MishMesh ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. By using the Platform, you consent to the practices described herein.
Account Information: Name, email address, username, profile photo, and any profile information you choose to provide (bio, social handles).
Wallet Addresses: Your connected cryptocurrency wallet addresses (Solana, Ethereum, Bitcoin). Wallet addresses are public on their respective blockchains. We store your wallet address to associate it with your account.
Location Data: Precise GPS coordinates from your device. Location data is required for core Platform functionality, including placing and discovering Orbs, verifying proximity for Orb cracking and task completion, and displaying nearby Orbs and tasks on the map. Location data is stored in association with Orbs you create, tasks you post or complete, and stories you share.
Camera and Photos: Photos and images you capture or upload for task proof submission and Stories. Photos may include embedded metadata (EXIF data including location and timestamp).
Orb and Task Data: Details of Orbs you create or crack, tasks you post or complete, transaction amounts, timestamps, and completion status.
Social and Crew Data: Crew memberships, Stories you post, Arena participation, and interactions with other users.
Activity History: Your activity on the Platform, including Orbs cracked, tasks completed, NFTs earned, and reputation data.
Technical Data: IP address, browser type, device information, operating system, and access times, collected automatically for security and analytics purposes.
Private Keys: MishMesh is fully non-custodial. We never have access to, store, or transmit your wallet private keys, seed phrases, or recovery phrases.
Payment Card Data: We do not collect or store credit card numbers, bank account details, or any traditional payment information. All transactions occur on-chain through your connected wallet.
Your data is used to: operate and improve the Platform; display Orbs and tasks on the map based on your location; verify your physical proximity to Orbs and task locations; process and record on-chain transactions; facilitate task proof submission and dispute resolution; deliver social features (Crews, Stories, Arena); mint and deliver NFT rewards; send push notifications (with your consent); comply with legal obligations; and detect and prevent fraud, GPS spoofing, and other prohibited conduct.
We use the following third-party services to operate the Platform:
Supabase — Database hosting, authentication, and file storage (including task proof photos and story media).
Vercel — Application hosting and serverless functions.
Pinata — IPFS pinning service for NFT metadata and decentralized content storage.
Blockchain transactions are recorded on public networks (Solana, Ethereum, Bitcoin). Wallet addresses and transaction details are publicly visible on the respective blockchains. We do not control blockchain data once a transaction is broadcast.
We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We may share data with law enforcement if required by valid legal process, or to protect the safety and security of our users and the Platform.
We collect anonymous, aggregated usage analytics to understand how the Platform is used and to improve our services. Analytics data does not include personally identifiable information. We do not use tracking cookies for advertising purposes.
MishMesh may send push notifications to your device for events such as: an Orb you dropped being cracked, task acceptance or completion updates, dispute outcomes, Crew activity, and Arena events. Push notifications are opt-in. You may enable or disable them at any time through your device settings or in-app preferences.
Stories: Stories are automatically deleted 24 hours after posting.
Account Data: We retain your personal data for as long as your account is active. Upon account deletion request, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., transaction records for tax compliance).
Blockchain Data: On-chain transactions (including wallet addresses and transfer amounts) are permanent and cannot be deleted by MishMesh or any party.
Task Proof Photos: Retained for 90 days after task completion for dispute resolution purposes, then deleted.
We implement industry-standard security measures including: HTTPS encryption for all data in transit, encryption at rest for stored data, row-level security policies in our database, and access controls limiting data access to authorized services only.
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with similar data protection laws, you have the following rights:
Access: You may request a copy of all personal data we hold about you.
Correction: You may update or correct your personal data through your account settings or by contacting us.
Deletion: You may request complete deletion of your account and associated data.
Portability: You may request a full export of your data in a machine-readable format.
Restriction: You may request that we restrict processing of your personal data in certain circumstances.
Objection: You may object to the processing of your personal data for certain purposes.
For EU/EEA residents: You have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out: We do not sell personal information. As such, this right is automatically satisfied.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Your data may be processed in the United States and other jurisdictions where our service providers operate. By using the Platform, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.
The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete such data promptly.
We may update this Privacy Policy from time to time. We will notify active users of material changes via email or in-app notification at least 14 days before the changes take effect. Continued use of the Platform after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, data requests, or complaints, please contact: legal@mishmesh.ai.