Privacy Policy

1. Data Controller

MeshOptixIQ ("we", "us", or "our") is the data controller responsible for the personal data collected through this website and our customer portal. For all privacy-related matters, contact us at:

• Email: privacy@meshoptixiq.com

We are a read-only network reasoning platform. Our software processes technical network metadata (IP addresses, hostnames, topology data) which may, in certain contexts, constitute personal data (for example, workstation IP addresses associated with employees).

2. Data We Collect

We collect personal data in the following categories:

What we do NOT collect: We do not collect payment card details directly (handled by our payment processor). We do not collect network topology data, device configurations, or credentials from the networks our software operates on — the software runs locally in your environment.

3. Lawful Basis for Processing (GDPR/UK GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following lawful bases:

• Contract performance (Art. 6(1)(b)) — Processing your account data, license keys, and device fingerprints is necessary to provide the software and services you have purchased or registered for.
• Legitimate interests (Art. 6(1)(f)) — We process IP addresses and technical logs to detect abuse, prevent fraud, and maintain the security and integrity of our services. These interests are not overridden by your rights given the limited scope of data collected.
• Consent (Art. 6(1)(a)) — We rely on your freely given, specific consent for any optional analytics cookies. You may withdraw consent at any time via our cookie banner or by contacting privacy@meshoptixiq.com.

4. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Account and contact data: Retained while your account is active and for 90 days following account deletion or contract termination, to allow for dispute resolution.
• License audit logs: Retained for 12 months from the date of each log entry.
• Waitlist registrations: Retained until product launch or until you opt out, whichever comes first.
• Cookie consent records: Stored locally in your browser's localStorage and are not transmitted to our servers.

After retention periods expire, data is deleted or anonymized.

5. Third-Party Processors

We use the following sub-processors to deliver our services. All processors are contractually bound to handle data in accordance with applicable privacy laws:

• Amazon Web Services (AWS) — Cloud infrastructure provider. Services used include Lambda, DynamoDB, API Gateway, Simple Email Service (SES), and Amazon Cognito (user authentication). Data is processed in AWS US West 2 (Oregon, United States). AWS is certified under ISO 27001 and SOC 2. See AWS Privacy Notice.
• unpkg CDN — Used to deliver the amazon-cognito-identity-js JavaScript library to your browser. This is a static file delivery service; no personal data from our users is retained by unpkg.

6. International Data Transfers

Our services are hosted on AWS infrastructure in the United States (US West 2 — Oregon). If you access our services from the European Economic Area, United Kingdom, or Australia, your personal data will be transferred to and processed in the United States.

We ensure adequate safeguards are in place for such transfers:

• EU/UK Standard Contractual Clauses (SCCs): AWS has executed SCCs with its customers as required under GDPR and UK GDPR for international data transfers.
• EU-U.S. Data Privacy Framework: AWS participates in the EU-U.S. Data Privacy Framework (DPF), UK Extension to the DPF, and the Swiss-U.S. DPF.
• Australia: Transfers to the US are made on the basis of contractual protections consistent with Australian Privacy Principle 8.

7. Your Privacy Rights

European Economic Area & United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the right to:

• Access — Request a copy of the personal data we hold about you (Art. 15)
• Rectification — Request correction of inaccurate personal data (Art. 16)
• Erasure — Request deletion of your personal data, subject to legal retention obligations (Art. 17)
• Restriction — Request that we restrict processing of your data in certain circumstances (Art. 18)
• Portability — Receive your data in a structured, machine-readable format (Art. 20)
• Object — Object to processing based on legitimate interests (Art. 21)
• Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior lawful processing
• Lodge a complaint — You have the right to complain to your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). EU residents should contact their national DPA.

Australia (Privacy Act 1988 / Australian Privacy Principles)

We comply with the Australian Privacy Principles (APPs). You may request access to or correction of your personal information held by us. If you believe we have not handled your personal information in accordance with the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Canada (PIPEDA)

We adhere to the 10 fair information principles of PIPEDA, including accountability, consent, and limiting collection to what is necessary. You may access or correct your personal information and direct complaints to the Office of the Privacy Commissioner of Canada (OPC).

California (CCPA/CPRA)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Request deletion of personal information we have collected about you
• Opt out of the sale or sharing of personal information
• Non-discrimination for exercising any of these rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

8. Do Not Sell or Share My Personal Information

We do not sell, rent, or share personal information with third parties for advertising or any commercial purpose. We have never done so and have no plans to do so.

Although we do not sell personal data, California residents may submit a formal opt-out request or request additional information about our data practices by contacting: privacy@meshoptixiq.com

We will respond to verified requests within 45 days as required by CCPA/CPRA.

9. Cookies & Tracking

We use the following types of browser storage:

• Strictly necessary (localStorage/sessionStorage): Authentication tokens and session data required to keep you logged in to the customer portal. These are not optional and do not require consent.
• Preference storage (localStorage): Your theme preference (light/dark) and cookie consent choice, stored locally in your browser only.
• Optional analytics cookies: We may use analytics in future. When we do, we will request your consent via our cookie banner before activating them.

When you visit our marketing site for the first time, a cookie consent banner will appear. You may Accept or Decline optional cookies. Declining does not affect site functionality. You can change your preference by clearing your browser's localStorage or by contacting privacy@meshoptixiq.com.

10. How to Exercise Your Rights

To make a request regarding your personal data, please contact us at:

• Email: privacy@meshoptixiq.com

We will respond within 30 days of receiving your request (or 45 days for CCPA requests). We may ask you to verify your identity before fulfilling your request. There is no charge for making a request, unless requests are excessive or repetitive.

11. Contact Us

For any questions about this privacy policy or our data practices:

• Privacy email: privacy@meshoptixiq.com
• General contact: hello@meshoptixiq.com

If you are not satisfied with our response, you have the right to complain to the relevant supervisory authority in your jurisdiction:

• UK: Information Commissioner's Office (ICO)
• EU: Your national Data Protection Authority (DPA)
• Australia: Office of the Australian Information Commissioner (OAIC)
• Canada: Office of the Privacy Commissioner of Canada (OPC)