Privacy Policy

Last updated: June 15, 2026

Meshless ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our B2B 3D model processing and viewer platform (the "Service"). Please read this policy carefully.

1. Information We Collect

Information you provide

  • Account Information — name, email address, and authentication details. We utilize Clerk as our secure identity provider; we do not store raw passwords on our servers.
  • Billing Information — payment card details are processed entirely by our Merchant of Record (e.g., Paddle) and their underlying payment gateways. We do not process or store raw credit card numbers.
  • Uploaded Content — 3D model files (.glb, .stl) and associated project metadata you upload for rendering and hosting.
  • Communications — messages you send to our support team.

Information collected automatically

  • Telemetry & Viewer Analytics — pages visited, 3D viewer interactions (spins, hotspot clicks). We aggregate this data to provide you with dashboard analytics. We intentionally use privacy-safe aggregation and do not store raw, per-click event logs containing persistent personally identifiable information (PII).
  • Security Logs — IP addresses, browser types, and timestamp data strictly for fraud prevention, rate-limiting, and system security (Audit Logs).
  • Cookies — strictly necessary session identifiers handled by our authentication provider. See Section 6.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Meshless platform and 3D viewer infrastructure.
  • Process transactions, manage quotas, and send billing-related communications.
  • Provide per-tenant analytics regarding how your end-users interact with your embedded 3D models.
  • Prevent abuse, enforce API rate limits, and maintain the security of our platform.
  • Send critical product updates and system alerts.

We absolutely do not sell your personal information or your uploaded 3D assets to third parties.

3. How We Share Your Information

We share your information strictly with vetted service providers required to operate our infrastructure:

  • Identity & Access: Clerk (for secure user authentication and session management).
  • Infrastructure & CDN: Cloudflare (for edge routing, R2 storage of .glb and WebP assets, and Turnstile security).
  • Payments: Paddle or similar Merchants of Record (for global tax compliance and subscription billing).
  • Communications: Resend (for transactional emails like password resets and workspace invitations).

Note on Public CDN Assets: By design, the rendered WebP frames of your 3D models are hosted on a public edge CDN to ensure zero-latency viewing for your e-commerce customers. We utilize Content Security Policy (CSP) frame-ancestors to prevent unauthorized domains from embedding your viewer, but the underlying asset URLs are public by architectural necessity.

4. Data Retention

Data TypeRetention Period
Account & Workspace DataDuration of active account + 30 days after deletion request.
Uploaded 3D Models & FramesStored on Cloudflare R2 indefinitely while your project is marked as "Ready" or until you manually delete the project/account.
Aggregated AnalyticsRetained for historical dashboard reporting as per your subscription tier.
Security Audit LogsAutomatically pruned after 90 days.

5. Data Security

We implement enterprise-grade security measures, including:

  • Strict Role-Based Access Control (RBAC) and programmatic isolation of tenant data.
  • API Key authorization with privilege escalation guards.
  • Iframe Domain-Lock enforcement via CSP headers to protect your bandwidth.
  • TLS/HTTPS enforced for all data in transit.

Impersonation for Support: Meshless platform administrators may securely access your workspace ("impersonation") solely for troubleshooting and technical support. These actions are heavily restricted and explicitly recorded in your tenant's Audit Log for complete transparency.

6. Cookies & Tracking

We utilize cookies primarily for essential platform operations:

  • Strictly Necessary: Clerk authentication tokens, CSRF protection, and session persistence.
  • Analytics: We do not use third-party advertising or cross-site tracking cookies. Our viewer telemetry operates without tracking your end-users across the web.

7. Your Rights (GDPR & CCPA Compliance)

Depending on your jurisdiction, you retain full rights over your data:

  • Access & Portability: Request an export of your workspace data.
  • Correction: Update your organization or personal details via the dashboard.
  • Deletion: Request complete erasure of your account, API keys, and R2 storage assets.
  • Objection: Opt-out of non-essential communications.

To exercise these rights, please contact our support team at privacy@meshless.io.

8. International Transfers

Our primary infrastructure (including our API and database) operates on secure global cloud environments. By utilizing Meshless, your data may be transferred, stored, and processed across international borders via our compliant sub-processors (e.g., Cloudflare global edge network).

9. Contact Us

If you have questions regarding this Privacy Policy or our engineering security practices, please contact us at:

Meshless Email: privacy@meshless.io