← mesavi
Privacy Policy
Last updated: July 3, 2026
mesavi ("we") is a rewards platform. This policy explains what we collect, why, and who processes it on our behalf. The short version: we collect what's needed to run accounts, pay real people, and keep fraud out — and we don't sell personal information.
What we collect
- Account data — your email address and account identifiers, when you sign up.
- Fraud-prevention data — your IP address, approximate country, browser characteristics used to derive a device identifier ("device fingerprint"), whether your connection appears to be a VPN, proxy, or Tor exit, and whether your email domain is a disposable-email provider. We collect this at signup because paying real people requires keeping automated and duplicate accounts out. This is processed on the basis of our legitimate interest in fraud prevention.
- Usage analytics — pages viewed, signup funnel steps, and the campaign source that brought you here (UTM parameters and referrer).
- Survey and offer data (when the offer wall opens) — completions and, for surveys, demographic information you choose to provide to our survey partners. We will update this policy with named partners before that feature launches.
Service providers (data processors)
- Cloudflare — hosting, security, and human-verification. Our signup form uses Cloudflare Turnstile; its use is governed by the Cloudflare Turnstile Privacy Addendum.
- Clerk — account creation, email verification, and sign-in.
- Supabase — our application database (hosted PostgreSQL).
- PostHog — product analytics (US cloud).
- vpnapi.io — VPN/proxy detection: your IP address is checked against their service at signup.
Cookies and similar technologies
We use strictly-necessary cookies for authentication (Clerk), security tokens for human verification (Turnstile), and first-party analytics storage (PostHog). We do not run third-party advertising trackers on this site.
Retention
Account data is kept while your account exists. Fraud-prevention records are retained after account closure where needed to prevent repeat abuse. Analytics data is retained per PostHog's standard retention.
Your rights
You can request access to, correction of, or deletion of your personal data by emailing hello@mesavi.com. If you are in the UK or EU, you have rights under UK GDPR/GDPR including access, rectification, erasure, and objection to legitimate-interest processing; we honor these on request. Note that we may retain minimal fraud-prevention records where the law permits, to prevent repeat abuse.
Eligibility
mesavi is for adults 18 and over in the United States, United Kingdom, Canada, and Australia. We do not knowingly collect data from anyone under 18.
Changes
We'll update this page when our practices change, and note the date above. Material changes (like the offer wall launching with named survey partners) get a fresh "last updated" date and, where appropriate, an email notice.
Contact
hello@mesavi.com