The plain-English summary
- We collect only what we need to help you make a wedding video together.
- Guest footage is private to your event. Never used for ads, training, or anything else.
- We never sell your data. We never will.
- You can delete your account and footage at any time, in two taps.
- We host in the EU (Frankfurt) and comply with GDPR by default, for everyone.
- We use a small number of vendors (Stripe, Mux, Cloudflare). They're listed in §6.
Who we are.
"Mesh", "we", "us" means HonestDev, registered in the Netherlands (KVK 52326470). Our registered office is Regulierstraat 43J.
We are the data controller for couples and planners who hold an account, and the data processor on behalf of those couples for footage uploaded by their wedding guests.
For privacy questions, write to privacy@meshtogether.app. Our Data Protection Officer is Lina van der Voort and reads every message herself.
What we collect.
Three buckets. That's it.
| Bucket | What's in it | How we get it |
|---|---|---|
| Account | Name, email, password hash, your wedding date, billing address, payment method (tokenised, we never see your card number) | You give it to us when you sign up |
| Event | Venue, schedule, guest names & emails (only if you add them), the colours and logo you brand the film with | You set this up in the couple app |
| Footage | Video clips, photos, captions, who uploaded each one, device type, the rough time + place of capture (if the guest's phone is sharing it) | Guests upload via your QR code or share link |
What we don't collect
- Guest accounts (there are none, joining is QR + name only)
- Guest contact details (unless you, the couple, type them in)
- Anything from your phone outside the Mesh capture window
- Biometric data, face-recognition templates, or anything resembling a "who is in this photo" model
Why we use it.
Strictly for the things you asked us to do. Specifically:
- To run your event — accept clips, build the film, deliver it. Lawful basis: contract.
- To bill you — payment, invoicing, refunds. Lawful basis: contract.
- To keep things working — error logs, abuse prevention, fraud checks. Lawful basis: legitimate interest.
- To send you product email — only the necessary kind (your event went live, your film is ready). Marketing emails are opt-in only and you can unsubscribe in one click. Lawful basis: consent.
We never use your footage to train AI models. We never use it for ads. The auto-edit happens privately, on your event's data, on our own infrastructure, and stops the moment your event is delivered.
Guest footage & consent.
When a guest scans your QR code we show them a one-screen consent message in their language: that their clips will be visible to the couple, edited into a film, and stored for the duration of the plan. They tap "I'm in" to continue. We don't make them sign up.
You decide who is invited, what gets included in the final cut, and when the event archives. Mesh follows your instructions. If a guest later wants their clips removed, send the request to privacy@meshtogether.app with your event ID. We'll remove their footage within 72 hours and notify them when it's done.
How long we keep things.
| Data | Retention | Why |
|---|---|---|
| Account profile | While active + 30 days after deletion | Lets you change your mind |
| Event footage | Per your plan (30 days · 1 year · forever) | That's what you paid for |
| Director's cut | Same as event footage | — |
| Invoices | 7 years | Dutch tax law requires it |
| Email logs | 90 days | Spam & deliverability |
| Server logs | 14 days | Debugging, then auto-purged |
Your rights.
Under GDPR (and we extend the same rights to everyone, regardless of where you live), you can:
- Access — get a copy of everything we hold about you (Settings → Export my data).
- Correct — fix anything that's wrong, in-app or by email.
- Delete — remove your account and footage. See how to delete.
- Port — get your data in a machine-readable format (JSON + MP4).
- Object — to any processing based on legitimate interest.
- Withdraw consent — for marketing email, in one click in any email we send.
- Complain — to the Dutch DPA (autoriteitpersoonsgegevens.nl) or your local one.
Deleting your account.
You can delete your Mesh account and all associated data from inside the app, or by sending us a request. We process deletions within 30 days and confirm by email when it's done.
The full step-by-step is on our deletion page.
Children.
Mesh is for adults planning weddings. We don't knowingly accept signups from anyone under 16. Children frequently appear in wedding footage as guests; this is fine and expected. The couple (their parents or hosts) is responsible for whether to include their footage in the final cut, and for any local rules about images of children.
Changes to this policy.
If we make a material change we email every account holder at least 30 days in advance. Minor edits (typos, clarifications, new vendors) are noted in our changelog. The "Last updated" date at the top always reflects the latest version.
Contact us.
For anything privacy-related: privacy@meshtogether.app. We answer within 72 hours, usually faster. For everything else, our contact page is here.
HonestDev · Regulierstraat 43J · Netherlands · KVK 52326470