Meshy.AI Privacy Policy
Date of Last Revision: August 1, 2023.
Welcome to Meshy, which is designated and operated by Meshy LLC. (including its subsidiaries, affiliates, agents, and service providers, collectively, “we,” “us,” “our” or “Meshy” ). Meshy provides users and visitors (“you” and “your”) with services of creating 3D content using generative AI technology, including but not limited to AI-powered 3D modeling, texturing, and animation. (“Services”).
This Privacy Policy (the “Policy”) describes and governs how we collect, use, share and protect (collectively, “process”) personal information collected in the context of our Services. Before you use or submit any information through or in connection with the Services, please carefully review this Policy. By using any part of the Services, you consent to the collection, use, and disclosure of your information as outlined in this Policy. To the extent allowed by law, the English version of this Policy is binding and other translations are for convenience only.
If you are in the European Economic Area, the United Kingdom or Switzerland (“Europe”):
- for the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”), the data controller is Meshy and can be reached at the address set out in Section “How to Contact Us” below; and
- you will not need to consent to this Privacy Policy, but you do acknowledge you have read and understood its terms.
If you are a resident of California, the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 provides you with additional rights.
If you are a resident of Austria, the Treasury Laws Amendment (Consumer Data Right) Bill and Consumer Data Right rules might provide you with additional rights.
This policy applies to the processing of your personal information on the premise that it does not conflict with the laws and regulations applicable to you. The Policy will provide the following information to you:
- Definitions
- What Information We Collect
- How We Use Your Information Collected
- How We Disclose Your Information Collected
- How We Handle Children’s Personal Information
- Security
- Do-Not-Track Signals
- How Your Information Will be Stored and Transferred
- Your Rights
- Supplemental Terms and Conditions for Certain Regions
- Other Terms
- How the Policy Will be Updated
- How to Contact Us
1. Definitions
In this Policy, unless the context otherwise requires, the following definitions shall apply:
We, Us or Our in this Policy refers to Meshy and its subsidiaries, affiliates, agents, and service providers.
Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of personal information. For the purpose of the GDPR, Meshy is the Data Controller.
Personal Information (or personal data) is any information that relates to an identified or identifiable individual.
For the purposes for GDPR, Personal Information means any information relating to you such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
For the purposes of the CPRA, Personal Information means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
Website refers to Meshy, accessible from https://www.meshy.ai/.
Sell refers to any disclosures of personal information by a business to another business or third party for money or other valuable consideration.
Service refers to creating 3D content using generative AI technology, including but not limited to AI-powered 3D modeling, texturing, and animation.
Service Provider means any natural or legal person who processes the data on behalf of us. It refers to third-party companies or individuals employed by us to facilitate the Service, to provide the Service on behalf of us, to perform services related to the Service or to assist us in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Under GDPR (General Data Protection Regulation), you can be referred to as the Data Subject or as the User as you are the individual using the Service.
2. What Information We Collect
As further described below, when you use or otherwise access the Services, we collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from your browser or device (e.g., by logging how you interact with our Services).
2.1. Information That You Provide Directly to Us
A. Registration Information
When you register for our Services or open an account, depending on the registration channel you choose, we may collect your email address, your user name and verification code, for purposes of multi-factor authentication and to provide you with important messages) and any information you choose to provide us (such as a profile picture, your company title).
If you are in Europe, we process the information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR).
B. Purchase Information
When you purchase paid services (e.g. member subscription to our Services) through the Website, we may collect: (i) the personal information related to your order, such as order number, time when you place your order and the service you choose to purchase; (ii) your financial information, such as credit card information by our payment Service Provider on our behalf. If you are in Europe, we process the information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR).
C. Content you Provide through our Services
We collect and securely store content that you post, send, receive and share through our products as part of the Services, such as text or image prompts you input into the Services, or public chats you maintain on the Service. This content includes any personal information about you that you may choose to include, including but not limited to the 3D models and related texture images you create through our Services. Such content also includes the files and links you upload to the Services. For any Personal Information that you choose to include in the content, you acknowledge and agree that you are authorized by relevant data subject and have notify them their personal information might be publicly displayed on our Services.
D. Communications to Us
You may contact us via email or by other means (for example, with questions about our Services, for customer support, or to let us know your ideas for new products or modifications to existing products). You may also choose to respond to surveys that we send out, or queries about contents generated by you. When you do so, we collect the information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message. To keep your personal information safe, we kindly request that you avoid sending any financial or sensitive data through our chat services or other channels, unless we specifically ask for it to provide you with our services. If you do choose to share this information with us directly, please know that we will process it with care and in accordance with our Service Providers.
