Privacy Policy
Last updated: June 22, 2026
Msh is a VST3/AU audio plugin developed by Nlock Ltd, a company registered in England and Wales. Nlock Ltd is the data controller for the personal data described in this policy. This policy covers the Msh plugin, the msh.audio website, and any related services.
Nlock Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.
Contact: hello@nlock.studio
Msh stores data locally on your machine to provide a better experience. This includes basic system and session information so Msh can optimize performance for your setup, a catalog of your installed plugins so you can browse and load them, usage data so we can understand which features are working well, and diagnostic data to help us investigate crashes.
This data stays on your device and is never sent to our servers unless you explicitly opt in to a feature that requires it. You can delete it at any time by removing the Msh data folder.
Legal basis: legitimate interest in providing a functional, performant product.
When you create an account or log in, we process your email address, name, authentication credentials, and your IP address. Your IP address is stored with your account record so we can detect suspicious login activity and protect your account.
Legal basis: performance of a contract (providing the service you signed up for).
During account creation, you can opt in to receive marketing emails about Msh product updates and announcements. This is off by default and requires your explicit consent. You can change this preference at any time in Settings.
Legal basis: consent. You can withdraw consent at any time via Settings or by contacting us.
During onboarding, you can choose to share usage data with us. This is off by default and requires your explicit consent. You can toggle this at any time in Settings under "Share usage data". When enabled, we collect:
This data is linked to your account. We do not send file paths or any data unrelated to this feature. Disabling this in Settings immediately stops collection. You can request deletion of previously collected data by contacting us.
Legal basis: consent. You can withdraw consent at any time via Settings.
When you activate a Msh license, we receive your license key, a device identifier derived from your hardware, and a label for your machine (e.g. "MacBook Pro"). This data is used to enforce activation limits and allow you to manage your devices. We store the activation record with a timestamp of your last validation.
Legal basis: performance of a contract (enforcing the licence terms you agreed to at purchase).
Purchases are processed by Stripe. Stripe receives your name, email address, and payment method details directly. Nlock Ltd does not store your credit card number or full payment details. We receive only a transaction reference and confirmation of payment status from Stripe.
Legal basis: performance of a contract (processing the purchase you initiated).
You can submit a bug report from within the Msh plugin. Bug reports include a title, description, steps to reproduce, your log file (msh.log), the current Mesh file, and system information (app version, OS, DAW, CPU architecture, audio settings). Bug reports are entirely voluntary and only submitted when you choose to file one.
Legal basis: consent (you choose to submit the report).
When you browse msh.audio, we record certain activity to measure content reach and detect abuse. This includes Mesh views, downloads, and opens, as well as profile page views. Each event records your IP address, approximate location (country, city, region), browser user agent, and language. If you are logged in, the event is linked to your account.
View events are deduplicated by IP address (one view per visitor per Mesh or profile). We do not use this data for advertising or sell it to third parties.
Legal basis: legitimate interest in understanding content reach, providing view and download counts to creators, and detecting abuse.
When you download the Msh installer, we record the platform (macOS or Windows), version, and your IP address. This helps us understand adoption and troubleshoot installation issues.
Legal basis: legitimate interest in understanding product adoption.
The msh.audio website uses the following cookies:
msh.audio/?ref=example). It records the creator's public referral code so any purchase you make can be credited to them. The cookie stores only that public code, expires after 30 days, and is not shared with any third party. You can clear it at any time via your browser's cookie settings.We do not use any advertising, tracking, or analytics cookies.
The msh.audio website uses Cloudflare Web Analytics to measure aggregate traffic (page views, referrers, browser and country breakdowns). It is cookieless: it does not set any cookies, does not store any data on your device, and does not use cross-site identifiers. IP addresses are used transiently to generate aggregate statistics and are not retained in a way that identifies you. Under the UK Data (Use and Access) Act 2025, low-risk analytics of this kind is exempt from the cookie consent requirement, so the website does not display a cookie banner. You can block analytics by blocking static.cloudflareinsights.com in your browser or network.
The msh.audio website and account signup use Cloudflare Turnstile in invisible mode to protect against bots and abuse. Turnstile runs a background challenge in your browser without requiring interaction. See the Cloudflare Turnstile Privacy Addendum for details on how Cloudflare processes data for this service.
We use Sentry for error monitoring on both the website and the API. Sentry may receive technical error data (stack traces, browser/OS version, request URLs) but does not receive personally identifiable information such as IP addresses or user credentials.
Our third-party service providers are:
Some of these services process data in the United States. Where data is transferred outside the United Kingdom, we rely on UK International Data Transfer Agreements (IDTAs) or the provider's UK data protection addendum incorporating standard contractual clauses.
We do not sell your personal data to anyone. We may share anonymous, aggregate statistics (such as overall plugin popularity) with partners, but this data can never identify individual users.
Under UK GDPR, you have the right to:
To exercise any of these rights, email hello@nlock.studio. We will respond within 30 days.
When you report a Mesh for copyright infringement, inappropriate content, or other reasons, we collect your email address, the reason for the report, and any details you provide. This data is used to investigate the report, take action if necessary, and handle any counter-notifications or disputes.
Report data is visible to Nlock Ltd staff responsible for content moderation. We retain report data for 90 days after resolution to allow for counter-notifications and disputes, after which the reporter email is anonymised. The report outcome and admin notes are retained indefinitely as part of our moderation records.
You can request access to, correction of, or deletion of your report data by contacting hello@nlock.studio. We will respond within 30 days.
Legal basis: legitimate interest in maintaining platform integrity, preventing abuse, and complying with legal obligations related to copyright enforcement.
Account data is retained for the lifetime of your account. When you delete your account, all associated server-side data is deleted, including your profile, published Meshes, and authentication tokens. Data that has already been captured in anonymized, aggregate form (such as analytics or error reports that do not contain personal data) is not affected by account deletion. Anonymous analytics cannot be deleted because they are not linked to you.
Platform activity data (Mesh views, profile views, and associated IP addresses) is retained for the lifetime of your account to support abuse detection and creator analytics.
Msh is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
We reserve the right to modify this policy at any time as our product evolves. Significant changes will be communicated through the msh.audio website. Continued use of Msh after changes constitutes acceptance of the updated policy. If you do not agree with the revised policy, your sole remedy is to stop using Msh and delete your account.
For privacy-related questions or requests, contact hello@nlock.studio.