Problem:ย Contact management currently operates on a broken model. Users distribute their contact information across hundreds of platforms and databases without maintaining any record of who has what data. When contact information changes, users must manually update each platform and notify each contact individually. Meanwhile, centralized platforms monetize user data through advertising and third-party sales, creating privacy violations and data breach vulnerabilities.
Solution:ย Meishi reverses the data control paradigm by implementing privacy-by-design architecture. Users maintain a single digital profile that serves as the source of truth for their contact information. When users update their data, changes sync automatically to all authorized connections through encrypted P2P channels.
The system separates private data synchronization from public search. Private information never touches centralized servers, syncing directly between users via the Signal Protocol. Public profile data uses minimal client-server architecture only for network search functionality. Users control exactly who can access their data and can revoke permissions at any time.
Key differentiators:ย Unlike traditional contact apps, Meishi provides zero-knowledge architecture where the platform cannot access user data. Unlike social media, the focus remains purely on contact information without content feeds or engagement algorithms. Unlike CRM systems, updates happen automatically without manual data entry.
Market validation:ย The privacy software market grows at 35.5% CAGR. Truecaller demonstrates 450M MAU demand for contact management at scale. GDPR fines reached $7.92B in 2025, proving regulatory pressure. Major data breaches affecting billions of users show the failure of centralized data storage.
Revenue model:ย Individual users access freemium tier with premium upgrade for advanced features. Businesses pay per-lead API pricing for GDPR-compliant contact access. Zero revenue from data monetization or advertising. Users own their data completely.
Team background:ย Technical lead has expertise in software architecture, cloud infrastructure, P2P systems, and GDPR compliance. Design lead brings UI/UX, brand strategy, and privacy-focused product design. Combined 20+ years experience in respective fields. Both founders work unpaid, building solution to their own contact management frustrations.
How does P2P synchronization work without central servers?
Meishi uses a hybrid architecture. Private data is synchronized directly between devices using the Signal Protocol for end-to-end encryption. The server only intervenes to facilitate initial peer discovery and public profile searches. Once the P2P connection is established, private data never passes through central servers. It is based on the same architectural principles as modern peer-to-peer systems, but it is not a clone or a direct re-implementation of the Pear/Keet stack. It is similar in terms of direct connection, absence of centralized storage, and end-to-end encryption. It differs in that Meishi is not a general-purpose messaging system, the topology is much simpler and more intentional, we are not aiming for a global mesh network but for contextual and targeted P2P connections between devices that really need to synchronize. Privacy-by-design approach and not infrastructure-free at all costs: a fallback server is necessary to ensure reliability or compatibility, but its use never becomes a data collection point.
What happens if a user is offline when I update my data?
The system implements a distributed synchronization queue. When the recipient comes back online, they automatically receive pending updates through the encrypted P2P channel. No manual action is required by either user.
Login to post a comment.
Meishi backup is not a traditional copy of user data or contact information. The encrypted backup, with keys controlled exclusively by the user, contains only the list of their connections and, for each of these, the list of data to which they have been granted access. This makes the backup secure even in the event of a breach. Users can back up manually by saving it to their device or upgrade to the Premium version of Meishi, which includes automatic encrypted backup. Even in the latter case, no one, including us at Meishi, can access the data because, as mentioned at the beginning, it is not included in the backup and no one except the user has the private key. With regard to the private key, I would like to emphasize that we do not make or provide any kind of backup of it. And we never will. We provide the user with a seed phrase, and it is their responsibility to back it up independently. If the user loses their private key, we cannot intervene in any way to help them recover it.
Login to post a comment.
We implement the Signal Protocol for end-to-end encryption of private data. This protocol provides forward secrecy and cryptographic deniability. Encryption keys are generated and managed locally on users' devices, never on servers.
How do you ensure GDPR compliance without access to data?
Privacy-by-design architecture ensures GDPR compliance by design. Users directly control who accesses their data and can revoke access at any time. The system records all access permissions but does not store the personal data itself. For business APIs, we implement explicit opt-in and instant revocation mechanisms.
Will you make the project open-source?
The answer to this question is neither yes nor no, but the choice we made for Meishi is hybrid. The following list will only be implemented when we release the app, not in the MVP phase:
- Core P2P sync engine: Open source (AGPL v3)
- Client app (iOS/Android): Open source
- Server infrastructure & API: Proprietary
- Business logic: Proprietary
- Licensing model: AGPL v3 for the core, MIT for utilities
Login to post a comment.
How Meishi Works: Create a digital profile with your contact information. When you update it, changes automatically sync to everyone you've authorized. No manual updates needed. If you change companies or get a new email, your contacts get the update instantly.
Privacy-by-Design:
- P2P synchronization using Signal Protocol for end-to-end encryption
- Private data never stored on centralized servers
- Client-server architecture only for public search
- Grant and revoke access to your information anytime
- Zero data monetizationโyou own your data 100%
Key Features:
- Automatic contact updates across your network
- End-to-end encrypted private information
- User-controlled access permissions
- GDPR/CPRA compliant by design
- Cross-platform (iOS + Android coming soon)
Why Now: Privacy software market growing at 35.5% CAGR. GDPR fines reached $7.92B in 2025. Major data breaches (Yahoo: 3B users, Marriott: 500M, Equifax: 147.9M) prove centralized databases are honeypots for attackers.
Mission: Reverse the balance of power in data ownership. Instead of Big Tech controlling billions of contact databases, users should have sovereignty over their own information. Here you can read our manifesto.
Founders: Built by a two-person team with 20+ years combined experience in software architecture and design. We're solving our own pain point: the frustration of outdated contacts and lack of privacy control.
Login to post a comment.