Privacy Policy

1. Introduction

Meiora ('we', 'us', 'our') operates the Meiora platform, including the website meiora.app, the web application at app.meiora.app, any browser extension, mobile application, or related integration (collectively, the 'Service'). This Privacy Policy explains how we collect, use, store, protect, and share your information.

Meiora is operated by Evgenii Chernov, an independent operator. For any privacy-related inquiry, contact privacy@meiora.app.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Who This Policy Applies To

The Service is intended for business users — primarily Amazon sellers and professional buyers sourcing from international suppliers. However, we process personal data in accordance with applicable data protection laws, including the GDPR where applicable.

3. Our Role

We act as the data controller for the personal data you provide directly to the Service. Third-party service providers, including AI providers, process data only on our behalf as data processors under appropriate contractual safeguards.

4. Information We Collect

4.1 Account Information

Email address; password (stored as a one-way cryptographic hash); account creation date and timestamps of activity.

4.2 Business Data You Provide

Supplier names, contact details, addresses, phone numbers, and identifiers; deal information, including product names, quantities, pricing, and status; messages, conversations, and translations you create or paste into the Service; contracts, invoices, and other documents you upload; promises, follow-ups, and notes; any other content you voluntarily submit.

4.3 AI Interaction Data

Your conversations with Mei (the AI assistant); prompts you submit and AI-generated responses; detected red flags, extracted promises, and analysis results.

4.4 Usage and Technical Data

Feature usage patterns and click events; IP address, browser type, operating system, device identifiers; access logs, error logs, and performance metrics; session duration and timestamps.

4.5 Payment Information

We do not store full payment card details. Payments are processed by our third-party payment provider (Lemon Squeezy), which collects payment information directly and acts as merchant of record. We receive only transaction confirmations and billing metadata.

5. How We Use Your Information

We use your information to: provide, operate, and maintain the Service; power AI features including message drafting, translation, red flag detection, contract analysis, and supplier memory; authenticate your account and prevent unauthorized access; communicate with you about your account, security, and service updates; improve the Service and its features, including AI functionality, using anonymized and aggregated data; debug issues and develop new features; comply with legal obligations and enforce our Terms of Service.

We do not use your identifiable business data to train third-party AI models.

5.1 Legal Basis for Processing (GDPR)

Where the GDPR applies, we process personal data on the following legal bases: performance of a contract (to provide the Service you have requested); legitimate interests (to improve, secure, and operate the Service, prevent fraud, and develop new features); legal obligations (where processing is required by applicable law); consent (where we specifically request your consent for a particular processing activity).

6. AI Training and Data Use

6.1 What We May Use to Improve Our AI Features

We may use anonymized and aggregated data from user interactions to improve AI features within the Service. This includes interaction patterns, language usage, and red flag detection patterns.

6.2 Anonymization

Before any data is used for AI improvement, we take reasonable steps to remove or obfuscate personally identifiable information, including user names, supplier names, factory names, phone numbers, email addresses, and specific addresses.

6.3 Data Isolation Between Users

We do not sell your personal or business data. We do not share your business data with other users of the Service, directly or indirectly through AI-generated recommendations.

6.4 No Competitive Use

We do not use your data to compete with you, contact your suppliers, or engage in any business activity outside providing the Service to you.

7. Data Storage and Security

7.1 Where We Store Data

Your data is stored on servers located in the European Union (Netherlands). File uploads and documents may be stored with our cloud storage provider in geographic locations they specify.

7.2 Security Measures

We implement industry-standard security measures including: encrypted connections (HTTPS/TLS) for all data transmission; cryptographic hashing of passwords; access controls and authentication; database isolation per user account; regular security updates.

7.3 No Absolute Security

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7.4 Sensitive Information

You should avoid submitting highly sensitive information such as passwords, personal identification numbers, government IDs, or unrelated confidential data not necessary for sourcing communication.

8. How We Share Your Information

We do not sell your personal data. We share your data with third parties only in the following limited circumstances:

8.1 Service Providers

We share data with third-party service providers necessary to operate the Service, including: hosting and infrastructure providers; payment processors; AI service providers (for processing AI requests); email delivery services; analytics and error tracking services. These providers are contractually obligated to protect your data and use it only to provide services to us.

8.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to comply with legal obligations.

8.3 Protection of Rights

We may disclose information to protect the rights, property, or safety of Meiora, our users, or others, including to prevent fraud or security threats.

8.4 Business Transfers

If Meiora is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change in ownership or control of your data.

9. Third-Party AI Providers

The Service uses third-party AI providers to process AI requests, including Anthropic (Claude) and potentially others. When you interact with Mei, your prompts and relevant context are sent to these providers for processing. We use secure third-party AI providers under contractual data processing agreements. We select AI providers that commit not to use customer data submitted via API for model training. These providers may process data outside your jurisdiction, including in countries outside the European Economic Area. We rely on contractual safeguards such as Standard Contractual Clauses provided by these vendors for international data transfers.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including countries outside the European Economic Area. Where required, we implement appropriate safeguards such as Standard Contractual Clauses for such transfers.

11. Data Retention

11.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service. We aim to minimize data retention wherever possible.

11.2 Account Deletion

You may request deletion of your account at any time by contacting privacy@meiora.app or using the in-app deletion feature when available. We will process deletion requests within 30 days. After deletion: personal account data and your business data will be removed from active systems; anonymized and aggregated data may be retained for analytics and AI improvement; backups containing your data will be retained for up to 90 days, then deleted; we may retain certain data longer if required by law (e.g., financial records for tax purposes).

11.3 Inactive Accounts

Accounts inactive for more than 24 months may be deleted after notice to the email address on file.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your data, subject to legal retention requirements
• Portability — request export of your data in a machine-readable format
• Objection — object to certain processing activities
• Withdrawal of consent — withdraw consent where processing is based on consent
• Complaint — lodge a complaint with your local data protection authority

To exercise these rights, contact privacy@meiora.app. We will respond within 30 days. We may require verification of your identity before processing requests.

13. Cookies and Local Storage

We use only essential cookies and local browser storage required for: authentication and session management; remembering your preferences; maintaining security. We do not use cookies for advertising or cross-site tracking purposes. Where required by law, we will request consent before setting non-essential cookies.

14. Children's Privacy

The Service is not directed at and is not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will delete it promptly.

15. Do Not Track

The Service does not respond to Do Not Track browser signals. We do not engage in cross-site tracking.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

17. Contact Us