Privacy Policy

How we handle your data

Updated: May 6, 2026. By continuing to use the service, you confirm that you have read the terms below.

1. Who we are

Meniki is a social platform for supporting creators: we help collect funds for specific wishes and deliver donations to creators. This document explains what data we collect when you use the website and mobile interface, how we store it, and why we use it.

2. What data we collect

We collect the minimum data needed for sign-in, payments, and thank-you exchanges between creators and donors:

  • Email — for one-time-code sign-in. We do not store passwords.
  • Profile — nickname, bio, date of birth, avatar, and social links.
  • Telegram ID and name — if you sign in or connect your account through the Telegram Login Widget.
  • Wishes — title, description, fundraising goal, cover image, and the item price entered by the creator. The final wish goal may include a 7% service fee added to the item price and shown to the user before publishing.
  • Donations — amount, currency, message, payment status, and provider identifier. Donation amounts may fund the published wish goal, including the added service fee. Card details are processed by the payment provider and are not stored on our servers.
  • Technical data — IP address, User-Agent, and request time in server logs for up to 30 days for abuse prevention and diagnostics.

3. Why we use it

We use your data only to:

  • provide sign-in and session handling;
  • display public profiles and active wishes;
  • process donations and creator payouts;
  • send transactional emails and Telegram notifications;
  • moderate content based on user reports;
  • maintain aggregated statistics without personal data.

4. Who we share data with

We do not sell your data to third parties. Data may be shared only in the following cases:

  • Payment provider — to process a donation.
  • AWS SES — to deliver transactional emails.
  • Telegram — if you use Telegram sign-in or donation notifications.
  • Public authorities — when required by a valid legal request.

5. Public profile data

Nickname, bio, avatar, social links, and active wishes are visible to visitors by default. Email, date of birth, and payment details are always private.

6. Reports and moderation

You can report a wish or profile using the report button. We store the report with your ID, timestamp, and description so moderators can review it and protect the service from abuse.

If we detect signs of fraud, deception of donors, fake wishes, payment abuse, or attempts to bypass service rules, we may temporarily or permanently block the account. During review, payouts, collected amounts, and related operations may be frozen; the final handling of funds is decided after moderation and in line with applicable law and payment provider requirements.

7. Your rights

You can at any time:

  • edit your profile or remove your avatar in settings;
  • disconnect your Telegram account in the profile section;
  • request deletion of your account and related data by writing to [email protected].

8. Storage and security

Data is stored on servers within the project perimeter. In production we use HTTPS, HSTS, secure cookies, CSRF protection, and request rate limits. Access tokens live for 15 minutes; refresh tokens rotate and can be revoked.

9. Contact

For privacy questions, contact us at [email protected]. We respond within 14 business days.