Privacy Policy
Last Updated: 27 Feb 2026
This Privacy Policy describes how Meioli ("Meioli", "we", "us", or "our") collects, uses, shares, and protects information related to Agency account owners, their end users, and visitors to the Meioli websites and Platform. Meioli is operated from India and serves a global audience that includes customers across the Americas, Europe, Asia, Africa, and the Middle East. By using the Platform, you agree to the practices described below and, where required, your local privacy laws.
1. Principle-Based Scope
Meioli acts as a data processor with respect to customer or end-user data that agencies manage inside the Platform. Agencies are independent data controllers for their end customers, and each agency should determine the lawful basis for processing under relevant regulations (GDPR, CCPA/CPRA, India’s DPDP Act, or other jurisdictions). This Policy also covers data we collect directly from agencies, their administrators, and visitors to our marketing or help sites.
2. Categories of Information We Collect
a. Account & Profile Data
When you sign up for Meioli, we collect identifiers such as your name, business contact email, company name, billing details, and account setup preferences. We retain information necessary to administer your account and communicate about platform updates, invoicing, and support.
b. Usage & Technical Diagnostics
We gather system, device, and interaction data to operate the Platform, debug issues, and analyze trends. This includes log data (timestamps, request paths, IP addresses), device fingerprints, browser user agents, and feature usage within Spaces.
c. Customer Data in Spaces
Agencies may upload documents, tasks, templates, automations, dashboards, user comments, or any other operational content into Spaces. Meioli processes this content solely to provide the Platform and to deliver features such as search, workflows, and analytics on behalf of each agency customer.
d. Payment & Financial Signals
Billing is handled through trusted third-party processors. Meioli never stores full credit-card or bank account numbers. We may retain payment tokens, invoices, and subscription status data to maintain accurate billing histories and compliance with finance regulations.
3. How We Use Information & Legal Bases
We process the above categories of information to deliver the Platform, secure the environments, communicate with customers, and comply with legal obligations. Processing is based on the following lawful bases where applicable:
- Contractual necessity—to fulfill service and billing commitments.
- Legitimate interests—to analyze operations, prevent abuse, and improve the Platform.
- Consent—where required for marketing or non-essential cookies.
- Legal obligations—such as audits, investigations, or tax record keeping.
We also apply the principles of data minimization and pseudonymization where feasible, deleting or archiving data when it is no longer needed for the intended purpose.
4. Sharing & Sub-Processors
Meioli shares limited data with trusted Sub-Processors that help operate the Platform. Examples include public cloud infrastructure providers, monitoring tools, support platforms, and analytics vendors. Before onboarding any Sub-Processor, we assess their security posture and enter into contracts that require confidentiality, security, and compliance with applicable laws.
- Cloud hosting providers for compute, storage, and networking.
- Payment processors (Stripe, Razorpay, or similar) for billing.
- Communications and automation services such as AppConnector for notifications and automations.
- Professional advisors or law enforcement when required by law.
Meioli does not sell personal data.
5. International Transfers & Data Locality
Data may be processed in India or other jurisdictions where Meioli and our Sub-Processors operate. We implement appropriate safeguards such as standard contractual clauses, binding corporate rules, or other lawful transfer mechanisms to protect data transferred across borders.
6. Retention & Deletion
Account data is retained for the duration of the active customer relationship and for a reasonable period afterward to comply with audit and legal obligations. Customer data inside Spaces remains with the agency until it is deleted or the account is terminated. When data must be removed, we employ secure deletion methods and document retained records if required by law.
7. Security & Safeguards
Meioli maintains a layered security program with administrative, technical, and physical controls that include encryption in transit (TLS), secure authenticated sessions, role-based access control, logging, and monitoring of security events. Access to sensitive systems is limited to authorized personnel and audited regularly.
8. Incident Response & Notification
In the unlikely event of a security incident that materially affects customer or personal data, Meioli follows documented incident response procedures. We promptly notify impacted agencies, document the scope of the event, and supply regulator-ready summaries when required by laws such as GDPR, DPDP, or CCPA/CPRA so agencies can fulfill their obligations to regulators and end users. Meioli does not independently notify every end user, but we cooperate with agencies on data exports or forensic information they need for their own notices. When specific timelines apply—such as the 72-hour window under GDPR or U.S. state breach-notice laws—we comply with the strictest applicable requirement and keep agencies and regulators informed without undue delay.
9. Your Rights (Global)
Depending on your country, you may have rights to access, correct, delete, or restrict processing of your data. Key rights include:
- GDPR (EU/UK): access, rectification, erasure, restrict processing, object, data portability, and lodge a complaint with a DPA.
- CCPA/CPRA (California): know what is collected, delete data, correct inaccuracies, opt-out of sales (we do not sell data), and limit sharing.
- India DPDP Act: access, correction, erasure, grievance redressal, and data portability where applicable.
- Other jurisdictions: rights may include portability, objection, or automated decision explanations under local law.
To exercise any of these rights or for questions about data handling, please contact [email protected].
10. Cookies & Tracking
We use cookies and similar technologies to provide essential Platform functions, analyze usage, and personalize marketing. Agencies control cookie consent for their end users, and visitors may manage cookie preferences via browser settings or cookie banners.
11. Children
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.
12. Policy Updates
We may update this Privacy Policy to reflect changes in the law or our practices. Notice of material changes will be posted on the Platform or sent by email. Continued use after a revision indicates acceptance of the new terms.
13. Contact
If you have privacy-related questions, email us at [email protected].