← back

Privacy

Effective 2026-04-25. This is the policy for the public beta. We will post a redline here at least 14 days before any change that materially affects you.

Who we are

CoralMesh is operated by CoralMesh Labs (entity to be incorporated in the EU). For GDPR purposes the controller is CoralMesh Labs. Reach us at privacy@coralmesh.io.

What we store on our servers

  • Your account: username, email, password hash (Argon2id — we never see the password itself).
  • Conversation envelopes: every chat message is end-to-end encrypted with a key derived from your password. We can read filenames (conversation IDs), titles, and timestamps, but the message text is opaque to us.
  • Inference events: who used which model, how many tokens, response time, success — but never the prompt or completion text.
  • Ledger entries: every credit movement so we can refund, audit, and pay peers correctly.

What we do NOT store

  • Your password.
  • The plaintext of any conversation message.
  • The contents of files you index with the local folder RAG.
  • Peers' IP addresses, only their peer_id.

What peers see

When you send a chat, the prompt (only the prompt) is forwarded to a peer to run the model. The peer never learns your username, account id, IP, or conversation history. Repeated requests rotate across peers when possible.

Where data lives

Primary servers in the EU (Hetzner, Frankfurt). Backups are stored in the same region with 14-day retention. Peers run on operators' own hardware worldwide; their IP addresses never leave the relay.

Your rights (GDPR)

  • Access — we'll send you everything we have on file within 30 days.
  • Erasure — full account deletion within 30 days, including ciphertext envelopes. We never had the key, so deletion is irreversible.
  • Portability — chats can be exported from the chat UI; the export decrypts client-side, so we hand you the plaintext only on your device.
  • Complaint — you may complain to your national DPA. EU users: see edpb.europa.eu.

Retention

  • Inference events: 90 days, then aggregated.
  • Ledger entries: 7 years (tax/audit).
  • Conversation envelopes: until you delete them or your account.
  • Server access logs: 30 days.

Sub-processors

  • Hetzner Online GmbH — hosting (Germany).
  • Stripe Payments Europe — card processing for paid plans.
  • Wise Payments Ltd — peer payouts.
  • Postmark — transactional email.

We notify registered users 30 days before adding a sub-processor that materially handles personal data.

Cookies

One HttpOnly session cookie holding your JWT. No analytics or marketing cookies in the beta.

Contact

Reach privacy@coralmesh.io for any deletion or access request.