Legal

Privacy Policy

Effective July 12, 2026

This Privacy Policy explains how Mesitelab (“Mesitelab”, “we”, “us”) collects, uses, and protects information when you use Mesite, our agentic demand orchestration platform, and the website at mesitelab.com (together, the “Service”). If you have any questions, contact us at hello@mesitelab.com.

Information we collect

  • Account information. When you create an account or sign in, we collect your name and email address. If you sign in with Google, Google shares your name, email address, and profile image with us so we can create and identify your account. We never receive your Google password.
  • Workspace content. The requests, request types, comments, approvals, and related records you and your team create in the Service. This content belongs to your organization.
  • Usage and device data. Basic technical information such as log records, IP address, and browser type, used to operate and secure the Service.
  • Cookies. We use strictly necessary cookies to keep you signed in and to run the Service. We do not use advertising cookies.

How we use information

  • To provide, maintain, and secure the Service.
  • To authenticate you and keep your session active.
  • To route requests and send you notifications about their status.
  • To respond to your messages and support requests.
  • To comply with legal obligations and prevent abuse.

We do not sell your personal information, and we do not use your workspace content to train models outside the operation of your own Service.

Service providers

We rely on a small set of trusted providers to run the Service, and we share only what is needed for each to do its job:

  • Supabase and Stytch for authentication and account management.
  • Google when you choose to sign in with Google.
  • Neo4j Aura for the system of record that stores your workspace data.
  • Vercel and Cloudflare for hosting and delivery.
  • Resend for transactional email such as notifications.

Each provider processes information on our behalf under its own security and privacy commitments.

Data storage and security

Your organization’s data is stored behind structural tenant isolation, so one organization cannot access another’s data. Approvals and status changes are recorded in an append-only audit trail. We use industry-standard measures to protect information, though no method of transmission or storage is completely secure.

Data retention

We keep your information for as long as your account is active or as needed to provide the Service. When you close your account, we delete or de-identify your personal information within a reasonable period, except where we must retain it to meet legal obligations.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information. To exercise these rights, email hello@mesitelab.com and we will respond as required by applicable law.

Google user data

When you sign in with Google, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We request only your basic profile and email so we can create and identify your account, and we do not transfer or use that data for any other purpose.

Children

The Service is not directed to children under 16, and we do not knowingly collect their information.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date above and, for material changes, provide a more prominent notice.

Contact us

Mesitelab, hello@mesitelab.com.