Privacy Policy

ViralMesh operates the viralmesh.app platform and the social.viralmesh.app dashboard. References to “ViralMesh”, “we”, “our” or “us” in this policy refer to the ViralMesh platform and its operators. For privacy enquiries contact: privacy@viralmesh.app

Information you provide:

• Account data: name, email address, password (stored as a one-way hash), company name, Telegram username
• Role selection: Creator, Channel Owner, and/or Advertiser
• Channel and source data: Telegram channel details, YouTube/Facebook/Instagram channel URLs you connect
• Campaign data: ad creative, campaign budgets, booking requests
• Payment data: billing details processed by Razorpay — we do not store card or bank numbers on our servers
• Communications: messages you send to our support team

Data collected automatically:

• Usage data: pages visited, features used, timestamps
• Log data: IP address, browser type, operating system, referring URL
• Analytics: post publish events, click-through counts, Telegram view counts
• Device data: device type and screen size (for dashboard optimisation)

Data from third parties:

• YouTube, Facebook, Instagram: video metadata and channel statistics via official APIs when you connect your accounts
• Telegram: channel subscriber counts and post view counts via Pyrogram and the Telegram Bot API
• Razorpay: payment status and transaction IDs

• To provide the service: import content, schedule posts, process bookings and payments
• Account management: authentication, email verification, password resets
• Analytics and reporting: generating ROI dashboards, click reports, campaign performance metrics for you
• Communications: transactional emails (verification, booking confirmations, payment receipts), service announcements, and — with your consent — product updates
• Security: fraud detection, rate limiting, spam prevention, audit logging
• Legal compliance: retaining records as required by applicable Indian law

We do not sell, rent, or trade your personal data to any third party for their marketing purposes.

We process your data under the following bases:

• Contract performance: to deliver the services you signed up for
• Legitimate interest: security, fraud prevention, platform improvement
• Consent: marketing communications (you can withdraw consent at any time)
• Legal obligation: compliance with Indian law, tax records, court orders

We share your data only as follows:

• Service providers: Google Cloud Platform (hosting & storage), Razorpay (payments), SendGrid/SMTP providers (email) — bound by data processing agreements
• Telegram API: your bot tokens and session strings are transmitted to Telegram’s servers to publish posts on your behalf
• Marketplace participants: when you book an ad, the Channel Owner receives your campaign brief but not your personal contact details unless you choose to share them
• Legal requirements: when required by law, court order, or governmental authority
• Business transfer: in the event of a merger or acquisition, your data may be transferred — we will notify you in advance

• Your data is stored on Google Cloud Platform servers in the us-central1 region
• Passwords are stored as SHA-256 hashes — we cannot recover plaintext passwords
• All data in transit is encrypted using TLS 1.2+
• API keys and Telegram session strings are stored encrypted at rest
• Access to production data is restricted to authorised personnel only
• We conduct regular security reviews and apply patches promptly

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data.

• Account data is retained for as long as your account is active
• After account deletion, your data is permanently removed within 30 days
• Transaction and billing records are retained for 7 years as required by Indian tax law
• Log data and analytics are retained for 12 months
• Backup copies may persist for up to 90 days after deletion

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Restrict or object to certain processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent for marketing communications at any time

To exercise these rights, email privacy@viralmesh.app. We will respond within 30 days.

We use the following cookies:

• sr_token — authentication cookie, expires after 24 hours, essential for the dashboard to function
• We do not use advertising, tracking, or third-party analytics cookies

You can clear cookies from your browser settings at any time. Deleting the sr_token cookie will log you out.

ViralMesh is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@viralmesh.app and we will delete the account promptly.

Our platform may contain links to third-party websites (YouTube, Telegram, Razorpay, etc.). We are not responsible for their privacy practices. Please review their privacy policies separately.

We may update this Privacy Policy from time to time. We will notify you of material changes via email and/or an in-dashboard notice at least 14 days before the new policy takes effect. Your continued use of the platform after the effective date constitutes acceptance.

For privacy enquiries, data access requests, or complaints:

• Email: privacy@viralmesh.app
• General support: support@viralmesh.app
• Website: viralmesh.app