E. Third-Party Communications
If you use any feature of the Services that allows you to communicate with third parties (such as to refer a third party to the Services or to communicate with them regarding our Services), either by submitting data about the third party (“Third-Party Data”) to the Services or otherwise permitting the Services to automatically access Third-Party Data in your possession, you acknowledge and agree that you have the authority of the relevant third party for us to access and use the relevant Third-Party Data and that you have notified these third parties and informed them how their information is collected and used by Meshy to provide the Services. We reserve the right to identify you as the person who has made the referral in any messages that are sent to them. We use Third-Party Data to (a) contact such third party using the Third-Party Data provided, and/or (b) provide you with an editable template message designed to facilitate communications between you and such third party through the Services. In addition to sending the foregoing communications, we may also send reminders or related messages to you and to third parties on your behalf from time to time where permitted by applicable law. In each case, any such communication sent to third parties using Third-Party Data will provide a means to “opt out” of receiving further communication of the same nature.
2.2. Information That is Passively or Automatically Collected
A. Usage Information
When you interact with us through the Services, we automatically receive and store certain information from devices that you use to access the Services, such as your IP address, setting of your browser, your device information, clicking records, crash data, session IDs, geolocation information, etc. This information is collected passively by using various technologies, and includes the type of Internet browser or mobile device you use, any website from which you have come to the Services, your operating system, and location data through an IP address that identifies the city and state where you logged into Meshy. We collect aforementioned personal information for ensuring security and stability of the provision of our Services.
If you are in Europe, we process the information on the basis of our legitimate interests to enable our business and where our interests are not overridden by your data protection rights (Art. 6 para. 1 subpara. 1 f) GDPR).
B. Cookies and Other Electronic Technologies
We collect some types of information with a variety of commonly-used technologies. These generally include tracking pixels, JavaScript, and a variety of "locally stored data" technologies, such as cookies and local storage. Depending on which technology we use, locally stored data may include text, personal data (like your IP address), and information about your use of Meshy.
3. How We Use Your Information Collected
We use the information collected from the Services in a manner that is consistent with this Policy. We use the information that you provide (or otherwise permit the Services to access) for the following purposes:
3.1. Provision of Services
We use the information we collect to operate, maintain, and provide you with the Services and operate Meshy in accordance with this Policy and the Terms & Conditions of our Services. We may also use the information to restrict attempts to use the Services from restricted territory and attempts to use the Services in breach of the applicable Terms & Conditions.
3.2. Marketing and Promotion
When you choose to participate in our promoting activities or subscribe for marketing communications, we may collect your contact information such as e-mail address or other electronic addresses that you voluntarily provide to us. You can opt out from receiving such marketing messages at any time by unsubscribing or following the instructions contained within such messages when you no longer wish to receive these marketing messages.
3.3. Analytics and Improvement of Our Services and Platform
We use the information to manage, develop, improve and maintain any Service (including responding and dealing with enquiries, providing maintenance and support and preparing for data backup). We use the information we collect to analyse data usage trends and preferences in order to improve the accuracy, effectiveness, security, usability or popularity of our Services.
4. How We Disclose Your Information Collected
There are certain circumstances in which we share information collected through the Services with certain third parties without further notice to you, as set forth below. Specifically, we are not in the business of selling information about you to advertisers or other third parties.
4.1. Third-party service providers who process your data on our behalf
This includes:
A. Security Service Providers
We may share (subject to the applicable laws) your clicking records, crash data, session IDs and device information with such providers to improve our service and protect the security of our services.
B. Advertising Service Providers
We may share in compliance with applicable laws profile information, session IDs, device information and geolocation information with them to send you advertisement and improve the accuracy and effectiveness of the advertisement.
C. Other Third-party Service Providers
As hosting providers, and providers of IT services, and other similar services requested by us to provide the Website and other business-related services to you. Any data processing on our behalf complies with the applicable laws.
4.2. Government Authorities/ Law Enforcement Officials
Personal data may be also shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
4.3. Potential Buyers and Advisers
In the event of a corporate sale, merger, reorganization, dissolution, similar event, or steps taken in anticipation of such events (e.g., due diligence in a transaction), your personal data may (subject to the applicable laws) be shared with our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
4.4. Third Parties that Partner with Us or Offer Services You Choose to Link
We share personal information with third parties that partner with us on various initiatives. When we share personal information with third parties, we require those third parties to handle the information in accordance with relevant laws. When you link to or interact directly with third-party companies, their use of your personal information and your use of their features are governed by the privacy notices of those companies. We encourage you to carefully read their privacy notices.
4.5. Your Consent
We may share your information for other purposes if (i) you direct us to do so or (ii) you consent to such sharing.
