Privacy Policy
MRC Data API — MEACHEAL Research Center — Effective April 7, 2026
1. Introduction
This Privacy Policy describes how MEACHEAL Research Center ("MRC," "we," "us," or "our") collects, uses, and protects information in connection with the MRC Data API available at https://api.meacheal.ai.
The MRC Data API provides structured data about the Chinese apparel supply chain, including supplier profiles, fabric specifications, and industrial cluster information. This is business-to-business data infrastructure, not a consumer-facing service.
2. Information We Collect
2.1 API User Information
We collect minimal information from API users:
| Data | Purpose | Retention |
|---|---|---|
| API key | Authentication, rate limiting, billing | Duration of account |
| IP address | Rate limiting, security, abuse prevention | 90 days |
| API request logs (tool called, parameters, timestamp) | Security audit, billing, service improvement | 90 days |
| Email address (if provided during key registration) | Account communication, key recovery | Duration of account |
We do not collect names, physical addresses, payment card numbers (payments are processed through third-party providers), browsing history, cookies, or any form of tracking beyond the API request logs described above.
2.2 Demo Tier (No API Key)
Users accessing the demo tier without an API key are subject only to IP-based rate limiting. We log the IP address and request metadata for security purposes. No account or identity information is collected.
2.3 Supply Chain Data We Provide
The data served through the MRC Data API consists of business information about apparel supply chain entities, including:
- Supplier company profiles (factory name, location, capacity, certifications)
- Fabric technical specifications (weight, composition, test results)
- Industrial cluster statistics (regional manufacturing data)
This data pertains to business entities and commercial operations. It does not contain personal data of individuals. Data sources include publicly available trade platforms and MEACHEAL proprietary verification processes.
3. How We Use Information
We use the information collected from API users solely for the following purposes:
- Authenticating API requests and enforcing rate limits
- Monitoring for abuse, unauthorized access, and security threats
- Calculating usage for billing purposes (paid tiers)
- Improving the reliability and performance of the API
- Communicating service updates or security notices
We do not sell, rent, or share API user information with third parties for marketing purposes.
4. Data Retention
- API request logs: Retained for 90 days, then permanently deleted.
- IP addresses: Retained for 90 days in request logs.
- API keys and account data: Retained for the duration of the account. Upon account deletion, data is purged within 30 days.
5. Data Sharing
We may share API user information only in the following circumstances:
- Legal compliance: When required by law, regulation, or valid legal process.
- Security: To investigate or prevent fraud, abuse, or security incidents.
- Service providers: With infrastructure providers (hosting, payment processing) who process data on our behalf under contractual obligations.
6. Data Security
We implement industry-standard security measures to protect API user information, including encrypted transmission (TLS), access controls, and regular security reviews. API keys are stored in hashed form where feasible.
7. GDPR Compliance (EEA Users)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:
- Access: Request a copy of the data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing based on legitimate interests.
Our legal basis for processing is legitimate interest (operating and securing the API service) and, where applicable, contractual necessity (providing the service you subscribed to).
To exercise any of these rights, contact us at api@meacheal.ai.
8. CCPA Compliance (California Users)
Under the California Consumer Privacy Act, California residents have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of personal information.
- Opt out of the sale of personal information. We do not sell personal information.
- Non-discrimination for exercising privacy rights.
To submit a CCPA request, contact us at api@meacheal.ai.
9. International Data Transfers
The MRC Data API is operated from infrastructure that may include servers in multiple jurisdictions. By using the API, you acknowledge that your request data (API key, IP address, request parameters) may be processed in jurisdictions outside your country of residence.
10. Children's Privacy
The MRC Data API is a business-to-business service not directed at individuals under 16. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the API documentation or email to registered API key holders. Continued use of the API after changes constitutes acceptance of the updated policy.
12. Contact
For questions about this Privacy Policy or to exercise your data rights:
- Email: api@meacheal.ai
- Organization: MEACHEAL Research Center
- Website: meacheal.ai