This document is a non-binding template. It does not constitute legal advice. The operator of this Meldry instance should have it reviewed and customized by qualified legal counsel before relying on it.
1. Who we are
Meldry ("we", "us") operates the platform. For privacy questions, contact us via the support tickets system in your dashboard.
2. What we collect
- Account data — handle, optional email address, password hash, OAuth provider identifiers if you sign in with one.
- Workspace metadata — workspace name, custom domain, plan, billing status.
- Usage data — sign-in events, IP addresses, user-agent, audit log entries (tamper-proof hash chain).
- Resource metrics — CPU, memory, disk, bandwidth samples for capacity planning and billing.
- Customer Data — the contents of your Matrix server (rooms, messages, media). We do not read this except when strictly required to operate the service or comply with law.
- Payment data — handled by our payment providers (Stripe, PayPal, Alipay, WeChat Pay). We never see your full card number.
3. Why we process it
- To provision and operate your Matrix homeserver (contractual necessity).
- To bill you for paid plans (contractual necessity).
- To detect abuse and protect the platform (legitimate interest).
- To comply with law (legal obligation).
- To send you account-related notifications (contractual necessity).
4. Encryption
Matrix room messages are end-to-end encrypted by default. The Operator cannot read encrypted message content, only metadata (timestamps, participant identifiers, room IDs).
5. Sharing
We do not sell personal data. We share data only with:
- Sub-processors strictly necessary to run the service (hosting, payment, email delivery).
- Authorities when compelled by valid legal process.
6. Retention
Account data is retained while your account is active and for up to 90 days after deletion (subject to legal hold requirements). Audit log entries follow the configured retention period (default 90 days). Backups follow your plan's retention.
7. Your rights
Subject to applicable law, you have the right to access, correct, export and delete your personal data. You can:
- Export all data via Settings → Danger Zone → Export Data.
- Schedule account deletion (30-day grace period) from the same screen.
- Open a support ticket for any privacy request.
8. International transfers
Your data may be processed in regions where our infrastructure providers operate. Where required, we use standard contractual clauses or equivalent safeguards.
9. Cookies
The marketing site uses no third-party tracking cookies. The tenant portal uses a single first-party session cookie / token to keep you signed in.
10. Changes
Material changes to this policy will be announced by email and/or in-app notification at least 30 days in advance.