment) for debugging.

What we do not collect

  • No tracking cookies for ads or marketing.
  • No location data, microphone, or camera access.
  • No third-party analytics (Google Analytics, Meta Pixel, etc.).

Where data is stored

All data lives in the operator-controlled infrastructure. The default deployment uses a self-hosted Supabase Postgres database; uploaded images are stored in self-hosted object storage. None of the data is sent to Supabase Cloud.

AI features are optional and, when enabled, send the relevant text or image to Anthropic (text summarization), Bria (image editing), or Google Gemini (people generation). See the respective providers' policies for their handling.

Your rights (GDPR)

  • Access: all your data is visible in the app — your projects, profile, activity. Export from the project page if needed.
  • Rectification: change your name, avatar, or any project metadata at any time.
  • Erasure:the "Delete account" button on Settings permanently deletes your profile and personal data. Activity log entries that mention you are anonymised (your identifier is removed from payloads).
  • Portability: projects can be exported as PNG/SVG from the board menu. Raw whiteboard data is in standard Yjs/tldraw format.

Retention

Activity events older than 180 days, AI usage counters older than 90 days, and revoked invites older than 30 days are automatically purged.

Contact

Questions or data-subject requests: contact the operator of this deployment.