Privacy Policy

1. Who runs meisan

meisan is operated by Monty Cusins, a sole trader based in the United Kingdom (the "Operator"). The Operator is the data controller for personal data processed in connection with the Service and can be contacted at hello@meisan.ai.

This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) where it applies.

2. Data collected

The following categories of personal data are collected:

• Account data: email address, password hash (never the plain password), display name, date of birth (used solely to verify 18+ eligibility and not displayed publicly), country of access.
• Chat data: the conversations you create, including character descriptions, world settings, user-side notes, AI-generated replies, imported chat histories, and the per-chat memory the Service derives from them.
• Billing data:subscription tier, Stripe customer ID, last four digits of the payment card, billing country. Full card numbers are handled directly by Stripe and never reach meisan's servers.
• Usage data: credit consumption, model selections, request timestamps, request rate, error logs.
• Device and network data: IP address, browser type and version, operating system, time zone, country (derived from IP at the edge).
• Safety classifications: the binary results of automated content checks on character descriptions and user inputs (e.g. policy match vs. no match), retained for audit and abuse-prevention.

No special category data (race, religion, health, sexuality, biometrics, etc.) is solicited. If a user voluntarily includes such information inside a chat, it is processed as part of that chat under the same rules as ordinary chat data.

3. Why the data is processed

• To deliver the Service (contract — UK GDPR Art. 6(1)(b)): account creation, authentication, running chats, generating AI replies, maintaining per-chat memory, processing payments.
• To enforce safety policies and prevent abuse (legitimate interests — Art. 6(1)(f), and legal obligations — Art. 6(1)(c)): automated checks for CSAM, harmful real-person depictions, geographic sanctions, age-gate.
• To diagnose errors and protect Service integrity (legitimate interests): error logs, rate limiting, fraud detection.
• To send transactional emails (contract): account confirmation, billing receipts, support replies, security notices.
• To comply with applicable law (legal obligation), including responding to valid legal process and statutory reporting of illegal content.

Personal data is not sold, rented, or traded. Personal data is not used to train AI models.

4. Third-party processors

meisan relies on the following processors to operate. Each is bound by a data processing agreement and processes data only on instructions from the Operator:

• WorkOS (AuthKit) — authentication and session management. WorkOS independently stores your login email, password hash, and session metadata. You can request a copy or deletion of data held by WorkOS directly under their privacy policy; meisan does not store your password.
• Neon — PostgreSQL database hosting (EU region).
• Upstash — Redis cache for rate-limiting and session state.
• Cloudflare R2 — object storage for any uploaded files.
• Stripe — subscription billing and payment processing. Full card numbers, billing address and payment history are held by Stripe, not meisan. To obtain or delete that data, contact Stripe directly; meisan only stores the Stripe customer/subscription IDs needed to link your account to your subscription.
• Vercel — hosting and content delivery.
• OpenRouter — proxy access to large language models for chat generation. Provider chosen contractually not to train on inputs.
• xAI — direct access to Grok models for chat generation (where used in place of OpenRouter) and for memory-pipeline tasks.
• Google AI — direct access to Gemini models for chat generation (where the user selects a Gemini model).
• Groq — fast inference of small Llama models for memory consolidation, safety classification, and JSON repair.
• Resend — transactional email delivery.
• PostHog — anonymous product analytics (no plaintext chat content sent).

Where processors transfer data outside the UK / European Economic Area, the transfer is covered by Standard Contractual Clauses or an adequacy decision.

5. Retention

• Chat data is retained while your account is active and you have not deleted the chat. Deleted chats are removed from production storage within 30 days. Backups can persist up to 90 days before rotation.
• Account data is retained while the account exists. After account deletion, personal data is removed within 30 days, except where retention is required by law (e.g. billing records — 7 years under HMRC rules).
• Safety classification audit logs linked to confirmed policy violations are retained for 2 years to defend against repeat violations and to assist law enforcement requests.
• Error and usage logs are retained for 90 days.
• Lapsed-subscription data: if a paid subscription ends and is not renewed, chat data, memories and uploads are scheduled for deletion 30 days after that event. Warning emails are sent 7 days, 3 days and 1 day before deletion. Resubscribing before the deletion date cancels the wipe. The account record itself and billing records are retained.

6. Your rights

You have the following rights under UK GDPR:

• Access — request a copy of personal data held about you.
• Rectification — correct inaccurate data.
• Erasure — delete your data, subject to legal retention exceptions.
• Restriction — limit how data is processed.
• Portability — receive your data in a portable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent at any time where consent is the legal basis.
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

California residents have analogous rights under CCPA (right to know, delete, correct, non-discrimination). Equivalent rights exist for residents of the EU (GDPR), Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act) and other jurisdictions; meisan honours portability and erasure requests from any user regardless of location. Send requests to hello@meisan.ai; requests are honoured within 30 days.

In-app export. Settings → Data → Export your data downloads a JSON file containing: account profile (id, name, email, date of birth, ToS acceptance), every chat with its messages, consent log, and any active Stripe subscription link. Derived data (per-chat memory summaries, embeddings, usage telemetry) is omitted because it is regenerated from your messages and is not load-bearing for portability. Card details, password hashes and session metadata live with Stripe and WorkOS respectively — request those from the processor directly, or email hello@meisan.ai for help.

7. Security

Data in transit is protected by TLS. Data at rest in the database is encrypted by Neon. Passwords are stored only as salted hashes (never recoverable). Access to production data is restricted to the Operator and is audited. No online service is perfectly secure — please use a strong, unique password and enable any account protection options offered.

8. Children

meisan is for users 18 and older. Personal data of anyone under 18 is not knowingly collected. Accounts identified as belonging to a minor are terminated and the associated data deleted. If you believe a minor has provided personal data to meisan, contact hello@meisan.ai and it will be removed.

9. Cookies and similar tech

meisan uses only strictly necessary cookies: authentication session, CSRF token, and a small set of UI preferences (selected model, sidebar state). No advertising cookies are set. PostHog analytics use first-party cookies for session attribution and can be disabled via your browser settings or by requesting opt-out at hello@meisan.ai.

10. Changes to this policy

This policy can change as the Service evolves. Material changes will be announced by email or via an in-app notice at least 14 days before they take effect. Continued use of the Service after that date is treated as acceptance of the updated policy.

11. Contact

Privacy questions, complaints, or data requests: hello@meisan.ai.