Privacy policy

MeshX Software Ltd is the controller of personal data collected through meshx.uk and related software services: MeshX Create, MeshX Shop Manager, and MeshX Print Network (together, the “MeshX POD” or “services”).

• General: hello@meshx.uk
• Privacy: privacy@meshx.uk
• Security: security@meshx.uk

This policy describes how we collect, use, store, and share personal data when you visit our website or use our services, and your rights under UK GDPR / GDPR where applicable. For how we protect data technically, see our Security overview. For vendors that process data on our behalf, see our Subprocessor list.

• Account and profile: name, email, company name, authentication identifiers, and subscription status.
• Service content: designs, catalogue and listing-related data, files you upload, logs, and support communications.
• Connected marketplaces: if you connect shops (for example Etsy, eBay, TikTok Shop, Amazon), we process OAuth tokens and shop data retrieved through each platform’s official APIs to provide the features you enable.
• Orders and fulfilment: where you use Print Network or order tools, we process order and shipping details needed to route production and delivery, as authorised by you.
• AI features: text prompts, parameters, and outputs you generate through our AI tools; we use third-party model providers as described in the Subprocessor list. We do not use TikTok Shop (or other marketplace) order or buyer personal data as input to generative AI providers.
• Technical data: IP address, device and browser type, and cookies as described in our Cookie policy.
• Billing: payment processing is handled by our payment processor (Stripe); we retain limited billing and subscription records. See Subprocessors for detail.

MeshX only accesses marketplace accounts after you complete each platform’s OAuth (or equivalent) authorisation. We comply with each platform’s developer terms and API rules.

TikTok Shop (Open API)

• Categories: product and inventory data you choose to sync; where you use Print Network or fulfilment features, order data required to produce and ship (which may include buyer name and delivery address as provided by TikTok Shop).
• Purpose: listing management, catalogue sync, and fulfilment workflows you activate in MeshX.
• Storage: hosted databases and object storage operated by us and our subprocessors (see Subprocessors); access is restricted and logged as described in our Security overview.
• AI: we do not send TikTok Shop order or buyer personal data to generative AI model providers. Text and image generation features process content you supply in those flows (for example prompts and design assets), not marketplace order payloads.
• Disconnect: you can revoke MeshX from your TikTok Shop authorisation settings; we stop new API pulls and delete or anonymise associated tokens and cached shop data within a reasonable period, subject to backup rotation and legal retention needs. Contact privacy@meshx.uk to request deletion specifics for your account.

Similar principles apply to other connected marketplaces: data is limited to what their APIs expose and what you authorise; purposes match the MeshX features you use.

Depending on the activity, we rely on:

• Contract — providing the services you subscribe to or use.
• Legitimate interests — security, abuse prevention, product improvement, and business operations, where not overridden by your rights.
• Consent — where required (for example certain non-essential cookies or marketing).
• Legal obligation — where applicable.

• Provide, maintain, and improve MeshX Create, Shop Manager, and Print Network.
• Authenticate users and enforce subscription or access rules.
• Communicate about the service, security, and billing.
• Comply with law and respond to lawful requests.

We use third-party providers for hosting, database and authentication, object storage, email, payments, AI inference, and similar functions. A current list with purposes and transfer safeguards is published at https://meshx.uk/subprocessors. Where data is processed outside the UK/EEA, we use appropriate safeguards (such as the UK IDTA or EU Standard Contractual Clauses) with vendors where required.

Business customers who require a data processing agreement may request our DPA at https://meshx.uk/dpa or email privacy@meshx.uk.

We keep personal data only as long as needed for the purposes above, including legal, accounting, or reporting requirements. Retention varies by data type (for example active account data, disconnected marketplace caches, logs). You may ask us for more detail in relation to your account via privacy@meshx.uk.

You may have rights to access, rectify, erase, restrict, or object to processing, data portability, and to withdraw consent where we rely on consent. You may complain to the ICO (UK) or your local supervisory authority.

Our services are aimed at businesses and adults. We do not knowingly collect data from anyone under 16.

We will update this policy when our practices change and revise the “Last updated” date above.