MelMat™ is a B2B SaaS research intelligence platform operated by Via Logixs LLC, a Florida limited liability company doing business as MelMat™. We are based in Tampa, Florida.

In processing Customer Data on your behalf, MelMat acts as a "service provider" or "data processor" as those terms are defined under applicable U.S. state privacy laws. You, as the subscribing entity, are the "controller" or "business" with respect to Customer Data.

• To authenticate your identity and manage your session via magic link login
• To process and return AI research synthesis in response to your queries
• To deliver M² Chat and Dig Deeper conversational responses, and to store your chat history for retrieval inside your account
• To track query usage against your subscription cap and enforce tier limits
• To send transactional emails (welcome emails, magic links, cap warnings, brief delivery)
• To maintain legally required records of TOS acceptance as described in our Terms of Service, Section 2.2
• To manage billing and subscription lifecycle in coordination with Stripe
• To maintain platform security and prevent abuse
• To improve platform performance using aggregated, de-identified Derived Data only

We do not use Customer Data for marketing profiling, behavioral advertising, or sale to third parties.

MelMat does not sell your data. We share Customer Data only with the following categories of sub-processors, strictly for the purpose of delivering the platform:

• Anthropic, OpenAI, Google (Vertex AI), Perplexity, Mistral, Together.ai, xAI — AI model providers that process your queries to generate research outputs and chat responses. Queries are transmitted over encrypted connections and are subject to each provider's data processing terms. None of these providers use your data to train their models on the API tiers used by MelMat.
• Airtable — Database platform used to store client records, session data, and query metadata.
• Stripe — Payment processor. MelMat does not store or access payment card data. Stripe's privacy policy governs payment data.
• Resend — Transactional email provider used to deliver magic links, welcome emails, and research briefs.
• Brave Search — Web search provider used to enrich research queries with live web context.
• Amazon Web Services (AWS) — Cloud infrastructure provider hosting the platform on EC2 in the US-East region.

Enterprise customers may request a full sub-processor list by contacting [email protected].

MelMat maintains a written Information Security Program that includes, at minimum:

• Encryption of Customer Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)
• Access controls limiting Customer Data access to authorized personnel on a need-to-know basis
• Magic link authentication — no passwords are stored or transmitted
• Logging and audit trails for platform access and AI Output generation
• Annual security review and, upon request, SOC 2 Type II report or equivalent security documentation

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact [email protected] immediately.

Customer Data is retained for the duration of your active Subscription. Upon account termination or your written request, MelMat will delete or return Customer Data within thirty (30) days, except as required to be retained by law or for pending legal proceedings.

M² Chat and Dig Deeper conversations are stored solely to provide your chat history feature. You may delete an individual chat at any time using the delete control inside the platform. Deleted chats are removed from active storage immediately and purged from backups within thirty (30) days. All remaining chat content is deleted within thirty (30) days of account termination.

TOS acceptance records are retained for a minimum of seven (7) years as required under the E-SIGN Act and applicable law.

Derived Data (aggregated, anonymized operational metrics) may be retained indefinitely in de-identified form.

To request deletion of your data, email [email protected] with the subject line "DATA DELETION REQUEST."

Users shall not submit to the Platform any of the following without explicit written authorization from MelMat:

• Protected Health Information (PHI) as defined under HIPAA (45 C.F.R. § 160.103) without an executed Business Associate Agreement
• Payment card data subject to PCI-DSS
• Social Security Numbers, government-issued identification numbers, or financial account credentials
• Biometric data as defined under CCPA/CPRA or applicable state law
• Children's data subject to COPPA or any data relating to individuals under age 18 (the platform is restricted to users 18 or older — see Section 1.1)

Submission of prohibited data in violation of this section may result in immediate account suspension and termination.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right to Access — Request a copy of the personal data we hold about you
• Right to Correction — Request correction of inaccurate personal data
• Right to Deletion — Request deletion of your personal data, subject to legal retention obligations
• Right to Portability — Request your data in a structured, machine-readable format
• Right to Opt-Out — Opt out of any sale or sharing of personal data (MelMat does not sell personal data)
• Right to Non-Discrimination — Exercise your privacy rights without receiving discriminatory treatment

To exercise any of these rights, contact [email protected]. We will respond within the timeframe required by applicable law (generally 30–45 days).

MelMat acts as a service provider or data processor under the following state privacy frameworks and processes Customer Data only as directed by User:

• California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Cal. Civ. Code § 1798.100 et seq.
• Virginia Consumer Data Protection Act (VCDPA), Va. Code § 59.1-575 et seq.
• Colorado Privacy Act (CPA), C.R.S. § 6-1-1301 et seq.
• Texas Data Privacy and Security Act (TDPSA), Tex. Bus. & Com. Code § 541.001 et seq.
• Florida Information Protection Act (FIPA), § 501.171, Fla. Stat.

Users who are themselves "controllers" or "businesses" under these laws bear primary responsibility for ensuring that their collection and submission of data to the Platform complies with applicable privacy law.

For enterprise customers and any User who submits personal data of third parties to the Platform, MelMat will make available a standard Data Processing Agreement (DPA) upon written request. The DPA addresses: data subject rights, sub-processor disclosure, international data transfers, security obligations, breach notification, and data deletion.

Users subject to GDPR obligations due to serving EU-based clients should request the DPA addendum containing Standard Contractual Clauses (SCCs).

To request a DPA, email [email protected] with the subject line "DPA REQUEST."

In the event of a data security breach affecting Customer Data, MelMat will provide notification consistent with applicable state breach notification laws, including Florida's 30-day notification requirement under FIPA (§ 501.171(3), Fla. Stat.) and other applicable state statutes.

Notifications will be sent to the email address on file for your account. Enterprise customers with a DPA in place will receive notification per the terms of that agreement.