Meishi

The Problem: 70% of B2B contacts become outdated within a year. When someone changes their email, phone, or job, you're left with stale data. Meanwhile, your contact information lives in centralized databases controlled by Big Tech, vulnerable to breaches and misuse.

How Meishi Works: Create a digital profile with your contact information. When you update it, changes automatically sync to everyone you've authorized. No manual updates needed. If you change companies or get a new email, your contacts get the update instantly.

Privacy-by-Design:
- P2P synchronization using Signal Protocol for end-to-end encryption
- Private data never stored on centralized servers
- Client-server architecture only for public search
- Grant and revoke access to your information anytime
- Zero data monetization—you own your data 100%

Key Features:
- Automatic contact updates across your network
- End-to-end encrypted private information
- User-controlled access permissions
- GDPR/CPRA compliant by design
- Cross-platform (iOS + Android coming soon)

Why Now: Privacy software market growing at 35.5% CAGR. GDPR fines reached $7.92B in 2025. Major data breaches (Yahoo: 3B users, Marriott: 500M, Equifax: 147.9M) prove centralized databases are honeypots for attackers.

Mission: Reverse the balance of power in data ownership. Instead of Big Tech controlling billions of contact databases, users should have sovereignty over their own information. Here you can read our manifesto.

Founders: Built by a two-person team with 20+ years combined experience in software architecture and design. We're solving our own pain point: the frustration of outdated contacts and lack of privacy control.

Below is a series of FAQs that may be asked about the project. Thank you all for your attention, and please feel free to leave a comment if you have any further questions. I will respond as soon as possible.

How does P2P synchronization work without central servers?

Meishi uses a hybrid architecture. Private data is synchronized directly between devices using the Signal Protocol for end-to-end encryption. The server only intervenes to facilitate initial peer discovery and public profile searches. Once the P2P connection is established, private data never passes through central servers. It is based on the same architectural principles as modern peer-to-peer systems, but it is not a clone or a direct re-implementation of the Pear/Keet stack. It is similar in terms of direct connection, absence of centralized storage, and end-to-end encryption. It differs in that Meishi is not a general-purpose messaging system, the topology is much simpler and more intentional, we are not aiming for a global mesh network but for contextual and targeted P2P connections between devices that really need to synchronize. Privacy-by-design approach and not infrastructure-free at all costs: a fallback server is necessary to ensure reliability or compatibility, but its use never becomes a data collection point.

What happens if a user is offline when I update my data?
The system implements a distributed synchronization queue. When the recipient comes back online, they automatically receive pending updates through the encrypted P2P channel. No manual action is required by either user.

How do you manage data backup if everything is P2P?
Meishi backup is not a traditional copy of user data or contact information. The encrypted backup, with keys controlled exclusively by the user, contains only the list of their connections and, for each of these, the list of data to which they have been granted access. This makes the backup secure even in the event of a breach. Users can back up manually by saving it to their device or upgrade to the Premium version of Meishi, which includes automatic encrypted backup. Even in the latter case, no one, including us at Meishi, can access the data because, as mentioned at the beginning, it is not included in the backup and no one except the user has the private key. With regard to the private key, I would like to emphasize that we do not make or provide any kind of backup of it. And we never will. We provide the user with a seed phrase, and it is their responsibility to back it up independently. If the user loses their private key, we cannot intervene in any way to help them recover it.

Which cryptographic protocol do you use?
We implement the Signal Protocol for end-to-end encryption of private data. This protocol provides forward secrecy and cryptographic deniability. Encryption keys are generated and managed locally on users' devices, never on servers.

How do you ensure GDPR compliance without access to data?
Privacy-by-design architecture ensures GDPR compliance by design. Users directly control who accesses their data and can revoke access at any time. The system records all access permissions but does not store the personal data itself. For business APIs, we implement explicit opt-in and instant revocation mechanisms.

Will you make the project open-source?
The answer to this question is neither yes nor no, but the choice we made for Meishi is hybrid. The following list will only be implemented when we release the app, not in the MVP phase:

- Core P2P sync engine: Open source (AGPL v3)
- Client app (iOS/Android): Open source
- Server infrastructure & API: Proprietary
- Business logic: Proprietary
- Licensing model: AGPL v3 for the core, MIT for utilities