Privacy Policy

Effective: 27 March 2026 · Last updated: 27 March 2026

nightglass is operated by Melis AI ("we", "us", "our"), an Australian entity. This policy explains what data we collect when you use the nightglass screenshot API and related services at nightglass.xyz and api.nightglass.xyz, how we use it, and your rights.

1. What we collect

Account data (human developer path). If you create an account via our dashboard, we collect your name, email address, and authentication identifiers through our auth provider (Clerk). We do not store passwords.

Payment data. For Stripe top-ups, Stripe processes your card details directly — we never see or store your full card number. We store transaction amounts, timestamps, and Stripe customer IDs for billing records. For x402/USDC payments (agent path), transactions occur on the Base blockchain. We record the on-chain transaction hash and payment amount. Blockchain transactions are public by nature.

API usage data. We log: API key used (hashed), endpoint called, timestamp, response status, and cost. We use this for billing, rate limiting, and abuse prevention.

URLs submitted. We process the URLs you submit to generate screenshots. We do not permanently store the URLs or the generated screenshots — they are rendered, returned in the API response, and discarded.

We do not store your screenshots. Images are generated on request, returned in the response, and immediately discarded from our servers.

Technical data. IP addresses, user agent strings, and request headers are logged for security and abuse prevention. These logs are retained for 30 days and then deleted.

Agent path (x402). If you use the x402 payment path, we do not collect any personal data. We verify on-chain payment and return the screenshot. No account, no email, no cookies.

2. How we use your data

To provide the screenshot API service and process your requests
To bill you accurately and maintain your balance
To prevent abuse, enforce rate limits, and maintain service stability
To communicate service updates (account holders only — no marketing without consent)
To comply with legal obligations

We do not sell your data. We do not use your data for advertising. We do not train AI models on your data.

3. Third-party processors

We use the following services to operate nightglass:

Clerk — authentication and user management
Stripe — payment processing (PCI DSS compliant)
Neon — PostgreSQL database hosting (account data, usage logs)
Hetzner — server infrastructure (Helsinki, Finland — EU jurisdiction)
Vercel — landing page and static asset hosting
Base network / xpay.sh — x402 payment verification (on-chain, no personal data)

Each processor is bound by their own privacy policies and data processing agreements.

4. Data retention

Screenshots: Not retained. Generated and discarded immediately after response.
Account data: Retained while your account is active. Deleted within 30 days of account closure upon request.
Billing records: Retained for 7 years to comply with tax and accounting obligations.
Technical logs (IPs, request metadata): 30 days.
x402 transaction hashes: Retained for billing reconciliation. On-chain data is permanent and public by nature of the blockchain.

5. Your rights

Depending on your jurisdiction, you may have the right to:

Access your personal data and request a copy
Correct inaccurate information
Delete your account and associated data
Export your data in a portable format
Object to processing or restrict how we use your data
Withdraw consent where processing is based on consent

To exercise any of these rights, email privacy@melis.ai. We will respond within 30 days.

6. International transfers

Our servers are located in Helsinki, Finland (EU). If you access nightglass from outside the EU, your API requests are processed on EU infrastructure. Account data stored with third-party processors (Clerk, Stripe) may be processed in the United States under their respective data processing agreements and standard contractual clauses.

7. Cookies

The nightglass API does not use cookies. The dashboard (api.nightglass.xyz) uses essential authentication cookies set by Clerk to maintain your login session. We do not use analytics cookies, tracking cookies, or advertising cookies.

8. Children

nightglass is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

9. Security

We use HTTPS for all connections, encrypt data at rest, hash API keys (we cannot see your full key after creation), and restrict server access to authorised personnel. No system is perfectly secure — if you discover a vulnerability, please report it to security@melis.ai.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to account holders and posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

11. Applicable law

This policy is governed by the laws of Australia, including the Privacy Act 1988 and Australian Privacy Principles (APPs). We also comply with the EU General Data Protection Regulation (GDPR) for EU/EEA users and the California Consumer Privacy Act (CCPA) for California residents.

12. Contact

For privacy enquiries, data requests, or complaints:

Melis AI
Email: privacy@melis.ai
Web: nightglass.xyz