Legal
Privacy
Last updated: Spring 2026 · Draft
Draft. This text is a plain-language first pass by the Meilu team. It will be replaced with counsel-reviewed language before public launch. Nothing here is legal advice.
What we collect
- Your phone number. This is how we identify and sign you in. We store it hashed in most places and plain in one — the user record itself.
- Your email address,if you give us one. Used for things like reference requests and booking confirmations. We don't sell it.
- Profile fields you fill in: bio, occupation, languages, preferences, privacy toggles.
- Listings you create (as a host): photos, lease PDFs, address, pricing, amenities.
- Bookings you make: dates, guests, handoff method, messages tied to the booking.
- Messages you send through Meilu: stored as written, visible to you, the counterparty, and Meilu ops if a dispute opens.
- References written about you: stored against your account, visible on your public profile once confirmed.
- Reviews you write: stored and published per the policy in Terms.
- Session data: when you signed in, from what user agent. Used to keep you logged in across tabs.
- Logs. IP, request paths, response codes — kept short for operational debugging and abuse prevention.
What we don't collect
- No passport scans, no ID uploads. Identity is verified by phone only.
- No browsing-history trackers. Meilu doesn't carry advertising IDs.
- No payment data — we don't process payments.
Who sees what
- Other Meilu users see what you choose to put on your public profile, plus anything you send them in a conversation or on a booking.
- Meilu opscan read messages and profile content when responding to a dispute. We'll say so in the resolution note.
- Third partiesget almost nothing. Our SMS provider sees the phone and code. Our email provider sees the email, subject, and body of whatever we send you. Our hosting provider sees the raw requests. That's the list.
Your rights (Israeli Protection of Privacy Law + GDPR-style)
- See your data.Write to us and we'll bundle what we have and mail it back in a human-readable format within 30 days.
- Correct your data. Most fields are editable from your profile. For anything else, write in.
- Delete your account.We'll wipe personal fields, messages you sent, your references, and your bookings. Some things survive (completed-stay review aggregates, audit logs) because hosts and ops need them to operate safely.
- Port your data. A JSON export on request.
- Objectto specific uses. Email us and we'll sort it.
Cookies
A single essential cookie (
meilu_session) keeps you signed in. We use Google Analytics (measurement ID G-HNDMHPH3MP) to understand how people use the site — page views and navigation only, no advertising cookies. You can opt out with a browser extension like Google Analytics Opt-out or by blocking third-party scripts.How long we keep things
Messages and booking data live for as long as your account does. Audit logs are kept for up to 3 years to satisfy ops requirements. SMS codes are hashed, single-use, and expire in 10 minutes. Session rows delete on logout.
Contact
For anything in this policy: privacy@meilu.co.