Privacy Notice

In accordance with the Federal Law for the Protection of Personal Data and its Regulations, MEZ Laser Edition ("MEZ Laser") makes this Comprehensive Privacy Notice available to you.

1. Personal data we collect

To comply with the purposes indicated in this notice, we may collect the following personal data:

Category	Specific data
identification	Email address, name (optional)
authentication	Password (stored hashed and salted)
use of the service	Images you upload for processing
financial	Payment data (Polar.sh) — MEZ Laser does NOT store card numbers
technical	IP address, browser type, approximate country

2. Purposes of processing

Primary purposes (necessary for the service)

• Create and manage your account.
• Process your images for laser engraving.
• Manage your credits and subscriptions.
• Authenticate your identity and keep your session secure.
• Address your requests and questions through Support@meznet.com.

Secondary purposes (service improvement)

• Detect and prevent fraud, attacks or misuse.
• Generate anonymous usage statistics to improve the platform.
• Send you service-related communications (news, updates, account status).

note We do not use your data for personalized advertising, automated profiling for unsolicited purposes, or the sale of data to third parties.

3. Transfer of personal data

We may transfer your personal data to the following third-party service providers, solely for the purposes indicated:

Provider	Function	Shared data	Location
Supabase	Database	Email, password hash, credits	USA / Ireland
Polar.sh	Payment processor	Email, billing information	USA
Render	Hosting	IP, access logs	USA

These third parties cannot use your data for their own purposes and are contractually obligated to comply with security and privacy standards equivalent to those required by the LFPDPPP.

4. Mechanisms to revoke consent

You can revoke your consent for the processing of your personal data by sending an email to Support@meznet.com. Your request will be processed within a maximum of 20 business days.

Revocation of consent may imply the impossibility of continuing to use our services.

5. Exercise of ARCO rights

As the owner of personal data, you have the right to:

• Access — Know what data we hold about you.
• rectification — Correct inaccurate or incomplete data.
• cancellation — Request the deletion of your data.
• opposition — Object to the processing of your data for specific purposes.

6. Limitation of use or disclosure of data

You can limit the use or disclosure of your personal data by sending us an email. If your request is valid, we will register your data in our own exclusion list.

7. Use of tracking technologies (cookies)

We only use strictly necessary cookies for the operation of the site:

• session token — To keep your session active.

we do not use advertising cookies

8. Data Security

We implement technical, administrative and physical security measures to protect your data:

• Encrypted communications via HTTPS.
• Passwords stored with hash salt (irreversible).
• Webhooks signed with standard webhooks to verify authenticity.
• rate limiting to prevent brute force attacks.
• Restricted access to databases.

9. Retention periods

• active accounts while you maintain your account.
• processed images deleted after sending you the result.
• payment records 5 years for tax obligations.
• account deletion data deleted within 30 days.

10. Changes to the Privacy Notice

If we make substantial changes to this notice, we will notify you via a notice on our website or by email. We recommend you periodically review this page.

11. Acceptance of the Notice

By registering or using our services, you consent to the processing of your personal data as established in this Privacy Notice.

12. Contact