Privacy Policy

We collect three categories of information.

What you tell Mez. Trip parameters you type into the chat — dates, destinations, budget, traveler count, style preferences — along with the full transcript of the conversation. We store this so you can come back to a saved plan and so the model can pick up where you left off.

What your device tells us. Standard server logs: IP address (truncated for retention), user agent, referring URL, and timestamps. We use these for security and to debug performance regressions.

What you give us optionally. If you create an account, your email address. If you save a trip, the metadata of that saved plan. If you contact us, the contents of your message.

We do not ask for and do not store payment card details. Bookings happen on the partner's site (Booking.com, GetYourGuide, Viator, etc.), and your card is handled by them under their own privacy terms.

• To respond to you in the chat with relevant itinerary, pricing, and booking links.
• To remember your saved trips and account preferences across sessions.
• To monitor abuse, fraud, and excessive automated traffic.
• To improve the model's recommendations over time — see Section 5 on how training works.
• To send transactional emails (saved-trip confirmations, password resets, replies to your support requests). We do not send marketing email without a separate opt-in.

Mezin works with a small number of vendors and affiliate partners to make the product function. We share the minimum information needed for each.

• Travelpayouts — affiliate network we use to track which bookings originated from Mezin. They receive a click ID and the eventual booking confirmation from the partner. They do not receive your conversation transcript.
• Booking.com, GetYourGuide, Viator, and other partner sites — when you click a booking link, you leave Mezin and complete the transaction on the partner site. Their privacy policies govern what they collect from you there.
• Hosting and infrastructure — our app, database, and AI model providers. They process data on our behalf under written data-processing agreements.
• Analytics — we use a privacy-respecting analytics tool that does not set advertising cookies and does not build cross-site profiles. We use it to count page views and understand which features are used.

We do not sell your personal information. We do not run third-party advertising on the site, so we don't share data with ad networks.

We use cookies for two things: keeping you signed in and remembering your chat session. We also store a single anonymous identifier from our analytics tool that does not track you across other websites. You can clear cookies at any time from your browser; doing so will sign you out and reset any saved plan you haven't explicitly bookmarked.

By default, we do not use your conversation transcripts to fine-tune third-party language models. We do retain transcripts to improve our internal prompts, routing logic, and to debug specific failures (for example, when Mez recommends something out of stock). If you want your transcripts excluded from this internal analysis, email {{PRIVACY_EMAIL}} and we will tag your account.

Conversation transcripts are retained for 24 months from your last activity, then deleted. Saved trips stay until you delete them or close your account. Server logs are retained for 90 days. If you delete your account, we delete identifying information within 30 days, except where we're required to keep records (for example, financial logs needed for affiliate reconciliation, retained for the period required by law).

Depending on where you live, you may have the right to access, correct, port, or delete your personal information, to object to certain processing, or to withdraw consent. Residents of the European Economic Area, the UK, and Switzerland have these rights under the GDPR. California residents have analogous rights under the CCPA and CPRA, including the right to know what we collect and the right to opt out of “sales” or “sharing” of personal information — which Mezin does not engage in.

To exercise any of these rights, email {{PRIVACY_EMAIL}}. We will respond within 30 days and may ask for verification before acting on a deletion request, to protect you against impersonation.

Mezin is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

Mezin's servers and vendors may be located outside your country of residence. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers of personal data.

If we make material changes, we'll update the effective date at the top and, for account holders, notify by email. Continuing to use Mezin after a change means you accept the updated policy.

Privacy questions, data requests, or anything else covered above: {{PRIVACY_EMAIL}}. For everything else, hello@mezin.ai.