← Back to Home

Privacy Policy

Effective Date: January 26, 2026

1. Introduction

MeshGuard ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI agent governance platform and related services (collectively, the "Service") available at meshguard.app.

This policy applies to all users of the Service, including those in the European Union (EU) and European Economic Area (EEA). We process personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

MeshGuard acts as the data controller for personal data collected through the Service. For questions about data processing, contact us at:

MeshGuard
Email: contact@meshguard.app

3. Information We Collect

3.1 Account Information

When you register for the Service, we collect your name, email address, organization name, billing information, and any other details you provide during account creation.

3.2 Agent Data

We process data you submit related to your AI agents, including agent configurations, behavioral policies, execution parameters, metadata, and governance rules. You control what Agent Data is submitted to the Service.

3.3 Audit Logs

The Service automatically generates audit logs that record agent activity, policy enforcement events, access events, administrative actions, and API calls. These logs may contain timestamps, user identifiers, IP addresses, agent identifiers, and action descriptions.

3.4 API Usage Data

When you interact with our API, we collect request metadata including API key identifiers (but not the keys themselves), endpoints accessed, request timestamps, response codes, and rate limit consumption.

3.5 Technical and Usage Data

We automatically collect device information, browser type, operating system, IP address, pages visited, features used, session duration, and referral sources through cookies and similar technologies.

4. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases as defined by Article 6 of the GDPR:

  • Performance of a contract: Processing necessary to provide the Service under our Terms of Service, including account management, agent governance, and audit logging.
  • Legitimate interests: Processing for service improvement, security, fraud prevention, and analytics, where our interests are not overridden by your rights.
  • Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings.
  • Consent: Where required, we obtain your explicit consent for specific processing activities, such as marketing communications. You may withdraw consent at any time.

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and enforce agent governance policies
  • Generate and store audit logs for compliance purposes
  • Authenticate users and manage API key access
  • Monitor and enforce API usage limits
  • Send transactional communications (e.g., alerts, reports)
  • Improve the Service through analytics and research
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Provide customer support and respond to your inquiries

6. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • Account information: Retained for the duration of your account and thirty (30) days after deletion, unless required by law.
  • Agent Data: Retained for the duration of your subscription. Upon account termination, Agent Data is deleted within thirty (30) days unless you request an export.
  • Audit logs: Retention period depends on your subscription plan (ranging from 30 days to unlimited). Upon account termination, audit logs are retained for thirty (30) days and then permanently deleted.
  • API usage data: Retained for up to twelve (12) months for analytics and abuse prevention purposes.
  • Technical and usage data: Retained for up to twenty-four (24) months in aggregated or anonymized form.

7. API Keys and Credentials

API keys are generated and managed through the Service. We store API key hashes — never plaintext keys — using industry-standard cryptographic methods. You are responsible for the secure storage and handling of your API keys.

API key usage is logged for security and billing purposes. We record the key identifier, timestamp, endpoint accessed, and source IP address. You may revoke API keys at any time through the dashboard, and revoked keys are immediately invalidated.

8. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service providers: Third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, analytics), subject to contractual data protection obligations.
  • Legal requirements: When required by law, regulation, legal process, or enforceable governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to this Privacy Policy.
  • With your consent: We may share data with third parties when you have given explicit consent.

9. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States. When transferring personal data from the EU/EEA, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission for the destination country
  • Data processing agreements with all sub-processors that include equivalent protections

10. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights under the GDPR:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint: File a complaint with a supervisory authority in your EU member state.

To exercise any of these rights, contact us at contact@meshguard.app. We will respond within thirty (30) days.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Regular security assessments and penetration testing
  • Role-based access controls and least-privilege principles
  • Automated monitoring and alerting for anomalous activity
  • Incident response procedures with defined notification timelines

While we take commercially reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage. Categories include:

  • Essential cookies: Required for the Service to function (e.g., authentication, session management). These cannot be disabled.
  • Analytics cookies: Help us understand how the Service is used. You may opt out via your browser settings or our cookie preferences.

We do not use advertising or third-party tracking cookies.

13. Sub-Processors

We engage trusted sub-processors to help deliver the Service. A current list of sub-processors is available upon request. We notify customers of any changes to our sub-processor list at least thirty (30) days in advance, and you may object to new sub-processors in accordance with our Data Processing Agreement.

14. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least thirty (30) days before taking effect. The "Effective Date" at the top of this page indicates when the policy was last revised.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MeshGuard
Email: contact@meshguard.app
Web: meshguard.app

For GDPR-related inquiries, you may also contact your local data protection authority.

© 2026 MeshGuard. All rights reserved.