4.6. Aggregated Data
We aggregate, anonymize and/or de-identify information collected actively or passively about you so that the information no longer relates to you individually. We then use that data for various lawful purposes, including but not limited to our research on our customer interests and behaviour. We also share this information with our affiliates, agents, business partners, research facilities or other third parties (e.g., Google Analytics).
4.7. Other Users of Our Services
We provide your information to other users of our Services if you choose to make your information publicly available in a publicly accessible area of the Services, such as in your published contents or in the comments.
5. How We Handle Children’s Personal Information
Our websites are NOT directed to children (refers to children under age of 13, or 16 for children located in Europe) and we do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will promptly delete such personal data from our systems. Children may not submit any personal data to us without permission from their parents or guardians. If you have reason to believe that a child has provided personal information to us through the Services, please contact us at team@meshy.ai, and we will delete that information from our databases to the extent required by law.
6. Security
We are committed to keeping your personal data safe and strive to maintain the highest standards of security. For this purpose, we have put in place robust technical and organizational measures utilizing current state-of-the-art technologies to ensure that your personal data is adequately protected against loss, misuse, unauthorized access, disclosure, alteration, and destruction. For the transfer of particularly sensitive personal data via the Internet, we exclusively use encrypted transmission routes.
Unfortunately, no transmission of data via the Internet is completely secure. So, while we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access. This includes but is not limited to the following measures:
- We employ a team of dedicated information security professionals and have established an information security system.
- We have further taken security protection measures for data collection, storage, display, processing, use, deletion, destruction and other aspects and use access control as well as encryption technologies.
- For the employees who may have access to your information, we sign confidentiality agreements with them and have established approval mechanisms for information access, internal or external transmission, and decryption. We also conduct regular training related to personal data protection to strengthen our employees’ awareness of privacy protection.
- As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to compliance with our data privacy regulations.
7. Do-Not-Track Signals
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
8. How Your Information Will be Stored and Transferred
We retain your information for as long as we deem necessary for the purpose for which that information was collected and for our legitimate business operations; provided, however, that your information is only retained to the extent permitted or required by applicable laws. When we no longer need to retain your information, we will take reasonable steps to remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it in accordance with our internal document retention policies.
When determining the retention period for your information, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the Services we provide to you if we delete some information about you, mandatory retention periods provided by law and the statute of limitations.
Since All information processed by us may be transferred, processed, and stored anywhere in the world, which may have data protection laws that are different from the laws where you live. We endeavour to safeguard your information consistently with the requirements of applicable laws. If you are in EEA, please refer to “Supplemental Terms and Conditions for Certain Regions” to learn more about the cross-border data transfer terms that apply to you.
9. Your Rights
You have certain rights regarding your personal data, subject to the applicable law. These include the following rights to:
- Access your Personal Data: You have the right to ask us to confirm whether we are processing your personal data, and, where that is the case, access to the personal data and receive information on how your data is processed as well as ask us to provide a copy of your personal data.
- Rectify Your Personal Data: This enables you to have any incorrect, incomplete or inaccurate data we hold about you corrected.
- Erase Your Personal Data: This enables you to ask us to delete your personal data when, for example, the data we hold on you is no longer needed or when your data has been processed unlawfully.
- Object to Processing: You have the right to object to the processing of your personal data and request us to cease processing of it if, for example, this data is being processed for the purpose of direct marketing or where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restrict the Processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the personal data; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you require us to hold the data even if we no longer need it as you require it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Receive your Personal Data in a Usable Electronic Format and Transmit it to a Third Party (Right to Data Portability): If we are processing your personal data on the basis of your consent or a contract, you can ask to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller without any hindrance from us.
- Withdraw Consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we will not process that personal data further but may not be able to continue providing certain products or services to you for which the personal data was sought. We will advise you if this is the case at the time you withdraw your consent.
- Request not to be Subject to a Decision Based Solely on Automated Processing, including profiling, which produces legal effect concerning you or similarly significantly affects you.
- Lodge a Complaint with Your Local Data Protection Authority: You have the right to submit your request and complain at any time to your local supervisory authority in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data (such as where tax authorities require us to retain it) or where it is needed for the proper performance of a contract. In some instances, this may mean that we are able to retain data even if you withdraw your consent. If you wish to exercise any of the rights set out above, please contact us at the details in Section “How to Contact Us” below. You may also update your personal information as provided in your profile of the setting on the Website.
10. Supplemental Terms and Conditions for Certain Regions
10.1 Privacy Information for California Residents
10.1.1 Categories of Information Collected and Disclosed
If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), and we want to provide you with the following additional information about the purpose for which we use each category of personal information we collect (as defined by CCPA), the categories of third parties to which we disclose personal information for a business purpose or for cross-context behavioral advertising, which includes our use of third-party analytics services and online advertising services. These are described in detail in our Cookie Policy and may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information).
