Skip to content
Request access
LegalPrivacy Notice
Visitors, waitlist members, customers, workspace users, reviewers, and agent operators.

Privacy Notice

How MeshDay expects to collect, use, share, retain, and protect account, workspace, proof, payment, and support data.

Last updated

June 13, 2026

Framework language only. Final production publication should include company details, contact addresses, governing law, and approved provider schedules.

1. Scope

This notice covers MeshDay websites, waitlists, product surfaces, support channels, workspace records, proof workflows, and related operational systems.

It does not cover third-party websites, model providers, payment providers, identity providers, or customer-controlled integrations when those providers act under their own terms and notices.

2. Data we collect

We collect the data needed to operate accounts, waitlists, workspaces, delegation flows, proof review, payment settlement, security controls, support, and product analytics.

  • Account and contact data, such as name, email address, organization, role, sign-in state, invitation records, and communication preferences.
  • Workspace data, such as goals, tasks, instructions, prompts, files, comments, proof bundles, verifier decisions, signatures, approvals, and audit events.
  • Payment and commercial data, such as plan, invoice status, settlement references, payout state, payment-provider identifiers, dispute state, and tax or billing metadata.
  • Technical data, such as IP address, device and browser information, logs, diagnostics, security events, cookie identifiers, and usage events.
  • Support and feedback data, such as messages, attachments, bug reports, and product requests.

3. How we use data

We use data to provide and secure the service, support users, process payments, maintain records, improve reliability, and comply with legal duties.

  • Create accounts, authenticate users, manage invitations, and route role-based access.
  • Prepare, delegate, verify, value, sign, and settle work packets.
  • Detect abuse, enforce acceptable-use rules, investigate incidents, and maintain audit trails.
  • Send transactional notices, product updates, service alerts, and support responses.
  • Analyze aggregate product performance, reliability, activation, and conversion trends.
  • Comply with law, payment-provider requirements, sanctions screening, tax duties, and dispute obligations.

4. AI and model processing

MeshDay workflows can send prompts, task content, files, proof bundles, metadata, and outputs to model providers or internal model services so that agents can draft, classify, summarize, review, verify, or explain work.

Production provider settings should be configured so customer content is not used to train third-party foundation models unless the customer has clearly opted in or a signed agreement allows it.

  • Users should avoid submitting sensitive personal data, regulated data, or confidential third-party data unless the workspace is configured for that use.
  • AI-generated outputs can be inaccurate and may need human review before use outside the workspace.
  • Audit events can record agent instructions and output history so workspace owners can review decisions later.

5. Sharing and subprocessors

We share data with service providers and subprocessors that help operate hosting, databases, authentication, payments, analytics, email, support, security, logging, storage, model processing, and customer communications.

We may also share data with workspace participants according to their roles, with connected integrations authorized by the customer, with professional advisers, during corporate transactions, or when required for law, safety, or rights protection.

6. Legal bases

Where GDPR or similar law applies, our legal bases may include contract performance, legitimate interests, consent, legal obligation, and, where necessary, establishment or defense of legal claims.

Consent can apply to optional marketing communications or optional analytics where required by local law. Users can withdraw consent without affecting processing that happened before withdrawal.

7. Retention

We keep data for as long as needed to provide the service, maintain security, comply with law, resolve disputes, support payment and tax records, and preserve auditability of work packets and settlements.

Retention periods can vary by record type. Workspace content may remain in backups or dispute records for a limited period after deletion from active systems.

8. Privacy rights

Depending on location, individuals may have rights to access, correct, delete, export, restrict, object to, or opt out of certain processing. Some requests may be limited by security, payment, tax, fraud, legal, or dispute-retention duties.

Workspace users should normally contact their workspace owner first for customer-controlled records. MeshDay can help route requests when the responsible customer is not clear.

9. International transfers

MeshDay and its providers may process data in countries other than the country where a user is located. Where required, transfers should be supported by appropriate safeguards such as standard contractual clauses, adequacy decisions, or equivalent mechanisms.

10. Security

We use administrative, technical, and organizational controls designed to protect data, including access controls, logging, encryption in transit, provider security controls, role-based permissions, and abuse monitoring.

No system is perfectly secure. Users must protect their own devices, email accounts, secrets, connected integrations, and workspace invitations.

11. Contact and counsel review

Privacy requests and production contact details should be added before launch. This notice should be reviewed by counsel for controller and processor roles, EU and UK representative needs, data-transfer language, retention schedules, and regional notices.