Privacy Policy
This Privacy Policy explains what data MeshAnalyzer ("we", "us") collects when you use our website and Service, how we use it, and the rights you have over it. We aim to collect the bare minimum needed to operate the Service.
Contents
1. What we collect
Account data
When you create a MeshAnalyzer account, we store your email address, display name, hashed password, account creation date, last login time, and subscription tier.
Files you upload
Files (STL / OBJ / GLB / PLY / DAE) that you open for inspection in the viewer are processed entirely in your browser — they are not uploaded to our servers. Files are only sent to our servers when you explicitly click Save to Cloud or Generate Share Link (Pro features).
Usage data
We log anonymous, aggregated usage metrics — for example, how many people visit each page, which buttons are clicked, browser type, and country. We use privacy-respecting analytics (Plausible) which does not use cookies and does not track individuals across sites.
Visitor log (free trial)
To enforce the 2-day free trial, we store a browser-generated fingerprint and the first-seen timestamp in our database. No personal information is collected — only when this device first opened the app.
Payment data
If you upgrade to Pro, payment is handled by PayPal. We do not see or store your credit-card number, CVC, or expiry date. We only store your PayPal subscription ID so we can verify your Pro status.
Feedback
When you submit feedback through the in-app form, we store your rating, comments, and (optionally) your account info, along with the IP address and user-agent at the time of submission.
2. How we use it
- To operate, maintain, and improve the Service.
- To authenticate you and protect your account.
- To process payments and manage your subscription.
- To enforce the free-trial limits.
- To respond to support requests.
- To detect, prevent, and address fraud, abuse, and technical issues.
- To send transactional emails (billing, security alerts). We do not send marketing emails without your consent.
3. Who we share it with
We only share data with the following processors, all bound by data-protection agreements:
| Processor | Purpose | Data shared |
|---|---|---|
| PayPal | Payment processing | Email, name, subscription ID |
| Hostinger (or equivalent hosting) | App & database hosting | All data above |
| Plausible Analytics | Anonymous traffic analytics | Anonymous page-view events (no cookies) |
| Sentry (optional) | Error logging | Browser error stack traces (no PII captured) |
We do not sell, rent, or trade your personal data to advertisers or data brokers. Ever.
4. Cookies & tracking
We use a small number of cookies:
- Essential: a session token kept in
localStorageso you stay signed in. This is not a tracking cookie and is required for the Service to function. - Preferences: non-essential local storage entries that remember your panel layout, last-used colors, and onboarding status.
- Trial fingerprint: a browser-derived ID used only to enforce the 2-day free trial. Cleared automatically on logout.
We do not use third-party advertising cookies or cross-site trackers. Our analytics (Plausible) is cookieless.
5. Retention
- Account data: kept while your account is active. Deleted within 30 days of account deletion.
- Cloud files: kept until you delete them or your account is deleted.
- Visitor log: retained for 90 days, then auto-purged.
- Billing records: retained for 7 years to comply with tax / financial regulations.
- Server logs: 30 days for security monitoring.
6. Your rights (GDPR & CCPA)
If you are in the EU, UK, or California, you have the following rights regarding your personal data:
- Access — request a copy of your data.
- Rectification — correct inaccurate data.
- Erasure — request deletion (the "right to be forgotten").
- Portability — export your data in a machine-readable format.
- Restriction / objection — limit how we process your data.
- Withdraw consent — at any time, where processing is based on consent.
- Lodge a complaint — with your local data-protection authority.
7. Security
We protect your data with industry-standard measures: HTTPS everywhere, bcrypt password hashing, prepared SQL statements to prevent injection, rate limiting on authentication endpoints, and encrypted storage for cloud-saved files. No system is perfectly secure — if you suspect unauthorized access, contact us immediately.
8. Children
The Service is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal data from minors. If we learn that we have, we will delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in-app and via email at least 14 days before they take effect.
10. Contact
Questions about this policy? Email support@meshanalyzer.app.