Privacy Policy
How Msh handles your data
Last updated: February 24, 2026
Who we are
Msh is a VST3/AU audio plugin developed by Nlock Ltd, a company registered in England and Wales. Nlock Ltd is the data controller for the personal data described in this policy. This policy covers the Msh plugin, the msh.audio website, and any related services.
Nlock Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.
Contact: hello@nlock.studio
Data stored locally on your computer
Msh stores data locally on your machine to provide a better experience. This includes basic system and session information so Msh can optimize performance for your setup, a catalog of your installed plugins so you can browse and load them, usage data so we can understand which features are working well, and diagnostic data to help us investigate crashes.
This data stays on your device and is never sent to our servers unless you explicitly opt in to a feature that requires it. You can delete it at any time by removing the Msh data folder.
Legal basis: legitimate interest in providing a functional, performant product.
Data sent to our servers
Account and authentication
When you create an account or log in, we process your email address, name, authentication credentials, and your IP address. Your IP address is stored with your account record so we can detect suspicious login activity and protect your account.
Legal basis: performance of a contract (providing the service you signed up for).
Marketing emails
During account creation, you can opt in to receive marketing emails about Msh product updates and announcements. This is off by default and requires your explicit consent. You can change this preference at any time in Settings.
Legal basis: consent. You can withdraw consent at any time via Settings or by contacting us.
Anonymous product analytics
To understand how Msh is used and where to focus improvements, we collect anonymous, aggregate usage data. This includes general information about your system environment, session duration, and which features are used. None of this data can identify you or is linked to your account in any way.
Legal basis: legitimate interest in understanding product usage to improve Msh.
Plugin library sync (opt-in)
Msh can sync your plugin library to your account so we can suggest compatible Meshes and filter the Mesh library to show only Meshes you can actually load. This feature is off by default and requires your explicit consent. We only sync the minimum information needed for compatibility matching (plugin names, vendors, and formats). We do not send file paths or any data unrelated to this feature.
You can disable this at any time in Settings, which immediately stops syncing and deletes your plugin data from our servers.
Legal basis: consent.
Crash reports (opt-out)
When Msh crashes, we can send a diagnostic report to help us identify and fix the issue. This is on by default, but you can disable it in Settings at any time. Crash reports contain only technical diagnostic data needed to reproduce the problem.
Legal basis: legitimate interest in maintaining software stability.
Cookies
The msh.audio website uses the following cookies:
- msh_session: an authentication cookie that keeps you logged in. This is an essential cookie required for the website to function. It expires after 7 days.
We do not use any advertising, tracking, or analytics cookies.
Website and third-party services
The msh.audio website uses cookie-free analytics to measure traffic. We use Sentry for error monitoring on both the website and the API. Sentry may receive technical error data (stack traces, browser/OS version, request URLs) but does not receive personally identifiable information such as IP addresses or user credentials.
Our third-party service providers are:
- Cloudflare (hosting, edge compute, R2 file storage)
- Sentry (error monitoring)
- Neon (database hosting)
Some of these services process data in the United States. Where data is transferred outside the United Kingdom, we rely on UK International Data Transfer Agreements (IDTAs) or the provider's UK data protection addendum incorporating standard contractual clauses.
We do not sell your personal data to anyone. We may share anonymous, aggregate statistics (such as overall plugin popularity) with partners, but this data can never identify individual users.
Your rights
Under UK GDPR, you have the right to:
- Access the data we hold about you
- Delete your account and all associated data
- Export a copy of your data by requesting it via email
- Rectification of inaccurate personal data
- Withdraw consent for marketing emails, plugin sync, or crash reports at any time via Settings
- Object to processing based on legitimate interest
- Complain to the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have been violated
To exercise any of these rights, email hello@nlock.studio. We will respond within 30 days.
Data retention
Account data is retained for the lifetime of your account. When you delete your account, all associated server-side data is deleted, including your profile, published Meshes, and authentication tokens. Data that has already been captured in anonymized, aggregate form (such as analytics or error reports that do not contain personal data) is not affected by account deletion. Anonymous analytics cannot be deleted because they are not linked to you.
Children
Msh is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this policy
We reserve the right to modify this policy at any time as our product evolves. Significant changes will be communicated through the msh.audio website. Continued use of Msh after changes constitutes acceptance of the updated policy. If you do not agree with the revised policy, your sole remedy is to stop using Msh and delete your account.
Contact
For privacy-related questions or requests, contact hello@nlock.studio.