Mmeshbase

Legal

Privacy Policy

How we handle your personal data when you visit, contact us, or subscribe — the information required under Articles 13 and 14 of the GDPR (DSGVO).

Last updated: 1 June 2026

Data controller

The controller responsible for processing your personal data on this website is:

Dominik Sebald
Schellingstraße 109a
80798 München
Germany
Email: Show email

Scope of this notice

This notice explains what personal data we process when you browse this website, request a pilot or contact us, subscribe to product updates, or use the catalog assistant — and the rights you hold over that data. It covers this marketing website only; the Meshbase application, the SDK/CLI/MCP interfaces, and any third-party sites we link to are governed by their own terms and policies.

We collect no more than each interaction requires, we never sell personal data, and we use no advertising or cross-site tracking.

Visiting this site

The site is hosted by Vercel in EU regions. When you load a page, the host's servers process technical data your browser sends automatically. This is necessary to deliver the site and to keep it secure and available.

  • Data: IP address, date and time of the request, the page or file requested, referrer, and browser and operating-system identifiers.
  • Purpose: to serve the requested pages and to detect and defend against abuse.
  • Legal basis: our legitimate interest in a working, secure site (Art. 6(1)(f) GDPR).
  • Retention: held briefly in server and security logs by the host, then deleted or anonymized.

Measuring how the site is used

To understand how the site is used and to keep it fast, we use Vercel's privacy-friendly Web Analytics and Speed Insights. They count page views and measure real-world loading performance without cookies, without building a profile, and without following you across other sites. We also count a few deliberate actions — for example submitting the pilot form, signing up for updates, copying an endpoint URL, or sending a message to the catalog assistant — as anonymous, categorical totals. The result is aggregated statistics that cannot identify you.

  • Data: a page view with its referrer and coarse device, browser, and country; a count of the few actions above, each carrying only a coarse label such as the form intent or destination, never your name, email, or message text; and anonymous performance timings.
  • Purpose: to measure traffic and a few key actions in aggregate and monitor loading performance so we can improve the site.
  • Legal basis: our legitimate interest in understanding and improving the site (Art. 6(1)(f) GDPR).
  • Processor: Vercel, who also hosts the site.
  • Retention: kept only as aggregated statistics; no cookie is set and no individual visitor profile is built.

Requesting a pilot or contacting us

When you submit the pilot / demo request form or otherwise contact us, we process what you send so we can read and answer it. The submission is stored in our own database, hosted on managed PostgreSQL in the EU.

  • Data: your name and email address, and optionally your company, industry, the type of request, your message, and the marketing attribution (referrer and UTM parameters) carried with your visit.
  • Purpose: to respond to your request and, where relevant, to take the steps you have asked for, such as setting up a pilot.
  • Legal basis: steps prior to or under a contract where your request concerns one (Art. 6(1)(b) GDPR), otherwise our legitimate interest in answering enquiries (Art. 6(1)(f) GDPR).
  • Retention: kept as long as needed to handle your request and any follow-up, then deleted unless we must keep it longer by law.

Subscribing to product updates

If you sign up for product updates or the launch waitlist, we use your email address to send you those updates and nothing else. We process the address through Beehiiv, our newsletter platform, and also store the signup in our own database.

  • Data: your email address and the date you signed up.
  • Purpose: to send the product updates you asked for.
  • Legal basis: your consent (Art. 6(1)(a) GDPR), given when you submit the form.
  • Processor: Beehiiv, which sends each issue and stores the address as our audience list.
  • Retention: kept until you unsubscribe.

You can withdraw your consent at any time, with effect for the future, using the unsubscribe link in any message or by writing to us. Withdrawing does not affect messages sent before you did so.

Using the catalog assistant

Some catalog pages offer an optional AI assistant that answers questions about a data product. It is anonymous: we do not ask who you are, and your messages are not linked to an account. When you send a message, we forward your question and the recent conversation to a large language model through the Vercel AI Gateway in order to generate an answer.

  • Data: the message text you type and the recent messages in that conversation. Please do not enter personal data or confidential information into the assistant.
  • Purpose: to generate a grounded answer about the data product you are viewing.
  • Legal basis: our legitimate interest in offering an interactive way to explore the catalog (Art. 6(1)(f) GDPR).
  • Processor: Vercel, via its AI Gateway, which routes the request to the model provider under zero-data-retention and no-prompt-training terms, so your prompts are not used to train models.
  • Retention: messages are processed to produce the answer and are not stored as a conversation profile; only an anonymous count of assistant usage is recorded (see “Measuring how the site is used”).

Keeping forms and the assistant secure

To stop the forms and the catalog assistant from being abused, we apply short-lived, per-IP rate limits and bot detection. The rate-limit counters run through Upstash (or, where unavailable, an in-memory counter) and store only a counter against a hashed identifier for a brief window; bot detection is provided by Vercel BotID.

  • Data: your IP address (hashed for logging and counting) and a request counter.
  • Purpose: to prevent spam and automated abuse of the forms and the assistant.
  • Legal basis: our legitimate interest in protecting the site and its features (Art. 6(1)(f) GDPR).
  • Retention: the counter expires automatically within minutes to hours, depending on the limit.

Cookies and tracking

We set no cookies for analytics, advertising, or profiling, and we embed no advertising trackers or social plugins. Our traffic and performance analytics are cookieless (see “Measuring how the site is used”), so any storage your browser uses is strictly what is needed to deliver the page and to remember your theme preference, and no consent banner is required.

Who processes data for us

We work with a small set of providers who process personal data only on our instructions, under data-processing agreements as required by Art. 28 GDPR.

  • Vercel — hosting and delivery of the website, cookieless traffic and performance analytics, bot detection, and the AI Gateway behind the catalog assistant.
  • Beehiiv — sending product updates and storing the subscriber list.
  • Upstash — the rate-limit counters that protect the forms and the assistant.

Transfers outside the EEA

Some of these providers are based in, or process data in, the United States. Where data leaves the European Economic Area, the transfer is covered by appropriate safeguards under Art. 46 GDPR — the European Commission's Standard Contractual Clauses (SCCs), together with the provider's technical and organizational measures.

How long we keep data

We keep personal data only as long as the purpose it was collected for requires, or as long as the law obliges us to. When neither applies, we delete or anonymize it. The specific periods are noted in the sections above.

Your rights

Under the GDPR you have the following rights in respect of your personal data. To exercise any of them, write to Show email; we answer without undue delay.

  • Access — confirmation of whether we process your data, and a copy of it (Art. 15).
  • Rectification — correction of inaccurate or incomplete data (Art. 16).
  • Erasure — deletion of your data where the conditions are met (Art. 17).
  • Restriction — limiting how we use your data in defined cases (Art. 18).
  • Portability — your data in a portable format where processing rests on consent or contract (Art. 20).
  • Objection — objecting to processing based on legitimate interest (Art. 21).
  • Withdrawal — withdrawing any consent at any time, with effect for the future (Art. 7(3)).

You also have the right to lodge a complaint with a supervisory authority if you believe we process your data unlawfully.

Supervisory authority

The authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany

You may also contact the supervisory authority of the EU member state where you live or work.

Changes to this notice

We may revise this notice as the site or the law changes. The version published here, dated above, is the one that applies.