Privacy Policy

1. Overview

Meilynx (“Meilynx,” “we,” “us,” or “our”) provides an AI observability, governance, and optimization platform for production AI systems. This Privacy Policy explains what information we collect, how we use and protect it, and your choices regarding that information.

This policy applies to our website (meilynx.com), our cloud-hosted application, and related services (collectively, the “Service”). It does not apply to third-party services or websites that may link to or integrate with Meilynx.

2. Information We Collect

2.1 Account Information

When you create an account or request a walkthrough, we collect your name, email address, company name, job title or role, and any optional message you provide. If you sign in through a third-party identity provider (e.g., Google, GitHub), we receive the profile information that provider shares with us.

2.2 Workspace and Project Metadata

We collect organizational metadata such as workspace names, project names, team memberships, role assignments, and configuration settings you define within the Service.

2.3 Telemetry and Outcome Data

Customers send telemetry events (e.g., model name, token counts, latency, cost estimates, workflow identifiers, custom metadata) and outcome events (e.g., outcome type, correlation identifiers, timestamps) to power analytics dashboards. This data relates to your AI workloads, not to end users of your products, unless you choose to include such information in custom metadata fields.

2.4 Governance and Enforcement Data

When governance enforcement is enabled, we receive structured findings from your infrastructure, including validator name, severity, action taken (allow, warn, or block), and hashed request identifiers. We do not receive the raw content of prompts, model responses, or any payload body as part of governance telemetry. Raw payloads remain on your infrastructure at all times.

2.5 Usage Analytics

We collect information about how you interact with the Service, including pages visited, features used, session duration, and actions taken (e.g., publishing governance rules, creating KPIs). We use this information to improve the product and diagnose issues.

2.6 Website Analytics

Our marketing website uses Google Analytics 4 with IP anonymization enabled. We collect aggregate traffic data such as page views, referral sources, and device type. We do not use this data for cross-site tracking or advertising. You can opt out via the cookie consent banner.

2.7 Support Communications

When you contact us for support, we collect the content of your communications, including any attachments or screenshots you provide, along with your email address and name.

2.8 Cookies and Similar Technologies

We use strictly necessary cookies for authentication and session management. We use optional analytics cookies (Google Analytics) only with your consent. We do not use advertising cookies or tracking pixels.

3. How We Use Information

We use the information we collect to:

• Operate, maintain, and improve the Service.
• Authenticate users and manage access control within workspaces and projects.
• Generate analytics dashboards, recommendations, and insights from telemetry and outcome data.
• Enforce governance rules and report structured findings back to your dashboards.
• Communicate with you about your account, service updates, and support requests.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.
• Improve product functionality based on aggregate usage patterns (we do not use your telemetry data to train machine learning models).

4. Data Residency and Prompt Privacy

Meilynx is designed so that raw prompts and model responses never leave your infrastructure. Our enforcement components run within your environment and only transmit structured, non-sensitive metadata (hashed identifiers, token counts, cost estimates, governance findings) to our cloud platform.

If you deploy on-premise audit capabilities, all raw payload data is stored locally on your infrastructure with retention periods you configure. This audit data is never uploaded to Meilynx.

5. Data Sharing and Disclosure

We do not sell, rent, or trade personal information or customer data. We may share information in the following limited circumstances:

• Service providers: We use third-party subprocessors to host and operate the Service (e.g., cloud infrastructure, email delivery, error monitoring). These providers are bound by contractual obligations to protect your data and use it only as directed by us.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Meilynx, our users, or others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
• With your consent: We may share information when you direct us to or provide explicit consent.

6. Security

We implement reasonable technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, regular security assessments, and audit logging. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If you become aware of a security vulnerability or incident involving the Service, please report it to security@meilynx.com.

7. Data Retention

We retain account information for as long as your account is active or as needed to provide the Service. We retain telemetry and outcome data according to the retention settings configured in your project. When you delete your account or request data deletion, we will remove your personal information within 30 days, except where retention is required by law.

On-premise audit data retention is controlled entirely by you and is not subject to our retention policies.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal information.
• Object to or restrict certain processing of your information.
• Request a portable copy of your information.
• Withdraw consent for optional data processing (e.g., analytics cookies).

To exercise any of these rights, contact us at privacy@meilynx.com. We will respond within 30 days (or the time required by applicable law).

9. International Data Transfers

Meilynx is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law, including standard contractual clauses where required.

10. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised “Last updated” date. If changes are significant, we will also provide notice through the Service or by email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Meilynx
Email: privacy@meilynx.com
General inquiries: meilynx@meilynx.com