Specifically, your contact information (such as email) or Internet network and device information (such as cookie data and IP address) may be disclosed to online advertising and analytics partners.
For more information about each category of personal information, purpose of use, and third parties to which we disclose personal information, please see the “What Information We Collect”, “How We Use Your Information Collected” and “How We Disclose Your Information Collected” in this Policy.
10.1.2 Your Choices Regarding Online Advertising and Related Activities
You have the right to opt out of the disclosure of your personal information for purposes of online advertising and related activities and can do so by changing your Cookie setting.
10.1.3 Other CPRA Rights
We do not offer any financial incentives in exchange for your personal information.
The CPRA also allows you to limit the use or disclosure of your sensitive personal information (as defined in the CPRA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CPRA.
Please see the “Your Rights” section of this Policy above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
10.1.4 Retention of Your Personal Information
Please see information under “How Your Information Will be Stored” of this Policy.
10.1.5 California “Shine the Light” Disclosure
The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.
10.2 Privacy Information for Residents in Europe
10.2.1 Legal basis for processing
If you are in Europe, we process the personal information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR),
10.2.2 How Your Information Will be Transferred Globally
For users located in the European Economic Area, we may transfer personal data to our affiliates, suppliers, law enforcement agencies or other organizations, including the organizations that are located outside Europe for the purposes described in the Policy.
The laws of some jurisdictions outside Europe may not be as protective as data protection laws in Europe. If your personal data is transferred to a country that is not subject to an adequacy decision by the EU Commission, we will ensure that, for such jurisdictions, appropriate safeguards (e.g., EU standard contractual clauses, or a third party’s Binding Corporate Rules) are implemented to ensure an adequate level of protection of your personal data.
10.3 Privacy Information for Residents in PRC
10.3.1 How Your Information Will be Stored
As a company operates around the globe, your personal information would be stored overseas in US. You could find the details of your personal information’s recipient at the table below:
- Recipients: Meshy LLC
- Type of Personal Information: Email address, user name, verification code, and financial information (for paid users)
- Purpose of Disclosure: Multi-factor authentication and providing important messages
- Contact Information: team@meshy.ai
- Country and/or Region: U.S.
10.3.2 How Your Information Will be Transferred Globally
For users located in the PRC, we may transfer personal information to our affiliates, suppliers, law enforcement agencies or other organizations, for the purposes described in “How We Use Your Information Collected” of the Policy. Please note that your personal information might be further shared with other service suppliers, including marketing, advertising, security services, etc., as specified in the “How We Disclose Your Information Collected” of the Policy.
We would only transfer your personal information in accordance with the applicable laws and regulations and will take necessary organizational and technical measures to protect your personal data. For more information, or if you wish to exercise your right as data subject, please email at team@meshy.ai.
10.3.3 Your Rights
For users located in the PRC, apart from “Your Rights” section of this Policy, you are also entitled to deregister your account, and the right to ask us to explain how your personal information is processed. To exercise such rights, please contact us at the details in Section “How to Contact Us” below. We will respond to your data subject request within 15 business days.
11. Other Terms
11.1. Each marketing communication we send you will contain instructions permitting you to “opt out” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please click the “unsubscribe” button in each email you receive. If you opt out of receiving marketing communications or other information, we think may interest you, we can still send you emails about your account or any Services you have requested or received from us.
You can make a request to exercise any of these rights in relation to your information by sending the request to us at the email address or mailing address set forth in Section “How to Contact Us”. For your own privacy and security, at our discretion, we may require you to provide your identity before providing the requested information. Please note that we may take up to 30 days to fulfil such requests.
The above rights can be limited under applicable law. You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. You also have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.
11.2. Your access to and use of the Services is subject to Meshy’s Terms & Conditions and such other terms, which may be made available to you in connection with your use of the Services.
12. How the Policy Will be Updated
We reserve the right to update or modify this Policy at any time and from time to time. In the event we do so, we will update the date at the top of its first page accordingly and encourage you to check for changes that we have made. Where changes to the Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will actively advise you of such changes and will give you sufficient advance notice by notifying you by email or by a pop-up banner on our Website as required by applicable law so that you have the opportunity to exercise your rights. If you disagree with our revisions to the Policy, you can deactivate your account or discontinue the use of our Services. Please review this Policy periodically for any updates or changes to this Policy. If you are in Europe, you will not be required to agree to any changes to this Policy, but you do acknowledge that you have read and understood its terms.
13. How to Contact Us
If you have any questions about this Policy or the information practices of the Services, please feel free to contact us at the following email address: team@meshy.ai.