Controller: Keyvenor OÜ
Registry code: 17292521
Address: Tornimäe 7, Kesklinna linnaosa, Tallinn, 10145, Estonia
Email: support@meshoria.com
Supervisory authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: https://www.aki.ee

This Policy applies to data collected via the Website, support channels, payment processors, and related services, including checkout, marketing, and user account management.

We collect the following categories of personal data:
- Account & Identity Data: name, email, username, country, contact details.
- Payment & Transaction Data: payment identifiers, purchase history, billing details.
- Device & Technical Data: IP address, browser type, OS, device ID, cookies, session logs.
- Communications: support tickets, chat logs, and emails.
- Compliance Data: KYC/AML verification details, sanctions screening results.
- Marketing Preferences: opt-in/opt-out records for newsletters and promotions.

We process data only under lawful bases per Article 6 GDPR:
- Contract: to fulfill your purchase or service request.
- Consent: for marketing, cookies, or optional communications.
- Legal obligation: for AML, accounting, tax, and financial recordkeeping.
- Legitimate interest: to operate and improve the Website and prevent fraud.
- Vital/public interest: to comply with lawful authority requests.

We retain personal data for as long as necessary and as required by law:

- Process payments and deliver purchased products.
- Provide customer support and resolve disputes.
- Ensure platform security and detect fraud.
- Comply with AMLD6 and PSD2 audit trail requirements.
- Maintain financial and accounting records.
- Conduct analytics to improve user experience.
- Send marketing messages with explicit consent.

We use cookies and similar technologies to ensure proper site operation, analyze performance, and personalize content.
You can accept or reject cookies via our consent banner or browser settings.
For details, see our Cookie Policy.
We log all cookie consents for at least 24 months in compliance with ePrivacy and GDPR.

We verify certain transactions under Anti-Money Laundering (AMLD6) and Payment Services Directive (PSD2) standards.
Collected data includes identity verification and transaction metadata.
Records are retained for a minimum of 5 years.
We may share information with competent authorities or payment service providers (PSPs) under legal requirements.

Where data is transferred outside the EEA, we apply Standard Contractual Clauses (SCCs) or rely on adequacy decisions.
Transfers to the US are covered under the EU–US Data Privacy Framework (DPF).

We implement strong technical and organizational safeguards:
- TLS 1.3 encryption and HSTS on all pages.
- Role-based access control (RBAC) and MFA.
- Secure hosting on GDPR-compliant EU servers.
- Regular penetration testing and data minimization.
- Incident response and breach notification procedures.

You have the right to:
- Access your data (Art. 15 GDPR).
- Rectify inaccurate data (Art. 16).
- Erase data (“right to be forgotten”, Art. 17).
- Restrict or object to processing (Art. 18–21).
- Port your data (Art. 20).
- Withdraw consent at any time (Art. 7(3)).
To exercise rights, contact: support@meshoria.com. Response within 30 days.

We do not use automated decision-making that produces legal or significant effects.
Any future profiling will be subject to your explicit consent.

We maintain a Record of Processing Activities (RoPA) under Article 30 GDPR and conduct Data Protection Impact Assessments (DPIAs) for high-risk processing such as payment verification and AML checks.

We share data only with trusted processors under data processing agreements (DPAs):
- Hosting and infrastructure providers (EU servers).
- Payment processors (Stripe, Paysera, Adyen).
- Analytics and security services (in compliance with SCC/DPF).
- Legal and financial auditors.

Our services are intended for users aged 18 and older. We do not knowingly collect data from minors.
If you believe a child has provided data, contact us for deletion.

You may lodge a complaint with your local data protection authority.
Primary supervisory authority:
Estonian Data Protection Inspectorate (AKI)
Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee | Website: https://www.aki.ee

This Policy is structured to comply with banking and PSP onboarding standards, including:
- GDPR Articles 5–30
- PSD2 (EU 2015/2366)
- AMLD6 (EU 2018/1673)
- ePrivacy Directive (2002/58/EC)
- Directive 2011/83/EU (consumer rights)
- Schrems II and SCC/DPF mechanisms.

We may update this Policy periodically. The latest version is published on our Website with an updated “Effective Date.”
Material changes will be notified via email or site notice where required.