M E S C H
Privacy Policy
Effective 29 June 2026
MESCH is operated by an independent sole proprietor based in Israel.
Our approach
MESCH is operated by an independent sole proprietor based in Israel. We keep this simple: we collect only what the tool needs to work, we do not sell your data, and we do not use it for anything other than running the service for you. This policy explains what we hold and the choices you have.
What we collect
- Your sign-in identity — your email address, name, and Google account identifier, provided when you sign in with Google. We never see or store your Google password.
- Your shop and membership — the shop you belong to, your display name, and your role.
- Workshop records you enter — the names and phone numbers of artisans (karigars), gold weights, optional notes, who logged each entry, and timestamps.
- Notification settings — if you enable reminders, the technical details needed to send a push notification to your device.
- The access list — the email addresses invited to use the service or that have requested access, and their access status.
Why we collect it and our legal basis
We use this data only to operate the service — to record and display gold movements, to manage who has access, and to send reminders you have asked for. Our legal basis is your consent, given when you sign in. We do not use your data for any unrelated purpose.
How we treat your data
- We do not sell your data, and we do not share it for advertising or any purpose unrelated to operating this service.
- Your data belongs to you. We do not claim ownership of the records you enter, and you may request export or deletion at any time.
- We share data only with the third-party providers strictly necessary to run the service — currently our database and hosting provider (Supabase), our application hosting provider (Vercel), Vercel Web Analytics for basic, cookieless usage statistics, and Google for sign-in — and only so they can perform those functions on our behalf. These providers may process your data only to deliver their service to us and are prohibited from using it for any other purpose.
- We access your data only as needed to operate, maintain, support, and secure the service — for example, to fix a bug, respond to a support request, or prevent abuse.
- Any incidental viewing of data in the course of technical maintenance or debugging is limited to what is necessary for that task and is not used for any other purpose.
Where your data is stored
Your data is stored and processed outside India — including on infrastructure operated by our hosting providers (such as Supabase and Vercel) in regions that may include the United States and the European Union. By using the service you consent to this international transfer. India’s Digital Personal Data Protection Act, 2023 permits transfers of personal data outside India except to countries specifically restricted by the Indian government; we transfer data only to providers in jurisdictions not subject to such restrictions.
Government and legal requests
- We are operated by an independent sole proprietor based in Israel, not an Indian company. We do not voluntarily provide your data to the Indian government, its agencies, or any other authority.
- We will disclose your personal data to a government, court, or law-enforcement body only where we are legally compelled to do so by a valid and binding legal process applicable to us, and we will limit any such disclosure to what we are strictly required to provide.
- As we operate from Israel and host data with providers in other jurisdictions, we may receive lawful requests under the laws of those jurisdictions; where the law permits, we will seek to notify you before disclosing your data so you can challenge the request.
Security
- Your data is private to your shop. Only you and people you invite can see your records.
- All data is encrypted in transit (TLS/HTTPS) and encrypted at rest (AES-256) by our database provider. This is not end-to-end encryption.
- Sign-in is handled by Google — we never see or store your password.
- Access is controlled at the database level (row-level security), so each account can only reach its own shop’s records.
- We rely on established infrastructure providers (Supabase and Vercel) whose platforms maintain industry security certifications such as SOC 2.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your rights and how to reach us
You may ask us to give you a copy of your data, correct it, delete it, or withdraw your consent, and you may raise a complaint about how we handle it. To do any of these, or with any privacy question, write to us at daniel1schreiber@gmail.com. We will respond within a reasonable time. Withdrawing consent or asking for deletion may mean you can no longer use the service.
Retention
We keep your data for as long as you use the service. If you ask us to delete it, or if your access is removed and you ask us to, we will delete your personal data except where we must keep it to comply with a legal obligation.
If something goes wrong
If a data breach occurs that is likely to affect you, we will take reasonable steps to address it and to inform affected users where appropriate.
A note on compliance
We operate this free beta tool — access to which is by invitation or approval — in good-faith alignment with the principles of India’s Digital Personal Data Protection Act, 2023 — notice, consent, purpose limitation, security, and your rights above. The service is intended for users in India and is not directed at the European Union or EEA. We do not claim certified or full regulatory compliance.
Changes to this policy
We may update this policy from time to time. If we make a material change we will take reasonable steps to let you know.