Privacy Policy
What we collect, what we don't, and what we do with it.
We observe your agent runs to detect failures. We do not train models on your data, sell it, or share it with anyone outside the sub-processors listed below.
Who we are
Mesedi is operated by Verdifax, LLC (d/b/a Mesedi), a Delaware limited liability company. For privacy questions or to exercise any of the rights described below, email privacy@verdifax.com.
What we collect
When you sign up for and use Mesedi, we collect three categories of data:
Account data. The email address you provided at signup, the project name you chose, the API keys we issued to you (stored hashed, never plaintext), and the time you created the account.
Agent telemetry. Whatever your SDK sends us about your agent runs: execution start and end times, status, model name and provider, token counts, estimated cost, and the events your code emits during the run. Events include the raw inputs and outputs of LLM calls and tool calls, exactly as you passed them through the SDK. This is the data we run failure detectors against.
Billing data. If you upgrade to a paid plan, Stripe handles the actual payment. We store the Stripe customer and subscription identifiers Stripe returns to us so we can read your subscription state. We never see or store full card numbers.
What we don't do with your data
We will never train AI models on your telemetry, prompts, tool calls, or model outputs. Not our own models, not any third party's. The data exists on our infrastructure only to power the detectors and dashboard you pay us to provide.
We will never sell your data, syndicate it to data brokers, or share it with advertising networks. Mesedi has no advertising business and never will.
We do not read your agent inputs and outputs to extract business intelligence, competitive insights, or anything else outside the technical scope of detection.
What you should not send us
Mesedi is designed to observe AI agent runs. It is not the right place to store protected health information, full payment card numbers, social security numbers, or other data types that need specialized handling under regulations like HIPAA or PCI-DSS. If your agent processes data of these types, redact or hash sensitive fields before they leave your process and reach our SDK.
Sub-processors
We use the following third-party services to run Mesedi. Each receives only the data necessary to do its job:
| Sub-processor | Purpose | Region |
|---|---|---|
| Stripe | Payment processing for paid subscriptions. | United States |
| Fly.io | Backend hosting (API server, SQLite database, webhook dispatcher). | United States (iad. Ashburn, VA) |
| Vercel | Marketing site and customer dashboard hosting. | United States |
| GitHub | Open-source SDK + backend distribution, status page hosting. | United States |
| PyPI / npm | Public package registries for our Python and TypeScript SDKs. | United States |
Data retention
Today, we retain agent telemetry indefinitely. Configurable retention windows (30 / 90 / 365 days) are on the near-term roadmap. If you want your data purged before that ships, email privacy@verdifax.com and we will purge it manually within 30 days.
Account data and billing identifiers are retained for as long as your account is active, plus a reasonable period after cancellation for tax and audit purposes (typically seven years for the Stripe customer reference; agent telemetry tied to the project is deleted on cancellation request).
Your rights
You can request a full export of your project's data at any time by emailing privacy@verdifax.com. We will respond within 14 days with a JSON archive of every row associated with your project.
You can request deletion of your project and all associated telemetry the same way. We will confirm completion within 30 days. Some records (Stripe billing history, in particular) are kept for legal compliance even after deletion of your account.
You can correct your account email or project name yourself from Settings in the dashboard, or by emailing us.
If you are located in California, the EU, the UK, or another region with specific privacy rights legislation, the rights described in those frameworks (access, deletion, portability, non-discrimination, and others as applicable) also apply to you. The same email address handles all of them.
Storage in the United States
Mesedi's production infrastructure runs in United States data centers (Fly.io and Vercel). If you access Mesedi from outside the US, you understand that your data is transferred to and stored in the US. We will add EU residency before taking on EU enterprise customers; until then, please factor this into your sourcing decisions.
Cookies and browser storage
The marketing site at mesedi.vercel.app uses no cookies and no third-party trackers. We have no analytics tags, no advertising pixels, and no session replay tools.
The dashboard at /app stores your API key in your browser's localStorage so you stay signed in across page loads. That value never leaves your browser except as a bearer token on requests to the Mesedi backend.
Children's privacy
Mesedi is intended for use by professionals building production software systems. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has signed up, email privacy@verdifax.com and we will delete the account.
Changes to this policy
We will update this page when our data practices change. For changes that materially affect your rights or how we handle your data, we will notify you by email and a dashboard banner at least 14 days before the new terms take effect.
Contact
For any privacy-related question, request, or complaint:
Verdifax, LLC
d/b/a Mesedi
Delaware, United States